CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

daki Juniormester

13. september 2010 - 09:33 Der er 61 kommentarer og
1 løsning

Hjælp til rensning af bærbar

Jeg har et irriterende problem, engang imellem få jeg nogle pop-ups (reklame) pg ca. hvert 10. min. kommer der en fejlmeddelelse fra Windows om af programmet GD8fuH70.exe har fundet en fejl og afsluttes. Vi beklager ulejligheden.

Jeg har kørt CCLEANER, SPYBOT og HIJACKTHIS.

Vedhæfter log fra hijackthis, den 1. er fra da problemet opstod og den 2. er fra i dag.
Jeg har efter bedste evne prøvet at fjerne noget fra hijackthis, men har åbenbart ikke fået fjernet det hele.
Filen GD8fuH70.exe er slettet fra computeren.

/Dan

-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:13, on 07-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\TpShocks .exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR .exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK .exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Winamp\winampa .exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Synaptics\SynTP\SynTPLpr .exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Application Data\GD8fuH70.exe
C:\WINDOWS\Fonts\Q4wcU41Q8.com
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\temp\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm .exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://spil.tdc.dk/gratis/sudoku/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 23754 bytes
-----

-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:24, on 13-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR .exe
C:\Programmer\Lenovo\AwayTask\AwaySch .exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer .exe
C:\Programmer\Lenovo\VIRTSCRL\virtscrl .exe
C:\Programmer\Winamp\winampa .exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmer\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\All Users\Application Data\GD8fuH70.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\temp\hijackthis\HiJackThis.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 23561 bytes

Synes godt om

beguze Nybegynder

13. september 2010 - 09:48 #1

Hej daki. har ikke forstået om du har kørt en virus scan på din pc, og evt gjort det i F8 fejsikret tilstand.

Men det kunne lyde som om du er blevet ramt af noget skidt som ikke bare er til at fjerne.

Du kunne prøve med Combofix. Hent filen og kør install. Husk at du altid skal fortage backup af dine vigtige filer inden...
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Synes godt om

daki Juniormester

13. september 2010 - 10:32 #2

Nej - diverse scanninger er ikke foretaget i fejlsikret tilstand, men filen GD8fuH70.exe blev fjernet i fejlsikret tilstand.
Skal jeg kører alle scanninger incl. combofix i fejlsikret?

Synes godt om

beguze Nybegynder

13. september 2010 - 10:42 #3

Du skal køre virus scan i F8 tilstand fejlsikret. Combofix kan køre i normal tilstand, husk at deaktivere andre virus programer fordi de kan blokere for Combofix, evt hel afinstallere dem og derefter installere dem igen.

Synes godt om

daki Juniormester

13. september 2010 - 14:19 #4

Log fra ComboFix, som er kørt i fejlsikret, har ikke fået virus scannet i fejlsikret.
GD8fuH70.exe kommer stadigvæk med fejl.

-----
ComboFix 10-09-12.03 - DAHE 13-09-2010 12:01:54.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3062.2744 [GMT 2:00]
Kører fra: c:\temp\hijackthis\ComboFix.exe
AV: Panda Endpoint Protection *On-access scanning disabled* (Outdated) {3503ACDE-020C-4FD4-BD8E-D011C03E7677}
FW: Panda Endpoint Protection Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\GD8fuH70.exe
c:\documents and settings\DAHE\GoToAssistDownloadHelper.exe
C:\Install.exe
c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe
c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe
c:\programmer\Analog Devices\Core\smax4pnp.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programmer\Hp\HP Software Update\HPWuSchd2.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
c:\programmer\IBM\Client Access\cwbsvstr.exe
c:\programmer\Java\jre6\bin\jusched.exe
c:\programmer\Labtec\Webcam\ISStart.exe
c:\programmer\Labtec\Webcam\LogiTray.exe
c:\programmer\Lenovo\AwayTask\AwaySch.EXE
c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe
c:\programmer\Messenger\msmsgs.exe
c:\programmer\Microsoft ActiveSync\wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm .exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe
c:\programmer\Panda Security\WAC\PSCtrlC.exe
c:\programmer\Picasa2\PicasaMediaDetector.exe
c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
c:\programmer\Spybot - Search & Destroy\TeaTimer.exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
c:\programmer\Winamp\winampa.exe
c:\programmer\Windows Media Player\WMPNSCFG.exe
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\Tasks\At1.job

