Avatar billede rasm_ar Nybegynder
11. juli 2009 - 08:07 Der er 14 kommentarer og
1 løsning

hotmail

Er der brugere, der anvender hotmail, der har været udsat for forstyrelser her på det sidste. For nogle dage siden var min forside pludselig på et for mig ukendt sprog (østeuropæisk vil jeg tro).Under opstart af min pc kan jeg på min firewall se, at Ukraine er et land under active connection. Nu har jeg bl.a. Skype, som starter automatisk ved opstart med en del forskellige lande, meeen Ukraine!!! Så blive jeg nervøs, håber det er ubegrundet. Er der brugere, som kan hjælpe (berolige)?
11. juli 2009 - 10:06 #1
Win98, ME, W2000, XP, Vista, Win7, ... ?
11. juli 2009 - 10:07 #2
... hvis der er 'et eller andet' Ukraine halløj som din PC gerne vil i kontakt med så ->

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------
Avatar billede rasm_ar Nybegynder
11. juli 2009 - 10:17 #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:26, on 11-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Tall Emu\Online Armor\OAui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: asgupd32.exe
O4 - Startup: fmnupd32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: icwsetup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245364712421
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Tjenesten Google Update (gupdate1c9f05e718c3198) (gupdate1c9f05e718c3198) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 9566 bytes
Avatar billede rasm_ar Nybegynder
12. juli 2009 - 22:26 #4
Har jeg lavet noget forkert, siden jeg ikke hører noget? Jeg anvender IE 8 og anvender Online Armor Firewall og Ccleaner. Det var under opstart, at jeg på Online Armor kunne se, at Ukraine dukkede op. Jeg vil sætte meget stor pris på din hjælp, idet jeg selv ikke ved mine levende råd.
På forhånd mange tak.
13. juli 2009 - 19:36 #5
Ekspertens E-mail system har brækket sig om til Weekenden - først (lidt) på banen her i løbet af idag/aften...

Du bør på ingen måde lade noget [Ukraine] halløj slippe igennem...

Hvad siger [SUPERAntiSpyware] som du allerede her ?

Ta' evt. et tur med ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede rasm_ar Nybegynder
13. juli 2009 - 21:30 #6
ComboFix 09-07-13.01 - HP_Administrator 13-07-2009 21:08.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1033.18.2047.1499 [GMT 2:00]
Kører fra: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1193932861
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\cg.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\mw.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\rd.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\sc.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\sm.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\dbases\sp.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\keys\cg.key
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\keys\rd.key
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\keys\sc.key
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\keys\sp.key
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\temp\settings.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PCenter\temp\spfilter
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\documents and settings\HP_Administrator\Application Data\wiaservg.log
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\asgupd32.exe
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\fmnupd32.exe
c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-1627062363-1581512972-1185774514-1006
c:\recycler\S-1-5-21-3682155326-2241011222-1889729146-1006
c:\recycler\S-1-5-21-8126760146-1896922711-761943508-8475
c:\recycler\S-1-5-21-829429260-3027775904-3239410518-1006
c:\windows\dhcp
c:\windows\Install.txt
c:\windows\Installer\109764.msp
c:\windows\Installer\109773.msp
c:\windows\Installer\109910.msp
c:\windows\Installer\109917.msp
c:\windows\Installer\109922.msp
c:\windows\Installer\10992d.msp
c:\windows\Installer\1257afb.msp
c:\windows\Installer\129722d.msp
c:\windows\Installer\1310c.msi
c:\windows\Installer\164589.msp
c:\windows\Installer\1695dc.msi
c:\windows\Installer\16ee10a.msi
c:\windows\Installer\17abadc.msp
c:\windows\Installer\18bcb9b.msp
c:\windows\Installer\19c0aba.msp
c:\windows\Installer\1a7f72.msp
c:\windows\Installer\1b2a5b0.msi
c:\windows\Installer\1b2a5b4.msi
c:\windows\Installer\1b2a5aa.msi
c:\windows\Installer\1bdcf8e.msi
c:\windows\Installer\1bdcfaf.msi
c:\windows\Installer\1e029.msi
c:\windows\Installer\1e03d.msi
c:\windows\Installer\1e04c.msi
c:\windows\Installer\1e078.msi
c:\windows\Installer\1e07e.msi
c:\windows\Installer\1e087.msi
c:\windows\Installer\1e2e41.msp
c:\windows\Installer\2155468.msp
c:\windows\Installer\22595c.msi
c:\windows\Installer\225968.msi
c:\windows\Installer\22fe4f2.msi
c:\windows\Installer\276023.msp
c:\windows\Installer\277dba0.msi
c:\windows\Installer\2797d4.msi
c:\windows\Installer\2904cb.msp
c:\windows\Installer\2944e9.msi
c:\windows\Installer\29d033.msi
c:\windows\Installer\2bfaa24.msp
c:\windows\Installer\2bfaa3a.msp
c:\windows\Installer\2d51bc.msi
c:\windows\Installer\2d51c2.msi
c:\windows\Installer\2d51c8.msi
c:\windows\Installer\2d51ce.msi
c:\windows\Installer\2d51d7.msi
c:\windows\Installer\2d51dd.msi
c:\windows\Installer\2d51e3.msi
c:\windows\Installer\2d51e9.msi
c:\windows\Installer\2d51ef.msi
c:\windows\Installer\2d51f6.msi
c:\windows\Installer\2d51fc.msi
c:\windows\Installer\2d5202.msi
c:\windows\Installer\2d5208.msi
c:\windows\Installer\2d520e.msi
c:\windows\Installer\2d5214.msi
c:\windows\Installer\2d522f.msi
c:\windows\Installer\2d5242.msi
c:\windows\Installer\2d5247.msi
c:\windows\Installer\2f76a2.msp
c:\windows\Installer\307ad8.msi
c:\windows\Installer\307aef.msp
c:\windows\Installer\307b06.msp
c:\windows\Installer\307b1d.msp
c:\windows\Installer\307b44.msp
c:\windows\Installer\307b5a.msp
c:\windows\Installer\307b75.msp
c:\windows\Installer\307c3c.msp
c:\windows\Installer\307c45.msp
c:\windows\Installer\307c58.msp
c:\windows\Installer\307c66.msp
c:\windows\Installer\307ca5.msp
c:\windows\Installer\307cae.msp
c:\windows\Installer\307cd4.msp
c:\windows\Installer\307ced.msp
c:\windows\Installer\307d04.msp
c:\windows\Installer\307d1b.msp
c:\windows\Installer\307d37.msp
c:\windows\Installer\307d4e.msp
c:\windows\Installer\307d67.msp
c:\windows\Installer\307d7e.msp
c:\windows\Installer\307d96.msp
c:\windows\Installer\307dae.msp
c:\windows\Installer\307dc5.msp
c:\windows\Installer\338fe.msi
c:\windows\Installer\33904.msi
c:\windows\Installer\3390d.msi
c:\windows\Installer\33917.msi
c:\windows\Installer\3391d.msi
c:\windows\Installer\33926.msi
c:\windows\Installer\348213.msp
c:\windows\Installer\34e1c54.msi
c:\windows\Installer\34e1c5a.msi
c:\windows\Installer\34e1c60.msi
c:\windows\Installer\34e1c66.msi
c:\windows\Installer\34e1c72.msi
c:\windows\Installer\34e1c78.msi
c:\windows\Installer\34e1c7e.msi
c:\windows\Installer\34e1c84.msi
c:\windows\Installer\34e1c8a.msi
c:\windows\Installer\34e1c90.msi
c:\windows\Installer\34e1c96.msi
c:\windows\Installer\34e1ca2.msi
c:\windows\Installer\34e1caf.msi
c:\windows\Installer\34e1cb5.msi
c:\windows\Installer\34e1cbb.msi
c:\windows\Installer\34e1ccc.msi
c:\windows\Installer\354bb75.msi
c:\windows\Installer\354bb81.msi
c:\windows\Installer\360628.msi
c:\windows\Installer\3948bb.msp
c:\windows\Installer\39d5f2.msi
c:\windows\Installer\39d5f3.msp
c:\windows\Installer\39d5f4.msp
c:\windows\Installer\39d5f5.msp
c:\windows\Installer\39d5f6.msp
c:\windows\Installer\39d5f7.msp
c:\windows\Installer\39d5f8.msp
c:\windows\Installer\39d5f9.msp
c:\windows\Installer\39d5fa.msp
c:\windows\Installer\39d5fb.msp
c:\windows\Installer\3ee97.msi
c:\windows\Installer\419e08.msp
c:\windows\Installer\420c24.msp
c:\windows\Installer\42212.msp
c:\windows\Installer\42228.msp
c:\windows\Installer\42241.msp
c:\windows\Installer\4225a.msp
c:\windows\Installer\42272.msp
c:\windows\Installer\4228a.msp
c:\windows\Installer\422c6.msp
c:\windows\Installer\430383.msi
c:\windows\Installer\430384.msp
c:\windows\Installer\430385.msp
c:\windows\Installer\430386.msp
c:\windows\Installer\430387.msp
c:\windows\Installer\430388.msp
c:\windows\Installer\430389.msp
c:\windows\Installer\43038a.msp
c:\windows\Installer\43038b.msp
c:\windows\Installer\43038c.msp
c:\windows\Installer\43038d.msp
c:\windows\Installer\440b24.msi
c:\windows\Installer\440b2a.msi
c:\windows\Installer\442c2d.msi
c:\windows\Installer\442c3c.msp
c:\windows\Installer\442c47.msp
c:\windows\Installer\442c53.msp
c:\windows\Installer\442c69.msp
c:\windows\Installer\442c80.msp
c:\windows\Installer\442c94.msp
c:\windows\Installer\442ca4.msp
c:\windows\Installer\442e19.msp
c:\windows\Installer\442e22.msp
c:\windows\Installer\442e2d.msp
c:\windows\Installer\442e38.msp
c:\windows\Installer\45a0bb.msi
c:\windows\Installer\47b879.msp
c:\windows\Installer\47ba9.msi
c:\windows\Installer\47bb4.msi
c:\windows\Installer\47bba.msi
c:\windows\Installer\47bc4.msi
c:\windows\Installer\4e0bc.msi
c:\windows\Installer\4e0c6.msi
c:\windows\Installer\4e0d2.msi
c:\windows\Installer\4e0d8.msi
c:\windows\Installer\4e0de.msi
c:\windows\Installer\4e0e4.msi
c:\windows\Installer\5021ea.msp
c:\windows\Installer\53eb56.msp
c:\windows\Installer\564fd3.msi
c:\windows\Installer\57260.msi
c:\windows\Installer\5e3c5.msi
c:\windows\Installer\5e3cc.msi
c:\windows\Installer\5e3d2.msi
c:\windows\Installer\5e3d8.msi
c:\windows\Installer\5e3df.msi
c:\windows\Installer\5e3e5.msi
c:\windows\Installer\5e3eb.msi
c:\windows\Installer\5e3f1.msi
c:\windows\Installer\5e3f7.msi
c:\windows\Installer\5e3fe.msi
c:\windows\Installer\5e404.msi
c:\windows\Installer\5e40a.msi
c:\windows\Installer\5e410.msi
c:\windows\Installer\5e416.msi
c:\windows\Installer\5e41c.msi
c:\windows\Installer\5e423.msi
c:\windows\Installer\5e792.msi
c:\windows\Installer\5e798.msi
c:\windows\Installer\5e7a2.msi
c:\windows\Installer\5e7ac.msi
c:\windows\Installer\5e7b2.msi
c:\windows\Installer\62dc8d.msi
c:\windows\Installer\6d65b.msi
c:\windows\Installer\6d668.msi
c:\windows\Installer\6d675.msi
c:\windows\Installer\6d67f.msi
c:\windows\Installer\6d68d.msi
c:\windows\Installer\6d697.msi
c:\windows\Installer\6d6a0.msi
c:\windows\Installer\6d6a9.msi
c:\windows\Installer\6d6b5.msi
c:\windows\Installer\6d6c2.msi
c:\windows\Installer\6d6ca.msi
c:\windows\Installer\6d6d3.msi
c:\windows\Installer\6d6dc.msi
c:\windows\Installer\6d6e9.msi
c:\windows\Installer\6d705.msi
c:\windows\Installer\6d911.msi
c:\windows\Installer\797d22.msp
c:\windows\Installer\8bdf74.msi
c:\windows\Installer\8bdf7a.msi
c:\windows\Installer\8bdfdd.msi
c:\windows\Installer\8bdfec.msi
c:\windows\Installer\8bdff2.msi
c:\windows\Installer\8bdff8.msi
c:\windows\Installer\8bdffe.msi
c:\windows\Installer\8be005.msi
c:\windows\Installer\8be010.msi
c:\windows\Installer\8be016.msi
c:\windows\Installer\8be021.msi
c:\windows\Installer\8be02d.msi
c:\windows\Installer\8be033.msi
c:\windows\Installer\8be039.msi
c:\windows\Installer\8be03f.msi
c:\windows\Installer\8be045.msi
c:\windows\Installer\8be04b.msi
c:\windows\Installer\8be051.msi
c:\windows\Installer\8be057.msi
c:\windows\Installer\8be05d.msi
c:\windows\Installer\8be069.msi
c:\windows\Installer\8be075.msi
c:\windows\Installer\8be07b.msi
c:\windows\Installer\8be086.msi
c:\windows\Installer\8be08c.msi
c:\windows\Installer\8be092.msi
c:\windows\Installer\8be098.msi
c:\windows\Installer\8be09e.msi
c:\windows\Installer\8be0a4.msi
c:\windows\Installer\8be0b0.msi
c:\windows\Installer\8be0b6.msi
c:\windows\Installer\8be0bc.msi
c:\windows\Installer\8be0c2.msi
c:\windows\Installer\8be0c8.msi
c:\windows\Installer\8be0ce.msi
c:\windows\Installer\8be0d4.msi
c:\windows\Installer\8be0da.msi
c:\windows\Installer\8be0e0.msi
c:\windows\Installer\8be0ec.msi
c:\windows\Installer\8be0f2.msi
c:\windows\Installer\8be0aa.msi
c:\windows\Installer\8ff10f.msp
c:\windows\Installer\92b7e0.msp
c:\windows\Installer\a43b53.msi
c:\windows\Installer\a9c34.msi
c:\windows\Installer\a9c45.msi
c:\windows\Installer\a9c4b.msi
c:\windows\Installer\a9c76.msi
c:\windows\Installer\afb6b.msi
c:\windows\Installer\afb75.msi
c:\windows\Installer\afb82.msi
c:\windows\Installer\afb91.msi
c:\windows\Installer\afb97.msi
c:\windows\Installer\afb9d.msi
c:\windows\Installer\b41011.msp
c:\windows\Installer\b955b0.msi
c:\windows\Installer\b955b6.msi
c:\windows\Installer\b955bc.msi
c:\windows\Installer\b955c2.msi
c:\windows\Installer\b955c8.msi
c:\windows\Installer\b955cf.msi
c:\windows\Installer\b955d5.msi
c:\windows\Installer\b955e0.msi
c:\windows\Installer\b955fc.msi
c:\windows\Installer\b955aa.msi
c:\windows\Installer\bc8ed.msi
c:\windows\Installer\bd98a.msi
c:\windows\Installer\bd997.msi
c:\windows\Installer\bd9a1.msi
c:\windows\Installer\bd9ab.msi
c:\windows\Installer\bd9b2.msi
c:\windows\Installer\bd9c7.msi
c:\windows\Installer\bd9ce.msi
c:\windows\Installer\bd9d4.msi
c:\windows\Installer\bd9e0.msi
c:\windows\Installer\bd9e7.msi
c:\windows\Installer\cc8c.msi
c:\windows\Installer\cc93.msi
c:\windows\Installer\cc99.msi
c:\windows\Installer\cc9f.msi
c:\windows\Installer\ccb6.msp
c:\windows\Installer\d76607.msp
c:\windows\Installer\dab39.msi
c:\windows\Installer\db824e.msi
c:\windows\Installer\f1ec3.msi
c:\windows\Installer\ff93c2.msi
c:\windows\Installer\ff93db.msp
c:\windows\irc.txt
c:\windows\kb913800.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-06-13 til 2009-07-13  )))))))))))))))))))))))))))))))))))
.

2009-07-07 19:07 . 2009-07-07 19:07    --------    d-----w-    c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2009-07-07 17:20 . 2009-07-07 17:20    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\Template
2009-07-03 22:50 . 2009-07-03 22:49    410984    ----a-w-    c:\windows\system32\deploytk.dll
2009-06-23 09:54 . 2009-06-23 09:54    --------    d--h--w-    c:\windows\PIF
2009-06-21 20:13 . 2009-06-21 20:13    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\vlc
2009-06-19 09:59 . 2009-06-19 09:59    1915520    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-19 05:18 . 2009-06-19 05:18    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-06-19 02:33 . 2009-06-19 19:17    --------    d-sh--r-    c:\windows\system32\dllcache
2009-06-18 22:59 . 2009-06-18 22:59    --------    d-----w-    c:\windows\system32\scripting
2009-06-18 22:59 . 2009-06-18 22:59    --------    d-----w-    c:\windows\system32\en
2009-06-18 22:59 . 2009-06-18 22:59    --------    d-----w-    c:\windows\system32\bits
2009-06-18 22:45 . 2008-04-14 00:12    20992    ------w-    c:\windows\system32\spupdwxp.exe
2009-06-18 22:44 . 2008-04-14 00:11    94208    ------w-    c:\windows\system32\eappgnui.dll
2009-06-18 22:39 . 2008-10-16 12:09    43544    ----a-w-    c:\windows\system32\wups2.dll
2009-06-18 22:06 . 2009-04-30 21:22    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2009-06-18 22:06 . 2009-04-30 21:22    1985024    ------w-    c:\windows\system32\dllcache\iertutil.dll
2009-06-18 22:06 . 2009-04-30 21:22    11064832    ------w-    c:\windows\system32\dllcache\ieframe.dll
2009-06-18 22:06 . 2009-04-30 21:22    246272    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 22:06 . 2009-05-12 05:11    102912    ------w-    c:\windows\system32\dllcache\iecompat.dll
2009-06-18 22:05 . 2009-06-18 22:06    --------    dc-h--w-    c:\windows\ie8
2009-06-18 21:57 . 2009-06-18 21:58    --------    d-----w-    C:\5f1859c873e486c06d5d44eb93b1a6ec
2009-06-18 21:56 . 2009-06-18 21:57    --------    d-----w-    C:\d4e6fd56617bf3d03af49f181e
2009-06-18 21:56 . 2009-06-18 21:57    --------    d-----w-    c:\windows\system32\drivers\UMDF
2009-06-18 21:56 . 2009-06-18 21:56    --------    d-----w-    c:\windows\system32\LogFiles
2009-06-18 21:49 . 2009-06-18 21:49    --------    d-----w-    c:\documents and settings\HP_Administrator\Local Settings\Application Data\Real
2009-06-18 21:27 . 2009-06-18 21:27    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\OnlineArmor
2009-06-18 21:27 . 2009-06-18 21:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\OnlineArmor
2009-06-18 21:18 . 2009-04-28 03:38    29776    ----a-w-    c:\windows\system32\drivers\OAnet.sys
2009-06-18 21:18 . 2009-04-28 03:02    31824    ----a-w-    c:\windows\system32\drivers\OAmon.sys
2009-06-18 21:18 . 2009-04-28 03:01    198224    ----a-w-    c:\windows\system32\drivers\OADriver.sys
2009-06-18 21:10 . 2009-03-06 14:22    284160    ------w-    c:\windows\system32\dllcache\pdh.dll
2009-06-18 21:10 . 2009-02-09 12:10    401408    ------w-    c:\windows\system32\dllcache\rpcss.dll
2009-06-18 21:10 . 2009-02-09 12:10    473600    ------w-    c:\windows\system32\dllcache\fastprox.dll
2009-06-18 21:10 . 2009-02-06 11:11    110592    ------w-    c:\windows\system32\dllcache\services.exe
2009-06-18 21:10 . 2009-02-06 10:10    227840    ------w-    c:\windows\system32\dllcache\wmiprvse.exe
2009-06-18 21:10 . 2009-02-09 12:10    453120    ------w-    c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-18 21:10 . 2009-02-09 12:10    729088    ------w-    c:\windows\system32\dllcache\lsasrv.dll
2009-06-18 21:10 . 2009-02-09 12:10    714752    ------w-    c:\windows\system32\dllcache\ntdll.dll
2009-06-18 21:10 . 2009-02-09 12:10    617472    ------w-    c:\windows\system32\dllcache\advapi32.dll
2009-06-18 21:10 . 2009-02-06 11:06    2145280    ------w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-18 21:10 . 2009-02-06 11:08    2189056    ------w-    c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-18 21:10 . 2009-02-06 10:32    2023936    ------w-    c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-18 21:09 . 2009-04-17 12:26    1847168    ------w-    c:\windows\system32\dllcache\win32k.sys
2009-06-18 21:09 . 2008-10-23 12:36    286720    ------w-    c:\windows\system32\dllcache\gdi32.dll
2009-06-18 21:04 . 2008-05-08 14:02    203136    ------w-    c:\windows\system32\dllcache\rmcast.sys
2009-06-18 21:04 . 2008-04-11 19:04    691712    ------w-    c:\windows\system32\dllcache\inetcomm.dll
2009-06-18 21:04 . 2008-06-24 16:43    74240    ------w-    c:\windows\system32\dllcache\mscms.dll
2009-06-18 21:04 . 2008-05-01 14:33    331776    ------w-    c:\windows\system32\dllcache\msadce.dll
2009-06-18 21:04 . 2008-12-11 10:57    333952    ------w-    c:\windows\system32\dllcache\srv.sys
2009-06-18 21:04 . 2008-12-05 06:54    144896    ------w-    c:\windows\system32\dllcache\schannel.dll
2009-06-18 21:04 . 2008-06-17 19:02    8461312    ------w-    c:\windows\system32\dllcache\shell32.dll
2009-06-18 21:04 . 2008-07-07 20:26    253952    ------w-    c:\windows\system32\dllcache\es.dll
2009-06-18 21:04 . 2008-10-24 11:21    455296    ------w-    c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 21:04 . 2009-05-07 15:32    345600    ------w-    c:\windows\system32\dllcache\localspl.dll
2009-06-18 19:47 . 2004-09-29 10:08    61440    ----a-w-    c:\windows\system32\HPZinw12.exe
2009-06-18 19:47 . 2007-08-09 07:27    73728    ----a-w-    c:\windows\system32\HPZipm12.exe
2009-06-18 19:47 . 2004-09-29 10:15    204800    ----a-w-    c:\windows\system32\HPZipr12.dll
2009-06-18 19:47 . 2004-09-29 10:12    278584    ----a-w-    c:\windows\system32\HPZidr12.dll
2009-06-18 19:47 . 2004-09-29 10:09    57344    ----a-w-    c:\windows\system32\HPZisn12.dll
2009-06-18 19:47 . 2004-09-29 10:09    94208    ----a-w-    c:\windows\system32\HPZipt12.dll
2009-06-18 19:45 . 2005-03-08 05:52    16496    ----a-r-    c:\windows\system32\drivers\HPZipr12.sys
2009-06-18 19:45 . 2005-03-08 05:52    51120    ----a-r-    c:\windows\system32\drivers\HPZid412.sys
2009-06-18 19:44 . 2005-03-15 20:36    77824    ----a-r-    c:\windows\system32\hpzids01.dll
2009-06-18 19:44 . 2005-05-05 06:51    37376    ----a-w-    c:\windows\system32\hpz3l3xu.dll
2009-06-18 19:43 . 2004-04-21 01:00    126976    ----a-r-    c:\windows\system32\P0630Vfw.dll
2009-06-18 19:43 . 2004-05-14 01:00    49152    ----a-r-    c:\windows\system32\P0630Hwx.dll
2009-06-18 19:43 . 2004-03-01 01:00    32768    ----a-r-    c:\windows\system32\P0630Pin.dll
2009-06-18 19:43 . 2004-01-15 01:00    20480    ----a-r-    c:\windows\system32\P0630Srv.exe
2009-06-18 19:43 . 2004-01-08 06:12    69632    ----a-r-    c:\windows\system32\P0630Sti.dll
2009-06-18 19:43 . 2003-10-03 01:05    65536    ----a-r-    c:\windows\system32\CtCamMgr.dll
2009-06-18 19:43 . 2004-04-14 04:07    91797    ----a-r-    c:\windows\system32\drivers\P0630Vid.sys
2009-06-18 19:43 . 2004-03-30 01:00    1125376    ----a-r-    c:\windows\system32\drivers\P0630Evx.sys
2009-06-18 19:42 . 2005-03-08 05:49    274432    ----a-r-    c:\windows\system32\HPZc3212.dll
2009-06-18 19:42 . 2005-03-08 05:52    21744    ----a-r-    c:\windows\system32\drivers\HPZius12.sys
2009-06-18 19:27 . 2009-06-18 19:52    89912    ----a-w-    c:\windows\hpoins06.dat
2009-06-18 19:27 . 2008-04-13 18:45    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2009-06-18 19:17 . 2006-01-02 20:58    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-06-18 19:17 . 2006-01-02 20:32    --------    d-----w-    c:\windows\system32\config\systemprofile\WINDOWS
2009-06-18 19:12 . 2001-08-17 11:48    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
2009-06-18 19:12 . 2008-04-14 00:11    21504    ----a-w-    c:\windows\system32\hidserv.dll
2009-06-18 19:12 . 2008-04-13 18:39    14592    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2009-06-18 19:12 . 2008-04-13 18:47    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2009-06-18 19:12 . 2008-04-13 18:45    10368    ----a-w-    c:\windows\system32\drivers\hidusb.sys
2009-06-18 19:12 . 2008-04-13 18:45    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2009-06-18 16:59 . 2009-06-18 16:59    43680    ----a-w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 16:59 . 2009-06-18 16:59    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\HP
2009-06-18 09:37 . 2009-06-18 09:37    --------    d-sh--w-    c:\documents and settings\HP_Administrator\IECompatCache
2009-06-17 08:59 . 2009-06-17 08:59    --------    d-sh--w-    c:\documents and settings\HP_Administrator\PrivacIE
2009-06-17 06:57 . 2009-06-17 06:57    --------    d-----w-    c:\program files\Reference Assemblies
2009-06-17 06:56 . 2009-06-17 06:56    --------    d-----w-    C:\f1d762f24eee5d43d80e
2009-06-16 16:30 . 2009-06-16 16:30    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2009-06-16 16:28 . 2009-06-16 16:28    --------    d--h--r-    C:\MSOCache
2009-06-16 15:59 . 2009-06-16 15:59    --------    d-----w-    c:\program files\MSECache
2009-06-16 12:13 . 2009-06-16 12:13    390664    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-16 09:46 . 2009-06-16 09:46    --------    d-----w-    c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 19:18 . 2009-04-07 20:24    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\Skype
2009-07-13 18:54 . 2009-06-11 20:37    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-07-13 18:54 . 2009-04-07 20:39    117760    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-10 21:24 . 2009-04-11 13:37    --------    d-----w-    c:\program files\NewsLeecher
2009-07-10 09:50 . 2009-04-13 21:20    0    ----a-w-    c:\documents and settings\HP_Administrator\temp.dat
2009-07-09 10:07 . 2009-04-07 18:51    84984    ----a-w-    c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 04:21 . 2009-04-07 20:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-07 17:38 . 2009-05-06 10:26    160    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-07-05 09:16 . 2009-04-12 06:42    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\dvdcss
2009-07-03 22:49 . 2009-04-18 10:20    152576    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-24 05:34 . 2009-04-07 20:38    --------    d-----w-    c:\program files\SUPERAntiSpyware
2009-06-20 08:48 . 2006-01-02 20:30    --------    d-----w-    c:\program files\Hewlett-Packard
2009-06-20 08:41 . 2005-01-24 08:30    139264    ----a-w-    c:\windows\system32\hpzjrd01.dll
2009-06-19 09:02 . 2005-08-31 04:01    183803    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-19 05:54 . 2006-01-02 20:31    --------    d-----w-    c:\program files\Microsoft Works
2009-06-18 23:01 . 2009-06-18 23:01    45056    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-06-18 23:01 . 2009-06-18 23:01    61440    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-06-18 23:01 . 2009-06-18 23:01    44032    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-06-18 23:01 . 2009-06-18 23:01    40960    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-06-18 23:01 . 2009-06-18 23:01    32768    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-06-18 23:01 . 2009-06-18 23:01    32768    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-06-18 23:01 . 2009-06-18 23:01    217088    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-06-18 23:01 . 2009-06-18 23:01    163840    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-06-18 23:01 . 2009-06-18 23:01    341048    ----a-w-    c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-06-18 22:30 . 2006-01-02 20:27    --------    d-----w-    c:\program files\Common Files\Real
2009-06-18 21:48 . 2003-03-19 02:14    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2009-06-18 21:48 . 2003-02-21 10:42    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2009-06-18 21:47 . 2006-01-02 20:46    --------    d-----w-    c:\program files\Google
2009-06-18 21:27 . 2006-01-02 20:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-06-18 21:27 . 2006-01-02 20:50    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2009-06-18 19:19 . 2009-06-18 19:19    1900    --sha-r-    c:\windows\system32\drivers\103C_HP_CPC_RQ389AA-UUW m7645.sc_YC_0Pavi_QCZB638_E64DKemMPA2_48_IAsterope3_SECS_V1.0_B3.19_T060905_WXP2_L409_M2048_J200_7Intel_8Pentium 4_93_#090407_N10EC8139_Z_G10DE01DD_OHL-DT-ST DVDRRW GSA-H20L_DSNY2600.MRK
2009-06-17 06:57 . 2009-04-07 20:17    --------    d-----w-    c:\program files\MSBuild
2009-06-13 08:39 . 2009-05-10 20:30    --------    d-----w-    c:\program files\Windows Live
2009-06-12 14:01 . 2009-06-12 14:01    --------    d-----w-    c:\program files\Windows Live SkyDrive
2009-06-11 20:16 . 2009-06-11 20:16    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\Cryptomathic
2009-06-11 20:15 . 2009-06-11 20:15    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-06-06 12:07 . 2009-06-06 12:07    390664    ----a-w-    c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-06 11:48 . 2009-06-06 11:48    --------    d-----w-    c:\program files\Windows Media Connect 2
2009-06-06 11:02 . 2009-06-06 08:07    --------    d-----w-    c:\program files\Common Files\Nero
2009-06-06 11:01 . 2009-04-08 10:35    --------    d-----w-    c:\program files\Nero
2009-06-06 09:14 . 2009-06-06 09:03    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\Nero
2009-06-06 08:31 . 2009-06-06 08:31    --------    d-----w-    c:\program files\Windows Sidebar
2009-06-06 08:22 . 2009-04-08 10:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Nero
2009-06-05 17:37 . 2009-06-05 17:37    84208    ----a-w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 16:16 . 2009-06-05 14:29    117760    ----a-w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 15:26 . 2009-06-05 15:26    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\OnlineArmor
2009-06-05 15:24 . 2009-06-05 14:38    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skype
2009-06-05 14:38 . 2009-06-05 14:38    --------    d-----w-    c:\program files\Common Files\Skype
2009-06-05 14:38 . 2009-04-07 20:23    --------    d-----r-    c:\program files\Skype
2009-06-05 14:38 . 2009-04-07 20:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2009-06-05 14:35 . 2009-06-05 14:35    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
2009-06-05 14:28 . 2009-06-05 14:28    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
2009-06-05 14:24 . 2009-06-05 13:54    155    ----a-w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
2009-06-05 14:18 . 2009-06-05 14:05    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\NewsLeecher
2009-06-05 13:21 . 2009-06-05 13:21    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\preetlfx
2009-06-05 13:21 . 2004-08-10 04:00    --------    d-----w-    c:\program files\Common Files\Mozilla Shared
2009-06-04 21:50 . 2009-06-04 21:50    --------    d-----w-    c:\program files\%windir%
2009-06-04 20:10 . 2009-04-07 18:43    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\HP
2009-06-04 13:14 . 2009-05-28 06:08    --------    d-----w-    c:\program files\DivX
2009-06-04 13:13 . 2009-05-28 06:08    --------    d-----w-    c:\program files\Common Files\DivX Shared
2009-05-29 18:02 . 2009-05-29 18:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-05-29 18:02 . 2009-05-29 18:02    --------    d-----w-    c:\program files\NOS
2009-05-29 04:04 . 2009-05-29 04:04    --------    d-----w-    c:\documents and settings\LocalService\Application Data\DivX
2009-05-28 06:13 . 2009-05-28 06:12    --------    d-----w-    c:\documents and settings\HP_Administrator\Application Data\DivX
2009-05-27 05:18 . 2009-05-27 05:18    --------    d-----w-    c:\program files\DanID
2009-05-26 11:40 . 2009-05-26 11:40    --------    d-----w-    c:\program files\JavaFX
2009-05-26 11:39 . 2009-05-26 11:39    --------    d-----w-    c:\program files\Sun
2009-05-25 16:48 . 2009-05-25 16:48    48128    ----a-w-    C:\pclips.exe
2009-05-13 05:15 . 2004-08-10 04:00    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-05-11 16:15 . 2009-05-11 16:15    2560    ----a-w-    c:\windows\_MSRSTRT.EXE
2009-05-07 15:32 . 2004-08-10 04:00    345600    ------w-    c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2009-04-29 04:46    81920    ------w-    c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 04:00    1847168    ----a-w-    c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 04:00    585216    ----a-w-    c:\windows\system32\rpcrt4.dll
2007-05-07 11:50 . 2009-04-08 01:28    32    --sha-w-    c:\windows\SMINST\HPCD.SYS
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\OAui.exe" [2009-04-28 2045128]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-21 1519616]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [18-06-2009 23:18 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [18-06-2009 23:18 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [18-06-2009 23:18 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-03-2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-03-2009 14:07 72944]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [04-05-2009 07:45 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [04-05-2009 07:45 3052744]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03-01-2006 08:18 2829696]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [18-06-2009 21:43 91797]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-03-2009 14:07 7408]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [03-01-2006 08:18 468768]
S2 gupdate1c9f05e718c3198;Tjenesten Google Update (gupdate1c9f05e718c3198);c:\program files\Google\Update\GoogleUpdate.exe [07-04-2009 22:23 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:23]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:23]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
HKLM-Run-PCDrProfiler - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-07-13 21:27
ComboFix-quarantined-files.txt  2009-07-13 19:27

Pre-Kørsel: 142.746.017.792 bytes free
Post-Kørsel: 143.463.841.792 byte ledig

618    --- E O F ---    2009-06-19 19:17
13. juli 2009 - 21:55 #7
(Der blev da sakset 'noget' - hvordan er status så nu ?)
Avatar billede rasm_ar Nybegynder
13. juli 2009 - 23:16 #8
Jeg har prøvet at genopstarte, og kunne ikke se noget på Online Armor. Jeg må indrømme, at det heller ikke har været tilfældet. hver gang jeg har set efter. Vil det sige, at hvis Ukraine dukker op igen, så skal jeg køre det for mig nye program?
14. juli 2009 - 06:53 #9
Hmmm... måske...
Avatar billede rasm_ar Nybegynder
14. juli 2009 - 09:38 #10
Til Karise_larry
Her til morgen kørte jeg via Online Armor en total scanning, som intet fandt, straks derefter foretog Super Anti Spyware det samme og fandt 14 Adware Tracking Cookie, som blev sat i karantæne. Er der en forklaring på det? og kan du se om mit Ukraine halløj er borte? Eller er der noget, som jeg yderligere skal foretage mig?
14. juli 2009 - 14:48 #11
... la' der gå nogle dage og se om der 'sker' noget ?

Nævnte [Adware Tracking Cookie] er i denne forbindelse harmløse...
Avatar billede rasm_ar Nybegynder
14. juli 2009 - 16:31 #12
Mange tak for hjælpen. Jeg vil gerne af med de lovede points
14. juli 2009 - 22:16 #13
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede rasm_ar Nybegynder
15. juli 2009 - 05:32 #14
Endnu engang tak for hjælpen.
15. juli 2009 - 06:24 #15
...Jeg vil gerne af med de lovede points ... - dem gav du nu til dig selv *S*
http://www.eksperten.dk/faq
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester