Avatar billede daki Juniormester
13. september 2010 - 09:33 Der er 61 kommentarer og
1 løsning

Hjælp til rensning af bærbar

Jeg har et irriterende problem, engang imellem få jeg nogle pop-ups (reklame) pg ca. hvert 10. min. kommer der en fejlmeddelelse fra Windows om af programmet GD8fuH70.exe har fundet en fejl og afsluttes. Vi beklager ulejligheden.

Jeg har kørt CCLEANER, SPYBOT og HIJACKTHIS.

Vedhæfter log fra hijackthis, den 1. er fra da problemet opstod og den 2. er fra i dag.
Jeg har efter bedste evne prøvet at fjerne noget fra hijackthis, men har åbenbart ikke fået fjernet det hele.
Filen GD8fuH70.exe er slettet fra computeren.

/Dan

-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:13, on 07-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\TpShocks .exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR .exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK .exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Winamp\winampa .exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Synaptics\SynTP\SynTPLpr .exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Application Data\GD8fuH70.exe
C:\WINDOWS\Fonts\Q4wcU41Q8.com
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\temp\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm .exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://spil.tdc.dk/gratis/sudoku/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 23754 bytes
-----


-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:24, on 13-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR .exe
C:\Programmer\Lenovo\AwayTask\AwaySch .exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer .exe
C:\Programmer\Lenovo\VIRTSCRL\virtscrl .exe
C:\Programmer\Winamp\winampa .exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmer\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\All Users\Application Data\GD8fuH70.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\temp\hijackthis\HiJackThis.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 23561 bytes
Avatar billede beguze Nybegynder
13. september 2010 - 09:48 #1
Hej daki. har ikke forstået om du har kørt en virus scan på din pc, og evt gjort det i F8 fejsikret tilstand.

Men det kunne lyde som om du er blevet ramt af noget skidt som ikke bare er til at fjerne.

Du kunne prøve med Combofix. Hent filen og kør install. Husk at du altid skal fortage backup af dine vigtige filer inden...
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Avatar billede daki Juniormester
13. september 2010 - 10:32 #2
Nej - diverse scanninger er ikke foretaget i fejlsikret tilstand, men filen GD8fuH70.exe blev fjernet i fejlsikret tilstand.
Skal jeg kører alle scanninger incl. combofix i fejlsikret?
Avatar billede beguze Nybegynder
13. september 2010 - 10:42 #3
Du skal køre virus scan i F8 tilstand fejlsikret. Combofix kan køre i normal tilstand, husk at deaktivere andre virus programer fordi de kan blokere for Combofix, evt hel afinstallere dem og derefter installere dem igen.
Avatar billede daki Juniormester
13. september 2010 - 14:19 #4
Log fra ComboFix, som er kørt i fejlsikret, har ikke fået virus scannet i fejlsikret.
GD8fuH70.exe kommer stadigvæk med fejl.

-----
ComboFix 10-09-12.03 - DAHE 13-09-2010  12:01:54.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2744 [GMT 2:00]
Kører fra: c:\temp\hijackthis\ComboFix.exe
AV: Panda Endpoint Protection *On-access scanning disabled* (Outdated) {3503ACDE-020C-4FD4-BD8E-D011C03E7677}
FW: Panda Endpoint Protection Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\GD8fuH70.exe
c:\documents and settings\DAHE\GoToAssistDownloadHelper.exe
C:\Install.exe
c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe
c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe
c:\programmer\Analog Devices\Core\smax4pnp.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programmer\Hp\HP Software Update\HPWuSchd2.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
c:\programmer\IBM\Client Access\cwbsvstr.exe
c:\programmer\Java\jre6\bin\jusched.exe
c:\programmer\Labtec\Webcam\ISStart.exe
c:\programmer\Labtec\Webcam\LogiTray.exe
c:\programmer\Lenovo\AwayTask\AwaySch.EXE
c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe
c:\programmer\Messenger\msmsgs.exe
c:\programmer\Microsoft ActiveSync\wcescomm          .exe
c:\programmer\Microsoft ActiveSync\Wcescomm          .exe
c:\programmer\Microsoft ActiveSync\Wcescomm        .exe
c:\programmer\Microsoft ActiveSync\Wcescomm        .exe
c:\programmer\Microsoft ActiveSync\Wcescomm      .exe
c:\programmer\Microsoft ActiveSync\Wcescomm      .exe
c:\programmer\Microsoft ActiveSync\Wcescomm    .exe
c:\programmer\Microsoft ActiveSync\Wcescomm    .exe
c:\programmer\Microsoft ActiveSync\Wcescomm  .exe
c:\programmer\Microsoft ActiveSync\Wcescomm  .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe
c:\programmer\Panda Security\WAC\PSCtrlC.exe
c:\programmer\Picasa2\PicasaMediaDetector.exe
c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
c:\programmer\Spybot - Search & Destroy\TeaTimer.exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
c:\programmer\Winamp\winampa.exe
c:\programmer\Windows Media Player\WMPNSCFG.exe
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\Tasks\At1.job

[code] <pre>
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe ---^> c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe ---^> c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe ---^> c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe
c:\programmer\Analog Devices\Core\smax4pnp .exe ---^> c:\programmer\Analog Devices\Core\smax4pnp.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe ---^> c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe ---^> c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe ---^> c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe ---^> c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe ---^> c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---^> c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe ---^> c:\programmer\Hp\HP Software Update\HPWuSchd2.exe
c:\programmer\IBM\Client Access\cwbsvstr .exe ---^> c:\programmer\IBM\Client Access\cwbsvstr.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe ---^> c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe ---^> c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
c:\programmer\Java\jre6\bin\jusched .exe ---^> c:\programmer\Java\jre6\bin\jusched.exe
c:\programmer\Labtec\Webcam\ISStart .exe ---^> c:\programmer\Labtec\Webcam\ISStart.exe
c:\programmer\Labtec\Webcam\LogiTray .exe ---^> c:\programmer\Labtec\Webcam\LogiTray.exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe ---^> c:\programmer\Lenovo\AwayTask\AwaySch.exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe ---^> c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe
c:\programmer\Messenger\msmsgs .exe ---^> c:\programmer\Messenger\msmsgs.exe
c:\programmer\Microsoft ActiveSync\wcescomm            .exe ---^> c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe ---^> c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe
c:\programmer\Panda Security\WAC\PSCtrlC .exe ---^> c:\programmer\Panda Security\WAC\PSCtrlC.exe
c:\programmer\Picasa2\PicasaMediaDetector .exe ---^> c:\programmer\Picasa2\PicasaMediaDetector.exe
c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe ---^> c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe ---^> c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
c:\programmer\Winamp\winampa .exe ---^> c:\programmer\Winamp\winampa.exe
c:\programmer\Windows Media Player\WMPNSCFG .exe ---^> c:\programmer\Windows Media Player\WMPNSCFG.exe
</pre> [/code]
.
Inficeret kopi af c:\windows\system32\drivers\netbt.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty had a snack :p
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-13 til 2010-09-13  )))))))))))))))))))))))))))))))))))
.

2010-09-13 09:37 . 2010-09-13 09:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-13 10:11    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-13 09:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32    --------    d-----w-    c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49    301624    ----a-w-    c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20    96256    ----a-w-    c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00    16896    ----a-w-    c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-13 09:47    --------    d-----w-    c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06    --------    d-sh--w-    c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55    --------    d-sh--w-    c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41    --------    d-----w-    C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45    --------    d-----w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46    --------    d-----w-    c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50    --------    d-----w-    c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51    --------    d-----w-    c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-08-19 06:06    --------    d-----w-    C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44    --------    d-----w-    c:\programmer\HPDesignjet30-130PrinterSeries

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 10:42 . 2010-09-07 06:28    112    ----a-w-    c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-13 10:42 . 2010-09-13 10:42    71170    ----a-w-    c:\documents and settings\All Users\Application Data\GD8fuH70.exe
2010-09-13 10:39 . 2008-11-11 19:18    --------    d-----w-    c:\programmer\Winamp
2010-09-13 10:39 . 2008-10-09 17:37    --------    d-----w-    c:\programmer\Picasa2
2010-09-13 10:37 . 2008-11-07 18:46    --------    d-----w-    c:\programmer\Microsoft ActiveSync
2010-09-13 10:25 . 2009-01-06 13:36    204960    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-13 10:25 . 2009-01-06 13:36    204960    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT
2010-09-13 10:15 . 2009-01-06 13:36    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-13 10:15 . 2009-01-06 13:36    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG
2010-09-13 09:32 . 2010-06-25 12:43    1796432    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-13 06:10 . 2010-05-31 09:47    --------    d-----w-    c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00    550382    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00    113816    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27    --------    d-----w-    c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13    --------    d-----w-    c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22    --------    d-----w-    c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\CCleaner
2010-09-08 06:12 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-07 06:22 . 2009-12-11 10:19    35332    ----a-w-    c:\windows\system32\TpShocks.exe
2010-09-05 10:46 . 2009-07-06 06:29    --------    d-----w-    c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09    0    ----a-w-    c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14    --------    d-----w-    c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42    24304    ----a-w-    c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39    4442    ----a-w-    c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39    196608    ------w-    c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31    --------    d-----w-    c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 07:15 . 2008-10-22 10:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 06:34 . 2010-08-12 06:34    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-03 08:34 . 2009-12-02 09:13    55368    ----a-w-    c:\windows\system32\drivers\nsfim.sys
2010-08-02 13:19 . 2010-08-02 13:19    --------    d-----w-    c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00    1851904    ------w-    c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 22:00    354304    ------w-    c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1979-12-31 22:00    80384    ------w-    c:\windows\system32\iccvid.dll
2009-04-16 07:15 . 2009-04-16 07:15    16496    --sha-w-    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe
c:\programmer\Analog Devices\Core\smax4pnp .exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe
c:\programmer\IBM\Client Access\cwbsvstr .exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Labtec\Webcam\ISStart .exe
c:\programmer\Labtec\Webcam\LogiTray .exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe
c:\programmer\Lenovo\HOTKEY\TPOSDSVC .exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe
c:\programmer\Malwarebytes' Anti-Malware\mbam .exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe
c:\windows\system32\tp4ex .exe
c:\windows\system32\TpShocks .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 35336]
"AlcoholAutomount"="c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-09-13 35336]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2010-09-13 35336]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-06-03 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2010-09-07 35332]
"TP4EX"="tp4ex.exe" [N/A]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [N/A]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [N/A]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2010-09-13 35336]
"AwaySch"="c:\programmer\Lenovo\AwayTask\AwaySch.EXE" [2010-09-13 35336]
"cssauth"="c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2010-09-13 35336]
"PDService.exe"="c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2010-09-13 35336]
"Picasa Media Detector"="c:\programmer\Picasa2\PicasaMediaDetector.exe" [2010-09-13 35336]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"Client Access Service"="c:\programmer\IBM\Client Access\cwbsvstr.exe" [2010-09-13 35336]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [N/A]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2010-09-13 35336]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2010-09-13 35336]
"LogitechVideoRepair"="c:\programmer\Labtec\Webcam\ISStart.exe" [2010-09-13 35336]
"LogitechVideoTray"="c:\programmer\Labtec\Webcam\LogiTray.exe" [2010-09-13 35336]
"Panda Software Controller Client"="c:\programmer\Panda Security\WAC\PSCtrlC.exe" [2010-09-13 35336]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2010-09-13 35336]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2010-09-13 35336]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"TrueImageMonitor.exe"="c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"WinampAgent"="c:\programmer\Winamp\winampa.exe" [2010-09-13 35336]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2010-09-13 35336]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-13 35336]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-13 35336]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-13 35336]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2010-09-13 35336]
"Ulead Calendar Checker"="c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2010-09-13 35336]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2010-09-13 35336]
"LenovoAutoScrollUtility"="c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe" [2010-09-13 35336]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03    49152    ----a-w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42    72208    ----a-w-    c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41    100104    ----a-w-    c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
c:\programmer\Microsoft ActiveSync\wcescomm          .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12    76304    ----a-w-    c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe"= c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [06-01-2009 15:18 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [06-01-2009 15:18 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [06-01-2009 15:18 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [06-01-2009 15:18 193800]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [06-01-2009 15:18 159112]
R1 NSFIM;Network Shared Files Information Manager Plugin;c:\windows\system32\drivers\nsfim.sys [02-12-2009 11:13 55368]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [13-07-2010 09:11 59080]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 PavAt3Scheduler;Panda EndPoint Scheduler;c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [17-09-2009 10:51 140544]
R2 PavWASLpMng;Panda Endpoint Local Process Manager;c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [17-09-2009 16:48 295680]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 PskSvc;Panda Kernel Service;c:\programmer\Panda Security\WAC\psksvc.exe [31-03-2010 10:17 27904]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [31-12-2009 14:03 320768]
R2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [17-09-2009 16:48 206080]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 yhmtid;yhmtid;c:\windows\system32\drivers\ldjil.sys --> c:\windows\system32\drivers\ldjil.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-07 c:\windows\Tasks\At100.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At101.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At102.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At103.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At104.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At105.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At106.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At107.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At108.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At109.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At110.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At111.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At112.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At113.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At114.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At115.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At116.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At117.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At118.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At119.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At120.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At121.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At122.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At123.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At124.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At125.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At126.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At127.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At128.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At129.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At130.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At131.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At132.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At133.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At134.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At135.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At136.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At137.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At138.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At139.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At140.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At141.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At142.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At143.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At144.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At145.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At146.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At147.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At148.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At149.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At150.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At151.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At152.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At153.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At154.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At155.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At156.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At157.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At158.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At159.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At160.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At161.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At162.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At163.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At164.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At165.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At166.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At167.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At168.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At169.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At170.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At171.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At172.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At173.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At174.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At175.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At176.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At177.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At178.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At179.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At180.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At181.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At182.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At183.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At184.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At185.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At186.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At187.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At188.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At189.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At190.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At191.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At192.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At193.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At194.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At195.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At196.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At197.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At198.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At199.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At200.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At201.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At202.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At203.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At204.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At205.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At206.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At207.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At208.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At209.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At210.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At211.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At212.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At213.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At214.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At215.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At216.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At217.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At218.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At219.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At220.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At221.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At222.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At223.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At224.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At225.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At226.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At227.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At228.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At229.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At230.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At231.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At232.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At233.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At234.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At235.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At236.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At237.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At238.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At239.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At240.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At241.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At242.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At243.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At244.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At245.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At246.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At247.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At248.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At249.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At25.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At250.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At251.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At252.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At253.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At254.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At255.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At256.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At257.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At258.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At259.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At26.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At260.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At261.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At262.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At263.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At264.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At265.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At266.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At267.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At268.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At269.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At27.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At270.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At271.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At272.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At273.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At274.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At275.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At276.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At277.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At278.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At279.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At28.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At280.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At281.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At282.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At283.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At284.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At285.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At286.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At287.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At288.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At289.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At29.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At290.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At291.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At292.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At293.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At294.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At295.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At296.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At297.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At298.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At299.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At30.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At300.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At301.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At302.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At303.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At304.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At305.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At306.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At307.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At308.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At309.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At31.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At310.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At311.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At312.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At313.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At314.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At315.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At316.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At317.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At318.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At319.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At32.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At320.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At321.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At322.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At323.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At324.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At325.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At326.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At327.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At328.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At329.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At33.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At330.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At331.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At332.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At333.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At334.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At335.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At336.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At337.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At338.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At339.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At34.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At340.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At341.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At342.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At343.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At344.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At345.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At346.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At347.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At348.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At349.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At35.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At350.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At351.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At352.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At353.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At354.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At355.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At356.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At357.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At358.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At359.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At36.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At360.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At361.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At362.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At363.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At364.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At365.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At366.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At367.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At368.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At369.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At37.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At370.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At371.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At372.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At373.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At374.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At375.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At376.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At377.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At378.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At379.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At38.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At380.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-0
Avatar billede daki Juniormester
13. september 2010 - 14:24 #5
Lige resten af loggen :-)