[code] <pre>
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe ---^> c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe ---^> c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe ---^> c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe
c:\programmer\Analog Devices\Core\smax4pnp .exe ---^> c:\programmer\Analog Devices\Core\smax4pnp.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe ---^> c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe ---^> c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe ---^> c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe ---^> c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe ---^> c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---^> c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe ---^> c:\programmer\Hp\HP Software Update\HPWuSchd2.exe
c:\programmer\IBM\Client Access\cwbsvstr .exe ---^> c:\programmer\IBM\Client Access\cwbsvstr.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe ---^> c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe ---^> c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
c:\programmer\Java\jre6\bin\jusched .exe ---^> c:\programmer\Java\jre6\bin\jusched.exe
c:\programmer\Labtec\Webcam\ISStart .exe ---^> c:\programmer\Labtec\Webcam\ISStart.exe
c:\programmer\Labtec\Webcam\LogiTray .exe ---^> c:\programmer\Labtec\Webcam\LogiTray.exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe ---^> c:\programmer\Lenovo\AwayTask\AwaySch.exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe ---^> c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe
c:\programmer\Messenger\msmsgs .exe ---^> c:\programmer\Messenger\msmsgs.exe
c:\programmer\Microsoft ActiveSync\wcescomm .exe ---^> c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe ---^> c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe
c:\programmer\Panda Security\WAC\PSCtrlC .exe ---^> c:\programmer\Panda Security\WAC\PSCtrlC.exe
c:\programmer\Picasa2\PicasaMediaDetector .exe ---^> c:\programmer\Picasa2\PicasaMediaDetector.exe
c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe ---^> c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe ---^> c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
c:\programmer\Winamp\winampa .exe ---^> c:\programmer\Winamp\winampa.exe
c:\programmer\Windows Media Player\WMPNSCFG .exe ---^> c:\programmer\Windows Media Player\WMPNSCFG.exe
</pre> [/code]
.
Inficeret kopi af c:\windows\system32\drivers\netbt.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-08-13 til 2010-09-13 )))))))))))))))))))))))))))))))))))
.

2010-09-13 09:37 . 2010-09-13 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-13 10:11 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-13 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32 -------- d-----w- c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00 16896 ----a-w- c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-13 09:47 -------- d-----w- c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41 -------- d-----w- C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46 -------- d-----w- c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50 -------- d-----w- c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51 -------- d-----w- c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-08-19 06:06 -------- d-----w- C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44 -------- d-----w- c:\programmer\HPDesignjet30-130PrinterSeries

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 10:42 . 2010-09-07 06:28 112 ----a-w- c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-13 10:42 . 2010-09-13 10:42 71170 ----a-w- c:\documents and settings\All Users\Application Data\GD8fuH70.exe
2010-09-13 10:39 . 2008-11-11 19:18 -------- d-----w- c:\programmer\Winamp
2010-09-13 10:39 . 2008-10-09 17:37 -------- d-----w- c:\programmer\Picasa2
2010-09-13 10:37 . 2008-11-07 18:46 -------- d-----w- c:\programmer\Microsoft ActiveSync
2010-09-13 10:25 . 2009-01-06 13:36 204960 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-13 10:25 . 2009-01-06 13:36 204960 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-09-13 10:15 . 2009-01-06 13:36 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-13 10:15 . 2009-01-06 13:36 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-09-13 09:32 . 2010-06-25 12:43 1796432 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-13 06:10 . 2010-05-31 09:47 -------- d-----w- c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00 550382 ----a-w- c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00 113816 ----a-w- c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27 -------- d-----w- c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13 -------- d-----w- c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22 -------- d-----w- c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12 -------- d-----w- c:\programmer\CCleaner
2010-09-08 06:12 . 2008-10-10 18:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-09-07 06:22 . 2009-12-11 10:19 35332 ----a-w- c:\windows\system32\TpShocks.exe
2010-09-05 10:46 . 2009-07-06 06:29 -------- d-----w- c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09 0 ----a-w- c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14 -------- d-----w- c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42 24304 ----a-w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31 -------- d-----w- c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 07:15 . 2008-10-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 06:34 . 2010-08-12 06:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-03 08:34 . 2009-12-02 09:13 55368 ----a-w- c:\windows\system32\drivers\nsfim.sys
2010-08-02 13:19 . 2010-08-02 13:19 -------- d-----w- c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 22:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1979-12-31 22:00 80384 ------w- c:\windows\system32\iccvid.dll
2009-04-16 07:15 . 2009-04-16 07:15 16496 --sha-w- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe
c:\programmer\Analog Devices\Core\smax4pnp .exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe
c:\programmer\IBM\Client Access\cwbsvstr .exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Labtec\Webcam\ISStart .exe
c:\programmer\Labtec\Webcam\LogiTray .exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe
c:\programmer\Lenovo\HOTKEY\TPOSDSVC .exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe
c:\programmer\Malwarebytes' Anti-Malware\mbam .exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe
c:\windows\system32\tp4ex .exe
c:\windows\system32\TpShocks .exe
</pre>[/code]

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 35336]
"AlcoholAutomount"="c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-09-13 35336]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2010-09-13 35336]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-06-03 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2010-09-07 35332]
"TP4EX"="tp4ex.exe" [N/A]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [N/A]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [N/A]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2010-09-13 35336]
"AwaySch"="c:\programmer\Lenovo\AwayTask\AwaySch.EXE" [2010-09-13 35336]
"cssauth"="c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2010-09-13 35336]
"PDService.exe"="c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2010-09-13 35336]
"Picasa Media Detector"="c:\programmer\Picasa2\PicasaMediaDetector.exe" [2010-09-13 35336]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"Client Access Service"="c:\programmer\IBM\Client Access\cwbsvstr.exe" [2010-09-13 35336]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [N/A]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2010-09-13 35336]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2010-09-13 35336]
"LogitechVideoRepair"="c:\programmer\Labtec\Webcam\ISStart.exe" [2010-09-13 35336]
"LogitechVideoTray"="c:\programmer\Labtec\Webcam\LogiTray.exe" [2010-09-13 35336]
"Panda Software Controller Client"="c:\programmer\Panda Security\WAC\PSCtrlC.exe" [2010-09-13 35336]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2010-09-13 35336]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2010-09-13 35336]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"TrueImageMonitor.exe"="c:\programmer\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"WinampAgent"="c:\programmer\Winamp\winampa.exe" [2010-09-13 35336]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2010-09-13 35336]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-13 35336]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-13 35336]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-13 35336]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2010-09-13 35336]
"Ulead Calendar Checker"="c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2010-09-13 35336]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2010-09-13 35336]
"LenovoAutoScrollUtility"="c:\programmer\Lenovo\VIRTSCRL\virtscrl.exe" [2010-09-13 35336]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03 49152 ----a-w- c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41 100104 ----a-w- c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
c:\programmer\Microsoft ActiveSync\wcescomm .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe"= c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [06-01-2009 15:18 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [06-01-2009 15:18 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [06-01-2009 15:18 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [06-01-2009 15:18 193800]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [06-01-2009 15:18 159112]
R1 NSFIM;Network Shared Files Information Manager Plugin;c:\windows\system32\drivers\nsfim.sys [02-12-2009 11:13 55368]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [13-07-2010 09:11 59080]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 PavAt3Scheduler;Panda EndPoint Scheduler;c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [17-09-2009 10:51 140544]
R2 PavWASLpMng;Panda Endpoint Local Process Manager;c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [17-09-2009 16:48 295680]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 PskSvc;Panda Kernel Service;c:\programmer\Panda Security\WAC\psksvc.exe [31-03-2010 10:17 27904]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [31-12-2009 14:03 320768]
R2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [17-09-2009 16:48 206080]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 yhmtid;yhmtid;c:\windows\system32\drivers\ldjil.sys --> c:\windows\system32\drivers\ldjil.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-07 c:\windows\Tasks\At100.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At101.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At102.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At103.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At104.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At105.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At106.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At107.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At108.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At109.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At110.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At111.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At112.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At113.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At114.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At115.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At116.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At117.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At118.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At119.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At120.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At121.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At122.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At123.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At124.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At125.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At126.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At127.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At128.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At129.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At130.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At131.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At132.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At133.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At134.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At135.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At136.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At137.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At138.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At139.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At140.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At141.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At142.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At143.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At144.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At145.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At146.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At147.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At148.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At149.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At150.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At151.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At152.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At153.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At154.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At155.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At156.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At157.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At158.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At159.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At160.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At161.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At162.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At163.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At164.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At165.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At166.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At167.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At168.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At169.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At170.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At171.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At172.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At173.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At174.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At175.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At176.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At177.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At178.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At179.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At180.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At181.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At182.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At183.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At184.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At185.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At186.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At187.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At188.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At189.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At190.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At191.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At192.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At193.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At194.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At195.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At196.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At197.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At198.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At199.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At200.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At201.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At202.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At203.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At204.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At205.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At206.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At207.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At208.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At209.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At210.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At211.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At212.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At213.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At214.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At215.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At216.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At217.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At218.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At219.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At220.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At221.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At222.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At223.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At224.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At225.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At226.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At227.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At228.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At229.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At230.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At231.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At232.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At233.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At234.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At235.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At236.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At237.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At238.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At239.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At240.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At241.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At242.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At243.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At244.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At245.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At246.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At247.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At248.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At249.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At25.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At250.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At251.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At252.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At253.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At254.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At255.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At256.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At257.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At258.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At259.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At26.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At260.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At261.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At262.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At263.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At264.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At265.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At266.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At267.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At268.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At269.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At27.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At270.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At271.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At272.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At273.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At274.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At275.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At