2010-09-12 c:\windows\Tasks\At380.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At381.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At382.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At383.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At384.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At385.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At386.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At387.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At388.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At389.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At39.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At390.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At391.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At392.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At393.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At394.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At395.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At396.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At397.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At398.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At399.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At40.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At400.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At401.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At402.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At403.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At404.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At405.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At406.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At407.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At408.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At409.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At41.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At410.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At411.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At412.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At413.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At414.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At415.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At416.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At417.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At418.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At419.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At42.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At420.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At421.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At422.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At423.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At424.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At425.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At426.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At427.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At428.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At429.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At43.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At430.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At431.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At432.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At433.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At434.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At435.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At436.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At437.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At438.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At439.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At44.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At440.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At441.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At442.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At443.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At444.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At445.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At446.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At447.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At448.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At449.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At45.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At450.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At451.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At452.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At453.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At454.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At455.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At456.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At457.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At458.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At459.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At46.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At460.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At461.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At462.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At463.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At464.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At465.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At466.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At467.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At468.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At469.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At47.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At470.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At471.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At472.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At473.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At474.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At475.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At476.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At477.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At478.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At479.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At48.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At480.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At481.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At482.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At483.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At484.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At485.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At486.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At487.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At488.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At489.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At49.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At490.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At491.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At492.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At493.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At494.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At495.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At496.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At497.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At498.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At499.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At50.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At500.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At501.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At502.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At503.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At504.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At505.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At506.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At507.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At508.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At509.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At51.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At510.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At511.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At512.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At513.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At514.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At515.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At516.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At517.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At518.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At519.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At52.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At520.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At521.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At522.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At523.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At524.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At525.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At526.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At527.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At528.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At53.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At54.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At55.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At56.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At57.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At58.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At59.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At60.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At61.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At62.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At63.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At64.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At65.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At66.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At67.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At68.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At69.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At70.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At71.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At72.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At73.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At74.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At75.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At76.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At77.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At78.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At79.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At80.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At81.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At82.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At83.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At84.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At85.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At86.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At87.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At88.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At89.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At90.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At91.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At92.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At93.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At94.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At95.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At96.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At97.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At98.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At99.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{340844B3-DA8F-4B80-9205-2C99B89CDA14}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{E6639A72-C60C-40AB-A0CA-094B80DD34B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/dk/da
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmer\Panda Security\WAC\pavlsp.dll
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
AddRemove-InstallShield_{82366F64-4503-4D47-8D30-AEF8BCF25B6E} - c:\program files\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1508)
c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3844)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Panda Security\WAC\pavFnSvr.exe
c:\programmer\Panda Security\WAC\pavsrvx86.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Panda Security\WAC\PsCtrlS.exe
c:\programmer\Panda Security\WAC\PSHost.exe
c:\programmer\Panda Security\WAC\PSIMSVC.EXE
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\LVComS.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\TpShocks .exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\Panda Security\WAC\AVENGINE.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\programmer\Internet Explorer\IEXPLORE.EXE
c:\programmer\Internet Explorer\IEXPLORE.EXE
c:\programmer\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Gennemført tid: 2010-09-13  12:58:57 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-13 10:58

Pre-Kørsel: 14.324.355.072 byte ledig
Post-Kørsel: 11.153.711.104 byte ledig

- - End Of File - - 94AB6C7FC448810410A505DB41937769
13. september 2010 - 22:33 #6
Under alle omstændigheder så skal du SLETTE alle disse
c:\windows\Tasks\*.job
Ellers kommer den bare igen ~528 gang i døgnet *S* ...

---

Du har da også en million elementer i din opstart - en del ganske unødvendige...

---

ComboFix ser lidt 'underlig' ud...

Kør også denne ->
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Avatar billede f-arn Guru
14. september 2010 - 02:40 #7
Vi må vel gå udfra <beguze> ved hvordan en Combofix log skal behandles. Ellers var den vel ikke indkaldt!
Avatar billede daki Juniormester
14. september 2010 - 08:31 #8
Alle opgaver slettet i tasks!
Malewarebytes samt ccleaner afviklet engang til!
Ny hijackthis log.

-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:46, on 14-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
c:\programmer\lenovo\system update\suservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\IBM\Client Access\cwbsvstr.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Lenovo\AwayTask\AwaySch .exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\Winamp\winampa .exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Lenovo\VIRTSCRL\virtscrl .exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Java\jre6\bin\jucheck.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Java\jre6\bin\javaw.exe
C:\temp\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 22439 bytes
Avatar billede beguze Nybegynder
15. september 2010 - 12:27 #9
Hej igen. Din combofix har fjernet en masse skidt fra din pc, samt rydet op i fejramte filer. dog ikke i dinGD8fuH70.exe som ikke findes længere, og som jeg ikke kan finde nogen relation til.

Denne exe fil har muligvis tilknytning til et program og jeg ville tro det kunne være til motherbord eller grafikkortet fra ABIT.
Kommer denne fejl frem når du starter windows op i starten. eller kommer den frem når klikker på et program, for så skal di installere programerne igen.
Avatar billede f-arn Guru
15. september 2010 - 12:41 #10
Flyt lige den Combofix ud på Skrivebordet.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\drivers\ldjil.sys
Filelook::
c:\windows\system32\drivers\nsfim.sys
Driver::
yhmtid
Renv::
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe
c:\programmer\Analog Devices\Core\smax4pnp .exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe
c:\programmer\IBM\Client Access\cwbsvstr .exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Labtec\Webcam\ISStart .exe
c:\programmer\Labtec\Webcam\LogiTray .exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe
c:\programmer\Lenovo\HOTKEY\TPOSDSVC .exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe
c:\programmer\Malwarebytes' Anti-Malware\mbam .exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe
c:\windows\system32\tp4ex .exe
c:\windows\system32\TpShocks .exe


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede daki Juniormester
15. september 2010 - 17:20 #11
GD8fuH70.exe ser ud til at være fjernet!
Ny log fra Combofix:

ComboFix 10-09-12.03 - DAHE 15-09-2010  16:51:27.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2317 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
"c:\windows\system32\drivers\ldjil.sys"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_yhmtid


(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-15 til 2010-09-15  )))))))))))))))))))))))))))))))))))
.

2010-09-14 20:23 . 2010-09-15 14:43    --------    d-----w-    c:\programmer\Panda Security
2010-09-14 11:41 . 2010-09-14 11:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-13 14:39 . 2010-09-13 14:55    --------    d-----w-    c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-14 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-13 10:11    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32    --------    d-----w-    c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49    301624    ----a-w-    c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20    96256    ----a-w-    c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00    16896    ----a-w-    c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-15 14:40    --------    d-----w-    c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06    --------    d-sh--w-    c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55    --------    d-sh--w-    c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41    --------    d-----w-    C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45    --------    d-----w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46    --------    d-----w-    c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50    --------    d-----w-    c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51    --------    d-----w-    c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-08-19 06:06    --------    d-----w-    C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44    --------    d-----w-    c:\programmer\HPDesignjet30-130PrinterSeries

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 15:02 . 2010-06-25 12:43    1796432    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-15 14:51 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46    --------    d-----w-    c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28    --------    d-----w-    c:\programmer\Multimedia Center for Think Offerings
2010-09-15 06:50 . 2008-11-11 19:18    --------    d-----w-    c:\programmer\Winamp
2010-09-15 06:49 . 2008-10-09 17:37    --------    d-----w-    c:\programmer\Picasa2
2010-09-14 19:33 . 2010-09-14 19:33    45056    ----a-w-    c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
2010-09-14 17:44 . 2010-09-14 17:44    112    ----a-w-    c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 11:43 . 2008-10-22 10:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 07:01 . 2008-10-13 05:55    --------    d-----w-    c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12    --------    d-----w-    c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44    1324    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47    --------    d-----w-    c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00    550382    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00    113816    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27    --------    d-----w-    c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13    --------    d-----w-    c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22    --------    d-----w-    c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29    --------    d-----w-    c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09    0    ----a-w-    c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14    --------    d-----w-    c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42    24304    ----a-w-    c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39    4442    ----a-w-    c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39    196608    ------w-    c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31    --------    d-----w-    c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19    --------    d-----w-    c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00    1851904    ------w-    c:\windows\system32\win32k.sys
2010-06-23 05:52 . 2010-06-23 05:52    501936    ----a-w-    c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb59.tmp.exe
2010-06-21 15:27 . 1979-12-31 22:00    354304    ------w-    c:\windows\system32\drivers\srv.sys
2009-04-16 07:15 . 2009-04-16 07:15    16496    --sha-w-    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Picasa2\PicasaMediaDetector .exe
c:\programmer\Spybot - Search & Destroy\TeaTimer .exe
c:\programmer\Synaptics\SynTP\SynTPEnh .exe
c:\programmer\Synaptics\SynTP\SynTPLpr .exe
c:\programmer\ThinkPad\ConnectUtilities\ACTray .exe
c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon .exe
c:\programmer\ThinkPad\Utilities\EzEjMnAp .exe
c:\programmer\ThinkVantage\PrdCtr\LPMGR .exe
c:\programmer\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
c:\programmer\Winamp\winampa .exe
c:\programmer\Windows Media Player\WMPNSCFG .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-06-03 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03    49152    ----a-w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42    72208    ----a-w-    c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41    100104    ----a-w-    c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-14 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 17:10
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1812)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(6132)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-15  17:13:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-15 15:13
ComboFix2.txt  2010-09-14 17:57
ComboFix3.txt  2010-09-13 10:58

Pre-Kørsel: 18.043.564.032 byte ledig
Post-Kørsel: 18.057.547.776 byte ledig

- - End Of File - - 38234CAA88611DF5F22B2B98D19B40CA
Avatar billede f-arn Guru
16. september 2010 - 10:33 #12
Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\dllcache\ac97intc.sys
c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
Renv::
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Picasa2\PicasaMediaDetector .exe
c:\programmer\Spybot - Search & Destroy\TeaTimer .exe
c:\programmer\Synaptics\SynTP\SynTPEnh .exe
c:\programmer\Synaptics\SynTP\SynTPLpr .exe
c:\programmer\ThinkPad\ConnectUtilities\ACTray .exe
c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon .exe
c:\programmer\ThinkPad\Utilities\EzEjMnAp .exe
c:\programmer\ThinkVantage\PrdCtr\LPMGR .exe
c:\programmer\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
c:\programmer\Winamp\winampa .exe
c:\programmer\Windows Media Player\WMPNSCFG .exe


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede daki Juniormester
16. september 2010 - 13:39 #13
Ny log fra Combofix!

ComboFix 10-09-15.01 - DAHE 16-09-2010  13:02:34.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2337 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-16 til 2010-09-16  )))))))))))))))))))))))))))))))))))
.

2010-09-15 16:04 . 2010-09-15 16:04    --------    d-----w-    c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-15 14:43    --------    d-----w-    c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-13 14:55    --------    d-----w-    c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32    --------    d-----w-    c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49    301624    ----a-w-    c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20    96256    ----a-w-    c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00    16896    ----a-w-    c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-15 15:15    --------    d-----w-    c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06    --------    d-sh--w-    c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55    --------    d-sh--w-    c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41    --------    d-----w-    C:\Program Data
2010-09-04 18:00 . 2010-09-05 11:04    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46    --------    d-----w-    c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50    --------    d-----w-    c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51    --------    d-----w-    c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-09-15 16:13    --------    d-----w-    C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44    --------    d-----w-    c:\programmer\HPDesignjet30-130PrinterSeries

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 11:02 . 2008-11-11 19:18    --------    d-----w-    c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37    --------    d-----w-    c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46    --------    d-----w-    c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28    --------    d-----w-    c:\programmer\Multimedia Center for Think Offerings
2010-09-14 19:33 . 2010-09-14 19:33    45056    ----a-w-    c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
2010-09-14 17:44 . 2010-09-14 17:44    112    ----a-w-    c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 11:43 . 2008-10-22 10:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 07:01 . 2008-10-13 05:55    --------    d-----w-    c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12    --------    d-----w-    c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44    1324    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47    --------    d-----w-    c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00    550382    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00    113816    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27    --------    d-----w-    c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13    --------    d-----w-    c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22    --------    d-----w-    c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29    --------    d-----w-    c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09    0    ----a-w-    c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14    --------    d-----w-    c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42    24304    ----a-w-    c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39    4442    ----a-w-    c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39    196608    ------w-    c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31    --------    d-----w-    c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19    --------    d-----w-    c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00    1851904    ------w-    c:\windows\system32\win32k.sys
2010-06-23 05:52 . 2010-06-23 05:52    501936    ----a-w-    c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb59.tmp.exe
2010-06-21 15:27 . 1979-12-31 22:00    354304    ------w-    c:\windows\system32\drivers\srv.sys
2009-04-16 07:15 . 2009-04-16 07:15    16496    --sha-w-    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
</pre>[/code]

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll ---
Company: TeamDev Ltd
File Description: JNIWrapper Native Library
File Version: 3.6
Product Name: JNIWrapper
Copyright: Copyright © 2001-2006, TeamDev Ltd
Original Filename: jniwrap.dll
File size: 45056
Created time: 2010-09-14 19:33
Modified time: 2010-09-14 19:33
MD5: E10A67677C00C0C4EF9593FFC9A8DD7C
SHA1: EE85E50E4B249504B2CE2020A99F9D43ED9EA2C0


--- c:\windows\system32\dllcache\ac97intc.sys ---
Company: Intel Corporation
File Description: Intel(r) Integrated Controller Hub Audio Driver
File Version: 5.10.3523 built by: WinDDK
Product Name: Intel(r) Integrated Controller Hub Audio Driver
Copyright: Copyright (C) Intel Corporation 1998-2001
Original Filename: ichaud.sys
File size: 96256
Created time: 2010-09-08 06:08
Modified time: 2001-08-17 18:20
MD5: 0F2D66D5F08EBE2F77BB904288DCF6F0
SHA1: 0E2676F868D3DD0E593F33F5DA7F766DE7462AC4


(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03    49152    ----a-w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42    72208    ----a-w-    c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41    100104    ----a-w-    c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1832)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3416)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-16  13:35:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-16 11:35
ComboFix2.txt  2010-09-14 17:57
ComboFix3.txt  2010-09-13 10:58

Pre-Kørsel: 18.416.091.136 byte ledig
Post-Kørsel: 18.452.451.328 byte ledig

- - End Of File - - 5AEC97C8B78045DBDD5C740F91AD81F7
Avatar billede f-arn Guru
16. september 2010 - 14:53 #14
1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
adobearm*


3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede daki Juniormester
16. september 2010 - 15:19 #15
SystemLook 04.09.10 by jpshortstuff
Log created at 15:19 on 16/09/2010 by DAHE
Administrator - Elevation successful

========== filefind ==========

Searching for "adobearm*"
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe    --a---- 976832 bytes    [14:57 11/12/2009]    [08:06 09/06/2010] 0B232C77D822983397674AEEC9AB59DC
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe    -ra---- 976832 bytes    [08:06 09/06/2010]    [08:06 09/06/2010] 0B232C77D822983397674AEEC9AB59DC
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe.vir    --a---- 35332 bytes    [14:57 11/12/2009]    [06:22 07/09/2010] C7EC8CC808964775E9341499E078B583
C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA70301B7449A0300000010\9.3.0\adobearm.exe    -ra---- 948672 bytes    [13:57 11/12/2009]    [13:57 11/12/2009] 73BB442A717B9BB0097C243374C14A3E
C:\WINDOWS\Prefetch\ADOBEARM.EXE-25927BA6.pf    --a---- 22436 bytes    [09:17 15/02/2010]    [11:28 16/09/2010] 7BC7480AC35B8283C00A1E2C49FD73CF

-= EOF =-
Avatar billede f-arn Guru
16. september 2010 - 16:00 #16
Start Stifinder og find C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe (Bemærk mellemrum mellem M og .exe)
Slet den.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste svar.
Avatar billede daki Juniormester
16. september 2010 - 18:53 #17
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0ba99dc306c274486c3cce9c7b7c949
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-16 04:44:22
# local_time=2010-09-16 06:44:22 (+0100, Rom, sommertid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 297 297 0 0
# scanned=135397
# found=96
# cleaned=96
# scan_time=8115
C:\Qoobox\Quarantine\C\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Analog Devices\Core\smax4pnp.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Hp\HP Software Update\HPWuSchd2.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\IBM\Client Access\cwbsvstr.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Java\jre6\bin\jusched.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Labtec\Webcam\ISStart.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Labtec\Webcam\LogiTray.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Lenovo\AwayTask\AwaySch.EXE.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Lenovo\VIRTSCRL\virtscrl.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Messenger\msmsgs.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\wcescomm          .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm          .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm        .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm        .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm      .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm      .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm    .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm    .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm  .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm  .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Microsoft Office\Office12\GrooveMonitor.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Panda Security\WAC\PSCtrlC.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Picasa2\PicasaMediaDetector.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Spybot - Search & Destroy\TeaTimer.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Winamp\winampa.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\Programmer\Windows Media Player\WMPNSCFG.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Qoobox\Quarantine\C\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe.vir    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000039.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000087.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000088.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000089.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000090.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000091.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000092.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000093.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000094.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000095.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000096.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000097.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000098.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000099.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000100.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000101.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000102.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000103.EXE    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000104.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000105.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000106.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000107.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000108.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000109.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000110.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000111.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000112.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000351.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000352.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000353.EXE    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000354.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000355.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000357.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000358.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000359.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000360.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000361.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000362.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000363.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000364.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000365.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000366.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000367.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000368.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000369.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000370.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000371.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000372.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000373.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000500.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000501.exe    Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\temp\Downloads\Hirens\UBCD4WinV350.exe    multiple threats (deleted - quarantined)    00000000000000000000000000000000    C
Avatar billede f-arn Guru
16. september 2010 - 20:21 #18
Fint - bortset fra Ultimate Boot Disk lå det hele, enten i Combofix karantæne, eller i Systemgendannelsen.

------

Tast  <Windows> + <R> samtidig og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

Klik Start -> Kør -> kopier dette ind control sysdm.cpl,,4
Klik OK

Slå System Gendannelse fra.
Klik OK.

Genstart.

Klik Start -> Kør -> kopier dette ind control sysdm.cpl,,4
Klik OK
Slå System Gendannelse til.
Klik OK.

------

hent Security Check af screen317
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Start den og følg instruktionerne.
Kopier loggen herind.
Avatar billede daki Juniormester
16. september 2010 - 20:58 #19
Results of screen317's Security Check version 0.99.5 
Windows XP Service Pack 3 
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware   
HijackThis 2.0.2   
CCleaner   
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 12 
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Out of date Java installed!
Adobe Flash Player 10.0.32.18 
Adobe Reader 9.3.4 - Dansk
````````````````````````````````
Process Check: 
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Avatar billede f-arn Guru
16. september 2010 - 21:53 #20
Er der nogen speciel grund til at Windows Sikkerheds Center ikke kører?

Hvis du ønsker at starte det:

Klik start -> kør og kopier dette ind services.msc
Klik OK
Find Sikkerheds Centeret -> højreklik på det -> Egenskaber -> Starttype Automatisk.
Klik OK
Genstart.

------

Din Java skal opdateres.
Hent en opdateret her: http://www.java.com/en/download/index.jsp
I Kontrolpanelet under Tilføj/Fjern Programmer finder du "Java(TM) 6 Update 12" og afinstallerer den.

Hvordan kører PCen nu?

PS Fik du slettet AdobeARM .exe?
Avatar billede daki Juniormester
17. september 2010 - 08:43 #21
AdobeARM .exe blev slettet.

Hvorfor Widows Sikkerheds Center ikke kører, ved jeg ikke - jeg har ihvertfald ikke deaktriveret det med vilje. :-)
Var sat automatisk start, mern ikke startet - 'Tjenesten Sikkerhedscenter på Lokal computer startede og stoppede derefter. Nogle tjenester stopper automatisk, hvis de ikke udfører nogle opgaver, dette gælder f.eks. tjenesten ydelseslogger og -beskeder'

Kan ikke forstå hvorfor java ikke er opdateret, plejer jeg at være meget opmærksom på.
Siger altid ja til opdateringer fra java.

PCen kører fint, der har ikke været nogen pop-ups længe heller ikke den kedelige besked fra GD8fuH70.exe
Avatar billede f-arn Guru
17. september 2010 - 12:46 #22
[div]Hvorfor Widows Sikkerheds Center ikke kører, ved jeg ikke [div]
Start services.msc
Kontroller at "Windows Management Instrumentation" og "Remote Procedure Call (RPC)" kører.

Fik du opdateret Java?
Avatar billede daki Juniormester
17. september 2010 - 14:36 #23
Ja, java er opdateret!

Kontroller at "Windows Management Instrumentation" og "Remote Procedure Call (RPC)" kører.
Det gørt de.
Avatar billede f-arn Guru
17. september 2010 - 15:44 #24
1. Hent dette lille værktøj: (Hvis du har slettet det)

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:service
wscsvc
RpcSs
winmgmt
RPCSS


3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede daki Juniormester
17. september 2010 - 19:41 #25
SystemLook 04.09.10 by jpshortstuff
Log created at 19:39 on 17/09/2010 by DAHE
Administrator - Elevation successful

========== service ==========

wscsvc
Sikkerhedscenter
"Overvåger sikkerhedsindstillinger og -konfigurationer på systemet."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->winmgmt
Dependant Services:
(none)

RpcSs
RPC (Remote Procedure Call )
"Slutpunktsafbildning og diverse andre RPC-tjenester."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost -k rpcss
Group: COM Infrastructure
SafeBoot: Minimal Network
Dependencies:
(none)
Dependant Services:
->Panda Host Service (PSHost) (Stopped)
->Panda Software Controller (Panda Software Controller) (Started)
->Panda Antivirus Service (PavSrv) (Started)
->Tjenesten Netværksadgang (xmlprov) (Stopped)
->Automatisk konfiguration af trådløse enheder (WZCSVC) (Started)
->Sikkerhedscenter (wscsvc) (Stopped)
->WMI-ydelseskort (WmiApSrv) (Started)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)
->Windows Management Instrumentation (winmgmt) (Started)
->Øjebliksbillede af diskenhed (VSS) (Stopped)
->Distributed Link Tracking Client (TrkWks) (Started)
->Telnet (TlntSvr) (Stopped)
->Windows Search (WSearch) (Started)
->Hurtigt brugerskift-kompatibilitet (FastUserSwitchingCompatibility) (Stopped)
->Terminal Services (TermService) (Started)
->Remote Access Auto Connection Manager (RasAuto) (Stopped)
->Remote Access Connection Manager (RasMan) (Started)
->Telekommunikation (TapiSrv) (Started)
->MS Software Shadow Copy Provider (SwPrv) (Stopped)
->Windows-billedscanning (stisvc) (Started)
->Tjenesten Systemgendannelse (srservice) (Started)
->Print Spooler (Spooler) (Started)
->Hardwaregenkendelse på brugergrænsefladen (ShellHWDetection) (Started)
->Opgavestyring (Schedule) (Started)
->DTC (Distributed Transaction Coordinator) (MSDTC) (Stopped)
->SAM (Security Accounts Manager) (SamSs) (Started)
->QoS RSVP (RSVP) (Stopped)
->Remote Registry (RemoteRegistry) (Started)
->Routing og Remote Access (RemoteAccess) (Stopped)
->Intel(R) PROSet/Wireless Registry Service (RegSrvc) (Started)
->Hjælp til Sessionsstyring til Fjernskrivebord (RDSessMgr) (Stopped)
->Beskyttet lager (ProtectedStorage) (Started)
->Power Manager DBC Service (Power Manager DBC Service) (Started)
->IPSEC Policy Agent (PolicyAgent) (Stopped)
->Flytbare lagermedier (NtmsSvc) (Stopped)
->Netværksforbindelser (Netman) (Started)
->Network Access Protection Agent (napagent) (Stopped)
->Windows Installer (MSIServer) (Stopped)
->Messenger (Messenger) (Stopped)
->Machine Debug Manager (MDM) (Started)
->IviRegMgr (IviRegMgr) (Started)
->IPS Core Service (IPSSVC) (Started)
->Tjenesten Tilstandsnøgle og certifikatadministration (hkmsvc) (Stopped)
->HID Input Service (HidServ) (Stopped)
->Hjælp og support (helpsvc) (Started)
->Google Software Updater (gusvc) (Stopped)
->Tjenesten Google Update (gupdate) (gupdate) (Stopped)
->getPlus(R) Helper (getPlus(R) Helper) (Stopped)
->System Event Notification (SENS) (Started)
->COM+-hændelsessystem (EventSystem) (Started)
->Tjenesten Fejlrapportering (ERSvc) (Started)
->Automatisk konfiguration af traditionelt netværk (Dot3svc) (Stopped)
->Tjenesten Extensible Authentication Protocol (EapHost) (Stopped)
->Logical Disk Manager Administrative Service (dmadmin) (Stopped)
->Logical Disk Manager (dmserver) (Started)
->Diskeeper (Diskeeper) (Started)
->CryptSvc (CryptSvc) (Started)
->COM+-systemprogram (COMSysApp) (Stopped)
->Indekseringstjeneste (CiSvc) (Stopped)
->Tjenesten Background Intelligent Transfer (BITS) (Started)
->Windows Audio (AudioSrv) (Started)
->Acronis Scheduler2 Service (AcrSch2Svc) (Started)
->Ac Profile Manager Service (AcPrfMgrSvc) (Started)

winmgmt
Windows Management Instrumentation
"Omfatter en fælles grænseflade og objektmodel, der giver adgang til oplysninger om administration af operativsystemer, enheder, programmer og tjenester. Hvis denne tjeneste stoppes, vil de fleste Windows-baserede programmer ikke fungere korrekt. Hvis denne tjeneste deaktiveres, vil alle tjenester, som er afhængige af den, ikke kunne starte."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot: Minimal Network
Dependencies:
->RPCSS
Dependant Services:
->Sikkerhedscenter (wscsvc) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)

RPCSS
RPC (Remote Procedure Call )
"Slutpunktsafbildning og diverse andre RPC-tjenester."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost -k rpcss
Group: COM Infrastructure
SafeBoot: Minimal Network
Dependencies:
(none)
Dependant Services:
->Panda Host Service (PSHost) (Stopped)
->Panda Software Controller (Panda Software Controller) (Started)
->Panda Antivirus Service (PavSrv) (Started)
->Tjenesten Netværksadgang (xmlprov) (Stopped)
->Automatisk konfiguration af trådløse enheder (WZCSVC) (Started)
->Sikkerhedscenter (wscsvc) (Stopped)
->WMI-ydelseskort (WmiApSrv) (Started)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)
->Windows Management Instrumentation (winmgmt) (Started)
->Øjebliksbillede af diskenhed (VSS) (Stopped)
->Distributed Link Tracking Client (TrkWks) (Started)
->Telnet (TlntSvr) (Stopped)
->Windows Search (WSearch) (Started)
->Hurtigt brugerskift-kompatibilitet (FastUserSwitchingCompatibility) (Stopped)
->Terminal Services (TermService) (Started)
->Remote Access Auto Connection Manager (RasAuto) (Stopped)
->Remote Access Connection Manager (RasMan) (Started)
->Telekommunikation (TapiSrv) (Started)
->MS Software Shadow Copy Provider (SwPrv) (Stopped)
->Windows-billedscanning (stisvc) (Started)
->Tjenesten Systemgendannelse (srservice) (Started)
->Print Spooler (Spooler) (Started)
->Hardwaregenkendelse på brugergrænsefladen (ShellHWDetection) (Started)
->Opgavestyring (Schedule) (Started)
->DTC (Distributed Transaction Coordinator) (MSDTC) (Stopped)
->SAM (Security Accounts Manager) (SamSs) (Started)
->QoS RSVP (RSVP) (Stopped)
->Remote Registry (RemoteRegistry) (Started)
->Routing og Remote Access (RemoteAccess) (Stopped)
->Intel(R) PROSet/Wireless Registry Service (RegSrvc) (Started)
->Hjælp til Sessionsstyring til Fjernskrivebord (RDSessMgr) (Stopped)
->Beskyttet lager (ProtectedStorage) (Started)
->Power Manager DBC Service (Power Manager DBC Service) (Started)
->IPSEC Policy Agent (PolicyAgent) (Stopped)
->Flytbare lagermedier (NtmsSvc) (Stopped)
->Netværksforbindelser (Netman) (Started)
->Network Access Protection Agent (napagent) (Stopped)
->Windows Installer (MSIServer) (Stopped)
->Messenger (Messenger) (Stopped)
->Machine Debug Manager (MDM) (Started)
->IviRegMgr (IviRegMgr) (Started)
->IPS Core Service (IPSSVC) (Started)
->Tjenesten Tilstandsnøgle og certifikatadministration (hkmsvc) (Stopped)
->HID Input Service (HidServ) (Stopped)
->Hjælp og support (helpsvc) (Started)
->Google Software Updater (gusvc) (Stopped)
->Tjenesten Google Update (gupdate) (gupdate) (Stopped)
->getPlus(R) Helper (getPlus(R) Helper) (Stopped)
->System Event Notification (SENS) (Started)
->COM+-hændelsessystem (EventSystem) (Started)
->Tjenesten Fejlrapportering (ERSvc) (Started)
->Automatisk konfiguration af traditionelt netværk (Dot3svc) (Stopped)
->Tjenesten Extensible Authentication Protocol (EapHost) (Stopped)
->Logical Disk Manager Administrative Service (dmadmin) (Stopped)
->Logical Disk Manager (dmserver) (Started)
->Diskeeper (Diskeeper) (Started)
->CryptSvc (CryptSvc) (Started)
->COM+-systemprogram (COMSysApp) (Stopped)
->Indekseringstjeneste (CiSvc) (Stopped)
->Tjenesten Background Intelligent Transfer (BITS) (Started)
->Windows Audio (AudioSrv) (Started)
->Acronis Scheduler2 Service (AcrSch2Svc) (Started)
->Ac Profile Manager Service (AcPrfMgrSvc) (Started)

-= EOF =-
Avatar billede f-arn Guru
18. september 2010 - 13:39 #26
Det ser jo rigtigt ud. Kan den startes?

Prøv at opdatere og køre Malwarebytws. Kør en "Hurtig Skan"
og kopier loggen herind.

Har di geninstalleret "Panda Endpoint Protection" ?
Avatar billede daki Juniormester
18. september 2010 - 14:46 #27
Nej, Sikkerheds Center kan ikke startes i tjenester!
Ja, jeg har installeret Panda Endpoint Protection igen!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4645

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18-09-2010 14:45:14
mbam-log-2010-09-18 (14-45-14).txt

Skanningstype: Hurtig skanning
Objekter skannet: 164788
Tid gået: 12 minut(ter), 45 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede f-arn Guru
18. september 2010 - 15:34 #28
1. Hent dette lille værktøj: (Hvis du har slettet det)

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
*wscsvc*
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters


3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede daki Juniormester
18. september 2010 - 16:55 #29
SystemLook 04.09.10 by jpshortstuff
Log created at 16:50 on 18/09/2010 by DAHE
Administrator - Elevation successful

========== filefind ==========

Searching for "*wscsvc*"
C:\I386\WSCSVC.DL_    --a---- 34101 bytes    [14:00 27/08/2004]    [14:00 27/08/2004] 4CD6530CA6FE9DB19BA7444AEF67E438
C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll    -----c- 81408 bytes    [18:25 09/10/2008]    [14:00 27/08/2004] A9F015585543612D9B88AB019DF0636F
C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll    ------- 80896 bytes    [16:05 14/04/2008]    [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1
C:\WINDOWS\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\wscsvc.dll    ------- 80896 bytes    [16:05 14/04/2008]    [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1
C:\WINDOWS\system32\wscsvc.dll    ------- 80896 bytes    [22:00 31/12/1979]    [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"


-= EOF =-
Avatar billede f-arn Guru
19. september 2010 - 13:01 #30
Vil du godt kopiere C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll op på dit Skrivebord som <første 3 bogstaver i dit efternavn>.DLL
Send denne fil til analyse hos:

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind.

Filernes størrelse er korrekt - men jeg undrer mig over dato og MD5 ved C:\WINDOWS\system32\wscsvc.dll
Avatar billede daki Juniormester
19. september 2010 - 13:54 #31
virusscan.jotti.org reslutat
Additional info
File size:  80896 bytes 
Filetype:  PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit 
MD5:  bc71bc51dd57e792851d31795f3edbf1 
SHA1:  e5787f9e1ad1653a0fa644a05c2740c8702972da 
Scanners
  2010-09-19 Found nothing  2010-09-19 Found nothing
  2010-09-19 Found nothing  2010-09-19 Found nothing
  2010-09-19 Found nothing  2010-09-18 Found nothing
  2010-09-18 Found nothing  2010-09-18 Found nothing
  2010-09-19 Found nothing  2010-09-18 Found nothing
  2010-09-18 Found nothing  2010-09-17 Found nothing
  2010-09-19 Found nothing  2010-09-19 Found nothing
  2010-09-19 Found nothing  2010-09-17 Found nothing
  2010-09-18 Found nothing  2010-09-18 Found nothing
  2010-09-19 Found nothing   

virustotal.com resultat:
Antivirus Version Last update Result
AhnLab-V3 2010.09.19.00 2010.09.18 -
AntiVir 8.2.4.58 2010.09.18 -
Antiy-AVL 2.0.3.7 2010.09.19 -
Authentium 5.2.0.5 2010.09.18 -
Avast 4.8.1351.0 2010.09.19 -
Avast5 5.0.594.0 2010.09.19 -
AVG 9.0.0.851 2010.09.19 -
BitDefender 7.2 2010.09.19 -
CAT-QuickHeal 11.00 2010.09.18 -
ClamAV 0.96.2.0-git 2010.09.18 -
Comodo 6128 2010.09.19 -
DrWeb 5.0.2.03300 2010.09.19 -
Emsisoft 5.0.0.37 2010.09.19 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7862 2010.09.17 -
F-Prot 4.6.1.107 2010.09.18 -
F-Secure 9.0.15370.0 2010.09.19 -
Fortinet 4.1.143.0 2010.09.19 -
GData 21 2010.09.19 -
Ikarus T3.1.1.88.0 2010.09.19 -
Jiangmin 13.0.900 2010.09.19 -
K7AntiVirus 9.63.2552 2010.09.18 -
Kaspersky 7.0.0.125 2010.09.19 -
McAfee 5.400.0.1158 2010.09.19 -
McAfee-GW-Edition 2010.1C 2010.09.18 -
Microsoft 1.6201 2010.09.19 -
NOD32 5460 2010.09.18 -
Norman 6.06.06 2010.09.19 -
nProtect 2010-09-19.01 2010.09.19 -
Panda 10.0.2.7 2010.09.18 -
PCTools 7.0.3.5 2010.09.19 -
Prevx 3.0 2010.09.19 -
Rising 22.65.05.00 2010.09.18 -
Sophos 4.57.0 2010.09.19 -
Sunbelt 6895 2010.09.19 -
SUPERAntiSpyware 4.40.0.1006 2010.09.19 -
Symantec 20101.1.1.7 2010.09.19 -
TheHacker 6.7.0.0.024 2010.09.19 -
TrendMicro 9.120.0.1004 2010.09.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.19 -
VBA32 3.12.14.0 2010.09.17 -
ViRobot 2010.9.18.4048 2010.09.19 -
VirusBuster 12.65.13.0 2010.09.18 -
MD5: bc71bc51dd57e792851d31795f3edbf1
SHA1: e5787f9e1ad1653a0fa644a05c2740c8702972da
SHA256: f83930f27662f49dbcdeb8aca1bb36ca0dedd31d744093bb48aa707767226b96
File size: 80896 bytes
Scan date: 2010-09-19 11:44:14 (UTC)
Avatar billede daki Juniormester
21. september 2010 - 09:43 #32
Her til morgen, da jeg startede pc'en gik den fuldstændig amok!!

'Windows Antivirus' + 'Windows Sikkerhedscenter' blev installeret, desuden kom der en masse genvejsikoner på skrivebordet til div. tvivlsomme sider.
Jeg begyndte at scanne med malwarebytes og efter ca. 1 time og fundet 18 inficerede filer gik den ned og jeg kan kun starte i fejlsikret, hvor jeg kører en ny scanning lige nu.
Jeg ligger en log fra Malwarebytes og HiJackThis når scanningen er færdig, jeg foretager også lige en scanning med CCleaner!!

Men alt tyder vel på, at en formatering er sidste udvej......
Avatar billede daki Juniormester
21. september 2010 - 14:45 #33
Hermed logs - malwarebytes er der 3 logs, 2 i fejlsikret og 1 i 'normal' !!!!

Log1 og Log2:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21-09-2010 10:26:14
mbam-log-2010-09-21 (10-26-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 290809
Time elapsed: 57 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaqqowpcwkbu (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Programmer\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\DAHE\Menuen Start\Programmer\Start\monmvr32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006424.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\pragmabbr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAc.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\pragmaserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\M9CVO9CT\5-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\PRAGMA263c.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Lokale indstillinger\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
----------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21-09-2010 12:17:59
mbam-log-2010-09-21 (12-17-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 290757
Time elapsed: 56 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006429.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006430.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006431.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006432.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar billede daki Juniormester
21. september 2010 - 14:47 #34
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4663

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21-09-2010 14:30:05
mbam-log-2010-09-21 (14-30-05).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 275440
Tid gået: 1 time(e), 50 minut(ter), 24 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 2
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Desværre ingen log fra Malwarebytes

----------

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:58, on 21-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Panda Security\WAC\PSCtrlC.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\Programmer\Java\jre6\bin\jucheck.exe
C:\Programmer\Panda Security\WaAgent\WASLPMNG\WapLpMng.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Java\jre6\bin\javaw.exe
C:\temp\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\userinit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 20059 bytes
Avatar billede f-arn Guru
22. september 2010 - 12:40 #35
Bliver den Panda overhovedet opdateret? Noget af det den har sluppet ind er temmelig gammelt.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede daki Juniormester
22. september 2010 - 21:16 #36
Ja - Panda opdateres automatisk, sidste gang 21-09-10 20:52 før det var det 21-09-10 09:42.
Har afinstalleret Panda, indtil der er styr på dette her :-)


ComboFix 10-09-21.03 - DAHE 22-09-2010  15:51:28.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2484 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mulige inficerede internetsteder -----

hxxp://dktnm:8530
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-22 til 2010-09-22  )))))))))))))))))))))))))))))))))))
.

2010-09-22 08:55 . 2010-09-22 08:55    --------    d-----w-    C:\_rpcs
2010-09-22 08:55 . 2008-07-08 13:09    32256    ----a-w-    c:\windows\system32\RC00C140.dll
2010-09-22 08:55 . 2008-07-08 13:09    1291363    ----a-w-    c:\windows\system32\RCAEE140.DLL
2010-09-22 08:55 . 2008-06-06 11:13    94208    ----a-w-    c:\windows\system32\RCPRINT.dll
2010-09-22 08:55 . 2008-07-08 13:09    27136    ----a-w-    c:\windows\system32\RCINST.DLL
2010-09-22 08:55 . 2008-06-19 17:18    1310720    ----a-w-    c:\windows\system32\MPC22dat.dll
2010-09-22 08:55 . 2008-06-03 13:52    221184    ----a-w-    c:\windows\system32\Rc4manNT.dll
2010-09-22 08:55 . 2008-04-23 15:58    192512    ----a-w-    c:\windows\system32\rdrvlog.dll
2010-09-22 08:55 . 2008-03-28 16:26    61440    ----a-w-    c:\windows\system32\MFRICRES.dll
2010-09-22 08:55 . 2007-06-13 16:42    268252    ----a-w-    c:\windows\system32\rpcsecl.dll
2010-09-22 08:55 . 2004-02-13 12:20    57344    ----a-w-    c:\windows\system32\rdrvinf.dll
2010-09-22 08:43 . 2008-05-30 12:59    22832    ----a-w-    c:\windows\system32\pfdnnt.exe
2010-09-21 14:04 . 2010-09-21 14:09    --------    d-----w-    c:\documents and settings\DAHE\ShareCalendar
2010-09-21 13:32 . 2010-09-21 13:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\Softalk
2010-09-21 13:19 . 2010-09-21 13:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Softalk
2010-09-21 12:55 . 2010-09-21 13:41    --------    d-----w-    c:\documents and settings\DAHE\ShareContacts
2010-09-21 12:35 . 2010-09-21 12:35    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Logitech
2010-09-21 06:13 . 2010-09-22 14:08    564800    ----a-w-    c:\windows\system32\drivers\ukknbd.sys
2010-09-21 06:13 . 2010-09-21 06:13    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-09-21 06:12 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\drivers\lbrtfdc.sys
2010-09-21 06:12 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-21 06:11 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\drivers\changer.sys
2010-09-21 06:11 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\dllcache\changer.sys
2010-09-17 06:37 . 2010-09-22 13:09    202988    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT
2010-09-16 15:25 . 2010-08-17 13:17    58880    ------w-    c:\windows\system32\dllcache\spoolsv.exe
2010-09-16 15:24 . 2010-06-18 17:47    293376    ------w-    c:\windows\system32\dllcache\winsrv.dll
2010-09-16 15:23 . 2010-04-16 15:38    406016    ------w-    c:\windows\system32\dllcache\usp10.dll
2010-09-16 14:24 . 2010-09-16 14:24    --------    d-----w-    c:\programmer\ESET
2010-09-15 16:04 . 2010-09-15 16:04    --------    d-----w-    c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-17 06:36    --------    d-----w-    c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-21 14:15    --------    d-----w-    c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32    --------    d-----w-    c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49    301624    ----a-w-    c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20    96256    ----a-w-    c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00    16896    ----a-w-    c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-21 12:07    --------    d-----w-    c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06    --------    d-sh--w-    c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55    --------    d-sh--w-    c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41    --------    d-----w-    C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45    --------    d-----w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46    --------    d-----w-    c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 13:38 . 2010-06-25 12:43    1796432    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-22 13:21 . 2010-09-22 13:21    0    ---ha-w-    c:\windows\ravtc.tmp
2010-09-22 13:09 . 2010-09-17 06:37    202988    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-22 12:53 . 2010-09-17 06:37    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-22 12:53 . 2010-09-17 06:37    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG
2010-09-21 10:38 . 2010-09-21 10:38    45056    ----a-w-    c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-1b6e1613-n\jniwrap.dll
2010-09-17 07:25 . 2008-10-22 10:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-17 06:56 . 2008-11-11 10:51    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-09-17 06:55 . 2009-11-15 14:28    152576    ----a-w-    c:\documents and settings\DAHE\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-09-16 11:02 . 2008-11-11 19:18    --------    d-----w-    c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37    --------    d-----w-    c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46    --------    d-----w-    c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28    --------    d-----w-    c:\programmer\Multimedia Center for Think Offerings
2010-09-14 17:44 . 2010-09-14 17:44    112    ----a-w-    c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 07:01 . 2008-10-13 05:55    --------    d-----w-    c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12    --------    d-----w-    c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44    1324    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47    --------    d-----w-    c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00    550382    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00    113816    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27    --------    d-----w-    c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13    --------    d-----w-    c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22    --------    d-----w-    c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29    --------    d-----w-    c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09    0    ----a-w-    c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14    --------    d-----w-    c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42    24304    ----a-w-    c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39    4442    ----a-w-    c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39    196608    ------w-    c:\windows\PWMBTHLP.EXE
2010-08-21 10:50 . 2010-08-21 10:50    --------    d-----w-    c:\programmer\Lexmark
2010-08-18 06:44 . 2010-08-18 06:44    --------    d-----w-    c:\programmer\HPDesignjet30-130PrinterSeries
2010-08-17 13:17 . 1979-12-31 22:00    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-13 09:18 . 2009-03-16 21:31    --------    d-----w-    c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19    --------    d-----w-    c:\programmer\SolarWinds
2010-07-22 15:46 . 1979-12-31 22:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2010-07-21 21:19 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 1979-12-31 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2009-04-16 07:15 . 2009-04-16 07:15    16496    --sha-w-    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-17 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03    49152    ----a-w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42    72208    ----a-w-    c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41    100104    ----a-w-    c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 ygaojcb;ygaojcb;c:\windows\system32\drivers\wumfa.sys --> c:\windows\system32\drivers\wumfa.sys [?]
S1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS --> c:\windows\system32\Drivers\APPFLT.SYS [?]
S1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS --> c:\windows\system32\Drivers\DSAFLT.SYS [?]
S1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS --> c:\windows\system32\Drivers\fnetmon.SYS [?]
S1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS --> c:\windows\system32\Drivers\IDSFLT.SYS [?]
S1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS --> c:\windows\system32\Drivers\NETFLTDI.SYS [?]
S1 nsfim;Network Shared Files Information Manager Plugin;\??\c:\windows\system32\Drivers\NSFIM.SYS --> c:\windows\system32\Drivers\NSFIM.SYS [?]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8651.sys --> c:\windows\system32\DRIVERS\amm8651.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 PavAt3Scheduler;Panda Endpoint Scheduler;"c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe" --> c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [?]
S2 PavWASLpMng;Panda Endpoint Local Process Manager;"c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe" --> c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [?]
S2 PskSvc;Panda Kernel Service;"c:\programmer\Panda Security\WAC\psksvc.exe" --> c:\programmer\Panda Security\WAC\psksvc.exe [?]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe --> c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [?]
S2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe --> c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys --> c:\windows\System32\DRIVERS\ASPI32.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - ukknbd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ukknbd]

.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3844)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\programmer\Java\jre6\bin\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-22  16:17:44 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-22 14:17

Pre-Kørsel: 17.475.428.352 byte ledig
Post-Kørsel: 17.703.067.648 byte ledig

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 83F5FE3BF5150976A4ACDA3FB101A130
Avatar billede f-arn Guru
22. september 2010 - 22:40 #37
Det er en helt anden slags infektiom du har her, så måske er din Panda ikke det rette. Hvor gammel er den?

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\RC00C140.dll
c:\windows\system32\RCAEE140.DLL
RootKit::
c:\windows\system32\drivers\ukknbd.sys
Dirlook::
C:\_rpcs
Driver::
ukknbd


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede daki Juniormester
23. september 2010 - 09:06 #38
Computeren er min gamle arbejdsmakine som jeg har købt af firmaet, en del af aftalen er at jeg kunne beholde Panda indtil denne ophører juli 2011.
Når jeg har skulle scanne med ComboFix, er Panda blevet afinstalleret og efterfølgende er installationsfilen hentet fra vores administrationsdel hos Panda Security - burde være
sidste nye version....

Overvejer kraftigt, at fjerne alle Lenovo programmerne, det kan vel ikke skade?


ComboFix 10-09-22.05 - DAHE 23-09-2010  8:22.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.1982 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UKKNBD
-------\Service_ukknbd


(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-23 til 2010-09-23  )))))))))))))))))))))))))))))))))))
.

2010-09-22 08:55 . 2010-09-22 08:55    --------    d-----w-    C:\_rpcs
2010-09-22 08:55 . 2008-07-08 13:09    32256    ----a-w-    c:\windows\system32\RC00C140.dll
2010-09-22 08:55 . 2008-07-08 13:09    1291363    ----a-w-    c:\windows\system32\RCAEE140.DLL
2010-09-22 08:55 . 2008-06-06 11:13    94208    ----a-w-    c:\windows\system32\RCPRINT.dll
2010-09-22 08:55 . 2008-07-08 13:09    27136    ----a-w-    c:\windows\system32\RCINST.DLL
2010-09-22 08:55 . 2008-06-19 17:18    1310720    ----a-w-    c:\windows\system32\MPC22dat.dll
2010-09-22 08:55 . 2008-06-03 13:52    221184    ----a-w-    c:\windows\system32\Rc4manNT.dll
2010-09-22 08:55 . 2008-04-23 15:58    192512    ----a-w-    c:\windows\system32\rdrvlog.dll
2010-09-22 08:55 . 2008-03-28 16:26    61440    ----a-w-    c:\windows\system32\MFRICRES.dll
2010-09-22 08:55 . 2007-06-13 16:42    268252    ----a-w-    c:\windows\system32\rpcsecl.dll
2010-09-22 08:55 . 2004-02-13 12:20    57344    ----a-w-    c:\windows\system32\rdrvinf.dll
2010-09-22 08:43 . 2008-05-30 12:59    22832    ----a-w-    c:\windows\system32\pfdnnt.exe
2010-09-21 14:04 . 2010-09-21 14:09    --------    d-----w-    c:\documents and settings\DAHE\ShareCalendar
2010-09-21 13:32 . 2010-09-21 13:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\Softalk
2010-09-21 13:19 . 2010-09-21 13:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Softalk
2010-09-21 12:55 . 2010-09-21 13:41    --------    d-----w-    c:\documents and settings\DAHE\ShareContacts
2010-09-21 12:35 . 2010-09-21 12:35    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Logitech
2010-09-21 06:13 . 2010-09-21 06:13    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-09-21 06:12 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\drivers\lbrtfdc.sys
2010-09-21 06:12 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-21 06:11 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\drivers\changer.sys
2010-09-21 06:11 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\dllcache\changer.sys
2010-09-17 06:37 . 2010-09-22 13:09    202988    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT
2010-09-16 15:25 . 2010-08-17 13:17    58880    ------w-    c:\windows\system32\dllcache\spoolsv.exe
2010-09-16 15:24 . 2010-06-18 17:47    293376    ------w-    c:\windows\system32\dllcache\winsrv.dll
2010-09-16 15:23 . 2010-04-16 15:38    406016    ------w-    c:\windows\system32\dllcache\usp10.dll
2010-09-16 14:24 . 2010-09-16 14:24    --------    d-----w-    c:\programmer\ESET
2010-09-15 16:04 . 2010-09-15 16:04    --------    d-----w-    c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-17 06:36    --------    d-----w-    c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-21 14:15    --------    d-----w-    c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32    --------    d-----w-    c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49    301624    ----a-w-    c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20    96256    ----a-w-    c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00    16896    ----a-w-    c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-21 12:07    --------    d-----w-    c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06    --------    d-sh--w-    c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55    --------    d-sh--w-    c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41    --------    d-----w-    C:\Program Data
2010-09-04 18:00 . 2010-09-05 11:04    --------    d-----w-    c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46    --------    d-----w-    c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 13:21 . 2010-09-22 13:21    0    ---ha-w-    c:\windows\ravtc.tmp
2010-09-22 13:09 . 2010-09-17 06:37    202988    ----a-w-    c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-22 12:53 . 2010-09-17 06:37    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-22 12:53 . 2010-09-17 06:37    1132    ----a-w-    c:\windows\system32\drivers\APPFLTR.CFG
2010-09-17 07:25 . 2008-10-22 10:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-17 06:56 . 2008-11-11 10:51    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-09-16 11:02 . 2008-11-11 19:18    --------    d-----w-    c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37    --------    d-----w-    c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46    --------    d-----w-    c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28    --------    d-----w-    c:\programmer\Multimedia Center for Think Offerings
2010-09-14 17:44 . 2010-09-14 17:44    112    ----a-w-    c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 07:01 . 2008-10-13 05:55    --------    d-----w-    c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12    --------    d-----w-    c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44    1324    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47    --------    d-----w-    c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00    550382    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00    113816    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27    --------    d-----w-    c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13    --------    d-----w-    c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22    --------    d-----w-    c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12    --------    d-----w-    c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29    --------    d-----w-    c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09    0    ----a-w-    c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14    --------    d-----w-    c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42    24304    ----a-w-    c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39    4442    ----a-w-    c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39    196608    ------w-    c:\windows\PWMBTHLP.EXE
2010-08-21 10:50 . 2010-08-21 10:50    --------    d-----w-    c:\programmer\Lexmark
2010-08-18 06:44 . 2010-08-18 06:44    --------    d-----w-    c:\programmer\HPDesignjet30-130PrinterSeries
2010-08-17 13:17 . 1979-12-31 22:00    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-13 09:18 . 2009-03-16 21:31    --------    d-----w-    c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19    --------    d-----w-    c:\programmer\SolarWinds
2010-07-22 15:46 . 1979-12-31 22:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2010-07-21 21:19 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 1979-12-31 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2009-04-16 07:15 . 2009-04-16 07:15    16496    --sha-w-    c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\RC00C140.dll ---
Company: RICOH CO., LTD.
File Description: RPCS Printer Driver
File Version: 7.8.9
Product Name: RC00C140
Copyright: Copyright(C) 1999-2008 RICOH CO., LTD.
Original Filename:
File size: 32256
Created time: 2010-09-22 08:55
Modified time: 2008-07-08 13:09
MD5: 2E6A7F9242654E8FE6CA0F491A14BD9F
SHA1: 0B7C3BDA8DE167E0DE78A6F1E7108B8C7F28571F


--- c:\windows\system32\RCAEE140.DLL ---
Company: RICOH CO., LTD.
File Description: RICOH RPCS Printer Driver
File Version: 7.8.9
Product Name: RICOH RPCS Printer Driver
Copyright: Copyright(C) 1999-2008 RICOH CO., LTD.
Original Filename: RCAEE140.DLL
File size: 1291363
Created time: 2010-09-22 08:55
Modified time: 2008-07-08 13:09
MD5: 9774BA651F17D8D306CB27E61E7C6604
SHA1: 1F58F1290D2D88A3F10FA2EC768B02E0C954C035

---- Directory of C:\_rpcs ----

2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE197.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE196.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE195.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE193.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE194.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE191.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE192.rsr
2010-09-22 08:55 . 2010-09-22 08:55    1611    ----a-w-    c:\_rpcs\RCAEE190.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2451    ----a-w-    c:\_rpcs\RCAEE186.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2587    ----a-w-    c:\_rpcs\RCAEE185.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2451    ----a-w-    c:\_rpcs\RCAEE182.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2587    ----a-w-    c:\_rpcs\RCAEE183.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2451    ----a-w-    c:\_rpcs\RCAEE184.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2451    ----a-w-    c:\_rpcs\RCAEE181.rsr
2010-09-22 08:55 . 2010-09-22 08:55    2451    ----a-w-    c:\_rpcs\RCAEE180.rsr
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE197.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE194.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE195.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE196.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE193.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE190.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE191.rsq
2010-09-22 08:55 . 2010-09-22 11:01    1628    ----a-w-    c:\_rpcs\RCAEE192.rsq
2010-09-22 08:55 . 2010-09-22 11:01    2339    ----a-w-    c:\_rpcs\RCAEE186.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2373    ----a-w-    c:\_rpcs\RCAEE182.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2520    ----a-w-    c:\_rpcs\RCAEE185.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2536    ----a-w-    c:\_rpcs\RCAEE183.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2372    ----a-w-    c:\_rpcs\RCAEE184.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2289    ----a-w-    c:\_rpcs\RCAEE180.rsd
2010-09-22 08:55 . 2010-09-22 11:01    2346    ----a-w-    c:\_rpcs\RCAEE181.rsd
2010-09-22 08:55 . 2010-09-22 08:55    0    ----a-w-    c:\_rpcs\RC00C171.ini
2010-09-22 08:55 . 2010-09-22 11:01    7125    ----a-w-    c:\_rpcs\RCAEE170.ini
2010-09-22 08:55 . 2010-09-22 08:55    57    ----a-w-    c:\_rpcs\RC00C170.ini


(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-17 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03    49152    ----a-w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42    72208    ----a-w-    c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41    100104    ----a-w-    c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 ygaojcb;ygaojcb;c:\windows\system32\drivers\wumfa.sys --> c:\windows\system32\drivers\wumfa.sys [?]
S1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS --> c:\windows\system32\Drivers\APPFLT.SYS [?]
S1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS --> c:\windows\system32\Drivers\DSAFLT.SYS [?]
S1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS --> c:\windows\system32\Drivers\fnetmon.SYS [?]
S1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS --> c:\windows\system32\Drivers\IDSFLT.SYS [?]
S1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS --> c:\windows\system32\Drivers\NETFLTDI.SYS [?]
S1 nsfim;Network Shared Files Information Manager Plugin;\??\c:\windows\system32\Drivers\NSFIM.SYS --> c:\windows\system32\Drivers\NSFIM.SYS [?]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8651.sys --> c:\windows\system32\DRIVERS\amm8651.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 PavAt3Scheduler;Panda Endpoint Scheduler;"c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe" --> c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [?]
S2 PavWASLpMng;Panda Endpoint Local Process Manager;"c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe" --> c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [?]
S2 PskSvc;Panda Kernel Service;"c:\programmer\Panda Security\WAC\psksvc.exe" --> c:\programmer\Panda Security\WAC\psksvc.exe [?]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe --> c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [?]
S2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe --> c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys --> c:\windows\System32\DRIVERS\ASPI32.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-23 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 08:39
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(5308)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\Microsoft ActiveSync\WCESMgr.exe
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\NOTEPAD.EXE
c:\programmer\Java\jre6\bin\jucheck.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-23  08:54:30 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-23 06:54
ComboFix2.txt  2010-09-22 14:17

Pre-Kørsel: 17.691.389.952 byte ledig
Post-Kørsel: 17.582.690.304 byte ledig

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 28D0B6F74BAF14D11044C5FEAE0C6244
Avatar billede f-arn Guru
23. september 2010 - 11:21 #39
Klik her: http://www.gmer.net/download.php
og download installationsprogrammet for Gmer til skrivebordet, og klik derefter på filen for at køre Gmer.

Hvis den i indledende scanning lokaliserer poster vist i rødt eller angiver "skjult" eller "rootkit", stop der, og klik på Kopiér knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier indholdet og post det her

Hvis ikke, så klik på Scan, før scanning, skal du sørge for alle andre programmer er lukket, og ingen andre aktioner såsom en planlagt antivirus scanning vil ske samtidig med denne scanning. Brug heller ikke computeren under scanningen.
Du skal også huske at fjerne flueben i andre drev end dit C drev, IAT/EAT og Show All. 
Når scanningen er færdig, klik på Kopier knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier oplysninger og post det her
Avatar billede daki Juniormester
23. september 2010 - 11:51 #40
Dette kom under opstart Rootkit/Malware.....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-23 11:42:12
Windows 5.1.2600 Service Pack 3
Running: fyhjyhwd.exe; Driver: C:\DOCUME~1\DAHE\LOKALE~1\Temp\pwldipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                  tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Avatar billede f-arn Guru
23. september 2010 - 15:11 #41
Dette kom under opstart Rootkit/Malware.....

Hvad mener du?
Der står da ikke noget om Rootkit/Malware.....
Avatar billede daki Juniormester
23. september 2010 - 15:27 #42
Der er en fane som hedder Rootkit/Malware, hvor disse 3 linier står!
Til højre er der en række flueben - System + sections +IAT/EAT + Devices + Modules + Processes + Threads + Libraries + Services + Registry + Files + C:\ + ADS, Show all er der ikke noget i og kan heller ikke sættes.
Jeg kan vel bare vælge scan som du skriver, men navnet rootkit står der jo også bliver jeg lidt nervøs :-)
Avatar billede f-arn Guru
23. september 2010 - 15:48 #43
Prøv at køre GMER efter denne vejledning.

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=208&title=gmer-vejledning

Læg mærke til:

Hvis du bliver advaret om rootkit aktivitet og den spørger om du vil køre en fuld scanning, så svar "NO"

PS Da dine sikkerhedsprogammer kan konflikte med GMER er det vigtigt at du deaktiverer dem.
Avatar billede daki Juniormester
24. september 2010 - 09:29 #44
Nu har jeg prøvet at scanne 3 gange, hver gang går maskinen i blåskærm.
Jeg prøver lige en gang mere i eftermiddag!
Avatar billede daki Juniormester
24. september 2010 - 09:36 #45
Jeg tror har fundet ud af, hvor det sidste problem opstod. Har været inde på en lokal sportsforenings hjemmeside, og deres hostserver var blevet hacket...
Avatar billede f-arn Guru
24. september 2010 - 10:15 #46
Lad os prøve en anden.

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.
Avatar billede daki Juniormester
24. september 2010 - 11:33 #47
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB85E1000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 6598656 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xB8C93000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5767168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT-kerne og -system)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-flerbrugerdriver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB8480000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 1298432 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xA0E4D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB9B99000 tdrpm251.sys 897024 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0xA0ACF000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 876544 bytes
0xB9E17000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB11EF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 835584 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xA0D9A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA04D1000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB9D2B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9C74000 timntr.sys 565248 bytes (Acronis, Acronis Backup Archive Explorer)
0xB840F000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA0BE3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB10EB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA0D0E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA0209000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB109D000 C:\WINDOWS\system32\drivers\btaudio.sys 319488 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0378000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA0F3E000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xA0F89000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 196608 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xB1179000 C:\WINDOWS\system32\DRIVERS\neti1642.sys 196608 bytes (Panda Security, S.L., netimflt)
0xB1149000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver til NT)
0xA07B7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CFE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8C2C000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x9E480000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA0C53000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB8C57000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA0CC0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA0651000 C:\WINDOWS\system32\DRIVERS\afcdp.sys 155648 bytes (Acronis, File Level CDP Kernel Helper)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, I/O-driver til NT Disk Manager)
0xA0CE8000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9B74000 snapman.sys 151552 bytes (Acronis, Acronis Snapshot API)
0xB1079000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB85BD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB12BB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9FB06000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA0C9E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9B54000 Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xB9DF7000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, Diskdriver til FT)
0xA0BA5000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 122880 bytes (Broadcom Corporation., Bluetooth LAN Access Server Driver)
0xB11D1000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, Driver til PCMCIA-bus)
0xB9B3A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA0F72000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xA09DA000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 94208 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DB8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB11BA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0A19000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA09C4000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DCF000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x9F909000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB12DE000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver til parallel printerport)
0xB8C7F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0D67000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DE5000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver til Systemgendannelse)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-optælling)
0xB11A9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA258000 C:\WINDOWS\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xB9213000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB31B4000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB45BD000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver til seriel port)
0xB9253000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB22EB000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB31A4000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Filterdriver til Redbook-lyd)
0x9FC09000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB5A13000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver til tjenesten Volume Snapshot)
0xB9263000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9273000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver til i8042-port)
0xB3194000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA0199000 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys 49152 bytes (Utimaco Safeware AG, SafeGuard® PrivateDisk Driver)
0xB3174000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9243000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Driver til FIPS Crypto)
0xB31C4000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB3184000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA268000 C:\WINDOWS\System32\Drivers\tcusb.sys 45056 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xB463D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB9283000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorenhedsdriver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-busdriver)
0xB22DB000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB3144000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB3164000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB461D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9E2B8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB45DD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB37CF000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xBA390000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Enhedsdriver til modem)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA410000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA480000 C:\WINDOWS\system32\DRIVERS\btwmodem.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB57B8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA478000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Klassedriver til tastatur)
0xBA458000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB292C000 C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3C0000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA348000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xB37D7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Klassedriver til mus)
0xBA378000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xBA408000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xB57A8000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3D0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA338000 DozeHDD.sys 20480 bytes (Lenovo., Doze Mode Kernel Driver for HDD control)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA368000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA370000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA360000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xBA3F0000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA3E8000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xB57C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9A61000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA0A93000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA03E5000 C:\WINDOWS\system32\drivers\ibmfilter.sys 16384 bytes (IBM, IBM Rescue and Recovery filter driver)
0xB296A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0xA0350000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9A35000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA0A11000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA0A0D000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB2972000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Driver til ACPI-integreret-controller)
0xB177D000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB99F1000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB44C9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB295E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9A09000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0xB9A4D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB2956000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB44C1000 C:\WINDOWS\system32\DRIVERS\sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
0xBA63C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB2327000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA60A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5DE000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xBA63A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA644000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA63E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA638000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA640000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60C000 C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0xBA642000 C:\WINDOWS\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0xB2325000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA622000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA73F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB137F000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA773000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6A2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, PCI IDE-standarddriver)
0xBA69C000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
==============================================
>Stealth
==============================================
0x034B0000 Hidden Image-->System.ServiceProcess.resources.dll [ EPROCESS 0x88BBEA78 ] PID: 1412, 53248 bytes
0x03860000 Hidden Image-->System.ServiceProcess.resources.dll [ EPROCESS 0x88A94750 ] PID: 3184, 53248 bytes
Avatar billede f-arn Guru
25. september 2010 - 13:08 #48
OK - det blev for selektivt. Vil du godt køre RootRepeal efter denne vejledning. http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=224&title=rootrepeal-vejledning

PS Får du også Script fejl når du åbner denne "Tråd"
Avatar billede daki Juniormester
25. september 2010 - 18:53 #49
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/09/25 18:34
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9F049000    Size: 876544    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D9E0000    Size: 49152    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RRbackups
Status: Locked to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df161c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df2059.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df234f.tmp
Status: Allocation size mismatch (API: 81920, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df348f.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4c17.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df502e.tmp
Status: Allocation size mismatch (API: 49152, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df596e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df6be1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df75be.tmp
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df929f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dfcb8c.tmp
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dffaba.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\hsperfdata_dahe\4956
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\hibernation.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\thisted[2].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\rss2[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\rss2[2].xml
Status: Visible to the Windows API, but not on disk.

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\939866f0-34dd-4ad8-8473-7d5ee2c79030
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\24ec9507-a7da-4514-a852-7a1f3dd651dc
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\615f6775-d8c3-4a0a-89dc-c05bdb9b368e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\771b4780-e8f3-4077-8a9d-6a8b84c47c99
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\896b0f3c-25cf-41e8-971c-63f937837823
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\90ae67a5-ada9-47e3-909b-11a586f0be02
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\9c730f16-f0af-45ca-86af-9ebfe116e4c7
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\a1262621-4096-40b4-a1f0-629546b822dd
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\f06fc735-8c62-4bc9-90ba-992a54a9c695
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\e1ea9328-3ed7-4bb6-b06f-0a83067951d5
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Keys
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\a3b8427744189984f9582d03d40d1eda_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Appl==EOF==



PS Jeg får også Script fejl når jeg åbner denne "Tråd"...
Avatar billede f-arn Guru
26. september 2010 - 11:22 #50
Er du sikke på du fik sat flueben i "alle" Jeg synes der mangler noget.

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

------

Hent MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe

Hvis Programmet finder en ukendt MBR, vil du få en række valgmuligheder.
Tryk N og derfter "ENTER" for at lukke Programmet.

Den vil lave en log på dit Skrivebord, "MBRCheck_mm.dd.yy_hh.mm.ss.txt"
Kopier denne log herind.

PS Du kan brokke dig over den Script fejl her:
http://www.eksperten.dk/spm/Eksperten/Fejl/
Avatar billede daki Juniormester
27. september 2010 - 09:16 #51
Jeg har 'brokket' mig over scriptfejlen!!

Scannede en ekstra gang med RootRepeal, derfor kommer der 3 logs...

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/09/27 08:25
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2B68000    Size: 876544    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0090000    Size: 49152    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RRbackups
Status: Locked to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df2109.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df3d2b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4229.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df44d4.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4515.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df6946.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df698c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df8d7e.tmp
Status: Allocation size mismatch (API: 212992, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dfcbfd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dff46f.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\hibernation.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\939866f0-34dd-4ad8-8473-7d5ee2c79030
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\24ec9507-a7da-4514-a852-7a1f3dd651dc
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\615f6775-d8c3-4a0a-89dc-c05bdb9b368e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\771b4780-e8f3-4077-8a9d-6a8b84c47c99
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\896b0f3c-25cf-41e8-971c-63f937837823
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\90ae67a5-ada9-47e3-909b-11a586f0be02
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\9c730f16-f0af-45ca-86af-9ebfe116e4c7
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\a1262621-4096-40b4-a1f0-629546b822dd
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\f06fc735-8c62-4bc9-90ba-992a54a9c695
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\e1ea9328-3ed7-4bb6-b06f-0a83067951d5
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Keys
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\a3b8427744189984f9582d03d40d1eda_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a55add43cb630a980b32f2881e67365_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!=
Avatar billede daki Juniormester
27. september 2010 - 09:18 #52
2010/09/27 08:58:13.0244    TDSS rootkit removing tool 2.4.2.1 Sep  7 2010 14:43:44
2010/09/27 08:58:13.0244    ================================================================================
2010/09/27 08:58:13.0244    SystemInfo:
2010/09/27 08:58:13.0244   
2010/09/27 08:58:13.0244    OS Version: 5.1.2600 ServicePack: 3.0
2010/09/27 08:58:13.0244    Product type: Workstation
2010/09/27 08:58:13.0244    ComputerName: TNMPC52
2010/09/27 08:58:13.0244    UserName: DAHE
2010/09/27 08:58:13.0244    Windows directory: C:\WINDOWS
2010/09/27 08:58:13.0244    System windows directory: C:\WINDOWS
2010/09/27 08:58:13.0244    Processor architecture: Intel x86
2010/09/27 08:58:13.0244    Number of processors: 2
2010/09/27 08:58:13.0244    Page size: 0x1000
2010/09/27 08:58:13.0244    Boot type: Normal boot
2010/09/27 08:58:13.0244    ================================================================================
2010/09/27 08:58:13.0525    Initialize success
2010/09/27 08:58:40.0048    ================================================================================
2010/09/27 08:58:40.0048    Scan started
2010/09/27 08:58:40.0048    Mode: Manual;
2010/09/27 08:58:40.0048    ================================================================================
2010/09/27 08:58:42.0231    abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/27 08:58:42.0294    ACPI            (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/27 08:58:42.0325    ACPIEC          (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/27 08:58:42.0403    ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/27 08:58:42.0450    adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/27 08:58:42.0528    AEAudioService  (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/27 08:58:42.0699    aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/27 08:58:42.0746    afcdp          (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2010/09/27 08:58:42.0808    AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/27 08:58:42.0871    agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/27 08:58:42.0886    agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/27 08:58:42.0933    Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/27 08:58:43.0089    aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/27 08:58:43.0120    aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/27 08:58:43.0151    AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/27 08:58:43.0214    alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/27 08:58:43.0276    amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/27 08:58:43.0338    amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/27 08:58:43.0479    ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/09/27 08:58:43.0557    Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/27 08:58:43.0588    asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/27 08:58:43.0603    asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/27 08:58:43.0619    asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/27 08:58:43.0697    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/27 08:58:43.0744    atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/27 08:58:43.0884    Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/27 08:58:44.0243    atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2010/09/27 08:58:44.0336    audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/27 08:58:44.0539    b57w2k          (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/27 08:58:44.0929    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/27 08:58:45.0132    BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/09/27 08:58:45.0568    btaudio        (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/27 08:58:45.0677    BTDriver        (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/27 08:58:45.0818    BTKRNL          (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/27 08:58:45.0927    BTWDNDIS        (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/27 08:58:46.0332    btwmodem        (3af5757648a196e2d5e6b9c8e9c5f62e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2010/09/27 08:58:46.0472    BTWUSB          (589400f357f6cb156a6f804035514da0) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/27 08:58:46.0597    cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/27 08:58:46.0722    cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/27 08:58:46.0878    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/27 08:58:47.0252    cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/27 08:58:47.0439    Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/27 08:58:47.0673    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/27 08:58:47.0985    Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/27 08:58:48.0141    Changer        (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2010/09/27 08:58:48.0344    CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/27 08:58:48.0702    CmdIde          (5f473210a23e33afafef3cf42b064d88) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/27 08:58:48.0874    Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/27 08:58:48.0983    Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/27 08:58:49.0217    CVPNDRVA        (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/09/27 08:58:49.0607    dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/27 08:58:49.0809    dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/27 08:58:49.0950    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/27 08:58:50.0059    DLABOIOM        (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/27 08:58:50.0184    DLACDBHM        (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/27 08:58:50.0215    DLADResN        (2da3a336878e93e198e514b7d5fa956f) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/27 08:58:50.0230    DLAIFS_M        (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/27 08:58:50.0262    DLAOPIOM        (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/27 08:58:50.0277    DLAPoolM        (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/27 08:58:50.0308    DLARTL_N        (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/27 08:58:50.0371    DLAUDFAM        (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/27 08:58:50.0386    DLAUDF_M        (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/27 08:58:50.0464    dmboot          (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/27 08:58:50.0620    dmio            (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/27 08:58:50.0636    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/27 08:58:50.0683    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/27 08:58:50.0761    DNE            (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/09/27 08:58:50.0807    DozeHDD        (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
2010/09/27 08:58:50.0838    dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/27 08:58:50.0885    drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/27 08:58:50.0901    DRVMCDB        (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/27 08:58:50.0963    DRVNDDM        (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/27 08:58:51.0166    E100B          (391242693d1d56ffad5782dd3a5de29f) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/27 08:58:51.0228    EGATHDRV        (938f1ec77ba35858248e584b2d2e9776) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2010/09/27 08:58:51.0353    Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/27 08:58:51.0431    Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/27 08:58:51.0509    Fips            (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/27 08:58:51.0603    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/27 08:58:51.0680    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/27 08:58:51.0790    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/27 08:58:51.0868    Ftdisk          (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/27 08:58:51.0946    Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/27 08:58:52.0070    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/27 08:58:52.0117    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/27 08:58:52.0211    hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/27 08:58:52.0273    HSFHWAZL        (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/27 08:58:52.0351    HSF_DPV        (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/27 08:58:52.0569    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/27 08:58:52.0632    i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/27 08:58:52.0694    i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/27 08:58:52.0756    i8042prt        (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/27 08:58:53.0209    ialm            (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/27 08:58:54.0331    iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/09/27 08:58:54.0518    ibmfilter      (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/09/27 08:58:54.0581    IBMPMDRV        (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/09/27 08:58:54.0628    IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2010/09/27 08:58:54.0674    Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/27 08:58:54.0721    ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/27 08:58:54.0783    IntelIde        (3bcdda95f24d21d4b050c9f0f531c88b) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/27 08:58:54.0924    intelppm        (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/27 08:58:54.0971    Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/27 08:58:55.0017    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/27 08:58:55.0080    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/27 08:58:55.0142    IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/27 08:58:55.0298    IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/27 08:58:55.0345    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/27 08:58:55.0423    isapnp          (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/27 08:58:55.0470    Iviaspi        (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/09/27 08:58:55.0501    Kbdclass        (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/27 08:58:55.0516    kbdhid          (530d40f58095397b6b8aa5a0fdd074a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/27 08:58:55.0563    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/27 08:58:55.0610    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/27 08:58:55.0766    lbrtfdc        (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010/09/27 08:58:55.0828    lenovo.smi      (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
2010/09/27 08:58:55.0891    LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/27 08:58:55.0937    LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/27 08:58:55.0984    LUsbFilt        (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/27 08:58:56.0046    mdmxsdk        (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/27 08:58:56.0187    mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/27 08:58:56.0234    Modem          (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/27 08:58:56.0296    Mouclass        (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/27 08:58:56.0358    mouhid          (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/27 08:58:56.0405    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/27 08:58:56.0452    mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/27 08:58:56.0561    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/27 08:58:56.0655    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/27 08:58:56.0701    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/27 08:58:56.0764    MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/27 08:58:56.0779    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/27 08:58:56.0904    MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/27 08:58:56.0966    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/27 08:58:57.0013    MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/27 08:58:57.0044    Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/27 08:58:57.0107    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/27 08:58:57.0169    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/27 08:58:57.0294    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/27 08:58:57.0372    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/27 08:58:57.0403    Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/27 08:58:57.0419    NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/27 08:58:57.0465    NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/27 08:58:57.0543    NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/27 08:58:57.0575    NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/27 08:58:57.0746    NETIMFLT01060042 (9eeb6df1f5ffd878a3a44874607eaaef) C:\WINDOWS\system32\DRIVERS\neti1642.sys
2010/09/27 08:58:58.0089    NETw5x32        (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/09/27 08:58:58.0541    NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/27 08:58:58.0604    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/27 08:58:58.0666    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/27 08:58:58.0869    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/27 08:58:58.0962    nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/27 08:58:59.0165    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/27 08:58:59.0212    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/27 08:58:59.0274    ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/27 08:58:59.0352    Parport        (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/27 08:58:59.0383    PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/27 08:58:59.0461    ParVdm          (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/27 08:58:59.0570    PCI            (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/27 08:58:59.0602    PCIIde          (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/27 08:58:59.0617    Pcmcia          (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/27 08:58:59.0726    pepifilter      (cec24da7f7dd1758e569019232f49def) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/09/27 08:58:59.0773    perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/27 08:58:59.0789    perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/27 08:58:59.0867    pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/09/27 08:58:59.0929    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/27 08:59:00.0023    PQNTDrv        (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/09/27 08:59:00.0210    PrivateDisk    (e580dd7d54415905bb0bab306b659fdf) C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
2010/09/27 08:59:00.0334    PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/09/27 08:59:00.0366    Processor      (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/27 08:59:00.0444    psadd          (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/09/27 08:59:00.0553    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/27 08:59:00.0568    Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/27 08:59:00.0615    PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/27 08:59:00.0662    ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/27 08:59:00.0771    Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/27 08:59:00.0818    ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/27 08:59:00.0833    ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/27 08:59:00.0865    ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/27 08:59:00.0943    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/27 08:59:01.0021    Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/27 08:59:01.0036    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/27 08:59:01.0052    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/27 08:59:01.0099    Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/27 08:59:01.0177    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/27 08:59:01.0270    rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/27 08:59:01.0301    RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/27 08:59:01.0410    redbook        (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/27 08:59:01.0551    s116bus        (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/09/27 08:59:01.0582    s116mdfl        (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/09/27 08:59:01.0660    s116mdm        (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/09/27 08:59:01.0691    s116mgmt        (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/09/27 08:59:01.0707    s116nd5        (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/09/27 08:59:01.0738    s116obex        (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/09/27 08:59:01.0753    s116unic        (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/09/27 08:59:01.0816    s24trans        (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/27 08:59:01.0925    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/27 08:59:01.0972    serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/27 08:59:02.0019    Serial          (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/27 08:59:02.0112    Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/27 08:59:02.0159    Shockprf        (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2010/09/27 08:59:02.0221    sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/27 08:59:02.0315    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/27 08:59:02.0393    Smapint        (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/09/27 08:59:02.0549    smihlp2        (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys
2010/09/27 08:59:02.0689    snapman        (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/09/27 08:59:02.0751    Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/27 08:59:02.0845    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/27 08:59:02.0923    sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/27 08:59:03.0048    sr              (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/27 08:59:03.0126    Srv            (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/27 08:59:03.0188    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/27 08:59:03.0282    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/27 08:59:03.0328    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/27 08:59:03.0406    symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/27 08:59:03.0500    symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/27 08:59:03.0515    sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/27 08:59:03.0531    sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/27 08:59:03.0656    SynTP          (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/27 08:59:03.0843    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/27 08:59:03.0905    Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/27 08:59:03.0999    TcUsb          (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/09/27 08:59:04.0030    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/27 08:59:04.0139    tdrpman251      (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2010/09/27 08:59:04.0326    TDSMAPI        (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/09/27 08:59:04.0357    TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/27 08:59:04.0389    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/27 08:59:04.0482    timounter      (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/09/27 08:59:04.0685    TosIde          (9b0edfa321a32202b0d0d94b853f0a78) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/27 08:59:04.0872    Tp4Track        (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2010/09/27 08:59:04.0919    TPDIGIMN        (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2010/09/27 08:59:04.0981    TPHKDRV        (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2010/09/27 08:59:05.0044    TPPWRIF        (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/09/27 08:59:05.0059    TSMAPIP        (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/09/27 08:59:05.0121    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/27 08:59:05.0262    ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/27 08:59:05.0340    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/27 08:59:05.0418    usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/27 08:59:05.0465    usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/27 08:59:05.0496    usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/27 08:59:05.0574    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/27 08:59:05.0636    usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/27 08:59:05.0652    USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/27 08:59:05.0698    usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/27 08:59:05.0761    usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/27 08:59:05.0808    VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/27 08:59:05.0839    viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/27 08:59:05.0901    ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/27 08:59:06.0026    VolSnap        (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/27 08:59:06.0088    vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/09/27 08:59:06.0213    w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/27 08:59:06.0400    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/27 08:59:06.0478    wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/09/27 08:59:06.0572    Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/27 08:59:06.0634    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/27 08:59:06.0759    winachsf        (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/27 08:59:06.0883    winusb          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2010/09/27 08:59:06.0946    WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/27 08:59:07.0008    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/27 08:59:07.0086    WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/27 08:59:07.0149    WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/27 08:59:07.0242    ================================================================================
2010/09/27 08:59:07.0242    Scan finished
2010/09/27 08:59:07.0242    ================================================================================


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows XP Professional
Windows Information:        Service Pack 3 (build 2600)
Logical Drives Mask:        0x01b1eb0d

Kernel Drivers (total 187):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xBA0A8000 isapnp.sys
  0xB9F68000 pci.sys
  0xBA4BC000 compbatt.sys
  0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB9F4A000 pcmcia.sys
  0xBA0B8000 MountMgr.sys
  0xB9F2B000 ftdisk.sys
  0xBA5AC000 dmload.sys
  0xB9F05000 dmio.sys
  0xBA330000 PartMgr.sys
  0xBA4C4000 ACPIEC.sys
  0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xBA0C8000 VolSnap.sys
  0xB9EED000 atapi.sys
  0xB9E17000 iaStor.sys
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9DF7000 fltmgr.sys
  0xB9DE5000 sr.sys
  0xB9DCF000 DRVMCDB.SYS
  0xBA0F8000 PxHelp20.sys
  0xB9DB8000 KSecDD.sys
  0xBA338000 DozeHDD.sys
  0xB9D2B000 Ntfs.sys
  0xB9CFE000 NDIS.sys
  0xB9C74000 timntr.sys
  0xB9B99000 tdrpm251.sys
  0xBA108000 ApsHM86.sys
  0xB9B74000 snapman.sys
  0xB9B54000 Apsx86.sys
  0xBA118000 ohci1394.sys
  0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB9B3A000 Mup.sys
  0xBA1D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB8A6E000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xB8A5A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB8A32000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB8A07000 \SystemRoot\system32\DRIVERS\b57xp32.sys
  0xB83BC000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
  0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB8398000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xBA1C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB825B000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xBA602000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xBA1E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
  0xB81EA000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
  0xB5C66000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB5829000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB9A15000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB339F000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB5C5E000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
  0xB9A11000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xB5C56000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
  0xB5819000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB5C4E000 \SystemRoot\system32\drivers\iviaspi.sys
  0xBA600000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0xB5809000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB57F9000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB337C000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB32B0000 \SystemRoot\system32\DRIVERS\btkrnl.sys
  0xB3292000 \SystemRoot\system32\DRIVERS\dne2000.sys
  0xB364C000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB57E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9A01000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB327B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB57D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB52B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB5C46000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB326A000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB52A1000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB4FA2000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB4F9A000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB323A000 \SystemRoot\system32\DRIVERS\neti1642.sys
  0xB320A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB5291000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB4F8A000 \SystemRoot\system32\DRIVERS\psadd.sys
  0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB31AC000 \SystemRoot\system32\DRIVERS\update.sys
  0xB99E9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB315E000 \SystemRoot\system32\drivers\btaudio.sys
  0xB313A000 \SystemRoot\system32\drivers\portcls.sys
  0xB5261000 \SystemRoot\system32\drivers\drmk.sys
  0xB5251000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA304A000 \SystemRoot\system32\drivers\ADIHdAud.sys
  0xA3033000 \SystemRoot\system32\drivers\AEAudio.sys
  0xA2FFF000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
  0xA2F0E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
  0xA2E5B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB3E6C000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB9A7D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xBA664000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA7AB000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA65C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB4F5A000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
  0xB39C9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB39C1000 \SystemRoot\System32\drivers\vga.sys
  0xBA65E000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA5B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB39B1000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB39A9000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB9A55000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xA2E28000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xA2DCF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xA2DA9000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA2D81000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB3E4C000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA2D5F000 \SystemRoot\System32\drivers\afd.sys
  0xB3E3C000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB3447000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xB3989000 \SystemRoot\System32\drivers\TSMAPIP.SYS
  0xB39A1000 \SystemRoot\System32\drivers\Tppwrif.sys
  0xB3981000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
  0xB3604000 \SystemRoot\System32\drivers\TDSMAPI.SYS
  0xB35FC000 \SystemRoot\System32\drivers\Smapint.sys
  0xA2D14000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xBA6ED000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
  0xA2CA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA5B2000 \SystemRoot\system32\DRIVERS\smiif32.sys
  0xBA5B4000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
  0xB3437000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB9A3D000 \SystemRoot\System32\drivers\ANC.SYS
  0xB3407000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB33F7000 \SystemRoot\System32\Drivers\btwusb.sys
  0xB33E7000 \SystemRoot\System32\Drivers\tcusb.sys
  0xB35F4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB35EC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB9177000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB33C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB3BBD000 \SystemRoot\system32\DRIVERS\sfloppy.sys
  0xB9173000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB916B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xB35E4000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0xB35DC000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0xA2C3E000 \SystemRoot\system32\DRIVERS\btwdndis.sys
  0xB35D4000 \SystemRoot\system32\DRIVERS\btwmodem.sys
  0xB35CC000 \SystemRoot\system32\DRIVERS\btport.sys
  0xA2B68000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB9A79000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA490000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xB3467000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB902E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0xB346D000 \SystemRoot\System32\DLA\DLADResN.SYS
  0xA2AB2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0xA2B34000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0xBA638000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0xBA63A000 \??\C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys
  0xBA440000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0xA2A73000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xA2A5D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA2AD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA2AC8000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xA2828000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xBA3A8000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
  0xA26C2000 \SystemRoot\system32\DRIVERS\afcdp.sys
  0xA256A000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
  0xBA64A000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
  0xA2411000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA2616000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
  0xA227A000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA225A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xBA5E4000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
  0xA212A000 \??\C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
  0xBA3F0000 \SystemRoot\System32\Drivers\TDTCP.SYS
  0xA1B9F000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA1B8A000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA2905000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA0015000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 104):
      0 System Idle Process
      4 System
    868 C:\WINDOWS\system32\smss.exe
    800 csrss.exe
    824 C:\WINDOWS\system32\winlogon.exe
    892 C:\WINDOWS\system32\services.exe
    904 C:\WINDOWS\system32\lsass.exe
    1116 C:\WINDOWS\system32\ibmpmsvc.exe
    1148 C:\WINDOWS\system32\svchost.exe
    1200 svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1484 C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
    1684 svchost.exe
    1860 svchost.exe
    460 C:\WINDOWS\system32\brsvc01a.exe
    488 C:\WINDOWS\system32\brss01a.exe
    492 C:\WINDOWS\system32\spoolsv.exe
    1804 svchost.exe
    1884 C:\Programmer\Lenovo\HOTKEY\TPHKSVC.exe
    1896 C:\WINDOWS\system32\IPSSVC.EXE
    1980 C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    2032 C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
    380 C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
    660 C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
    772 C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
    1252 C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
    1288 wmiprvse.exe
    1308 C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
    1360 C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
    1380 C:\Programmer\Intel\WiFi\bin\EvtEng.exe
    1504 PresentationFontCache.exe
    2120 C:\WINDOWS\system32\svchost.exe
    2156 C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
    2208 C:\Programmer\Java\jre6\bin\jqs.exe
    2272 C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
    2432 unsecapp.exe
    2712 C:\WINDOWS\system32\svchost.exe
    2736 C:\WINDOWS\system32\svchost.exe
    2820 C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
    2984 C:\WINDOWS\system32\svchost.exe
    3100 C:\Programmer\Lenovo\System Update\SUService.exe
    3156 C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
    3172 C:\WINDOWS\system32\TpKmpSvc.exe
    3240 ibmtcsd.exe
    3300 C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    3368 C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
    3420 C:\Programmer\RealVNC\VNC4\winvnc4.exe
    3460 C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3660 wmpnetwk.exe
    3712 C:\WINDOWS\system32\searchindexer.exe
    3928 C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
    1568 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    2424 C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3064 alg.exe
    4072 C:\WINDOWS\explorer.exe
    3792 C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    4088 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
    2352 C:\WINDOWS\system32\TpShocks.exe
    1640 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
    2320 C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
    2860 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    2460 C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
    2488 C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
    1264 C:\Programmer\Lenovo\ZOOM\TpScrex.exe
    2584 C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
    2376 C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
    3868 C:\WINDOWS\system32\rundll32.exe
    556 C:\WINDOWS\system32\igfxtray.exe
    780 C:\WINDOWS\system32\hkcmd.exe
    2532 C:\WINDOWS\system32\igfxpers.exe
    2856 C:\WINDOWS\system32\igfxsrvc.exe
    3392 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
    2368 C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
    3856 C:\Programmer\Lenovo\Message Center Plus\MCPLaunch.exe
    1428 C:\WINDOWS\system32\igfxext.exe
    4296 C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
    4332 C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
    4744 C:\Programmer\Brother\ControlCenter3\BrccMCtl.exe
    4804 C:\Programmer\Java\jre6\bin\jusched.exe
    4996 C:\Programmer\Microsoft ActiveSync\wcescomm.exe
    5020 C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    5268 C:\WINDOWS\system32\ctfmon.exe
    5296 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    5320 C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
    5560 C:\Programmer\Brother\Brmfcmon\BrMfcMon.exe
    5568 C:\Programmer\Digital Line Detect\DLG.exe
    5796 C:\Programmer\Logitech\SetPoint\SetPoint.exe
    6048 C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    1928 C:\Programmer\Windows Desktop Search\WindowsSearch.exe
    4256 C:\Programmer\OpenOffice.org 3\program\soffice.exe
    4252 C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
    2012 C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.exe
    4380 C:\Programmer\mltarc\StrJwSrv.exe
    4496 C:\Programmer\OpenOffice.org 3\program\soffice.bin
    4528 C:\Programmer\UltimateZip 2.7\uzqkst.exe
    4916 C:\Programmer\mltarc\jre\bin\javaw.exe
    4764 C:\Programmer\Internet Explorer\iexplore.exe
    2776 C:\Programmer\Java\jre6\bin\jucheck.exe
    5464 C:\Programmer\Java\jre6\bin\javaw.exe
    3496 C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
    3788 C:\Programmer\Internet Explorer\iexplore.exe
    7020 C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    4284 C:\Programmer\IBM\Client Access\Emulator\pcscm.exe
    7536 C:\Documents and Settings\DAHE\Skrivebord\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS541680J9SA00, Rev: SB2IC7UP

      Size  Device Name          MBR Status
  --------------------------------------------
    74 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 58AC720519FA3814561BECB05D306DFAD5A9E346


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
Avatar billede f-arn Guru
27. september 2010 - 16:40 #53
Vi venter til i morgen. Hvis der ikke er kommet styr på den fejl , vil jeg ha' spørgsmålet flyttet til Spywarefri.
Avatar billede f-arn Guru
27. september 2010 - 17:15 #54
Jeg har nu snakket med de andre på Spywarefri, og du flytter bare spørgsmålet hvis du har lyst.
http://www.spywarefri.dk/forum/ Almindelig rensning
http://www.spywarefri.dk/forum/viewforum/10/ Det er Almindelig rensning
Avatar billede f-arn Guru
28. september 2010 - 16:26 #55
Fortæl mig lige, hvilken type PC er det. Kom XP preinstalleret?
Jeg bryder mig mig ikke om det MBRCheck skriver.
Avatar billede daki Juniormester
28. september 2010 - 19:54 #56
Det er en Lenovo R60 med XP preinstalleret/recovery funktion via F11...
Spm. flyttet tl Spywarefri Forum.... http://www.spywarefri.dk/forum/viewthread/79166/

/Dan
Avatar billede daki Juniormester
15. oktober 2010 - 08:32 #57
Skal vi lukke spm., nogen som vil have points?
Avatar billede daki Juniormester
28. oktober 2010 - 09:03 #58
svar!!!!
Avatar billede daki Juniormester
28. november 2010 - 17:04 #59
Ingen som vil have points??
28. november 2010 - 17:17 #60
(Hvad endte 'sagen' med ?)
Avatar billede daki Juniormester
28. november 2010 - 17:22 #61
f-arn og jeg fortsatte fejlfindingen på spywarefri forum, og alt blev løst til UG. Dog kan er Sikkerrhedscenter ikke aktiveret.
28. november 2010 - 17:38 #62
(Acceptér selv dit [svar] i #58...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester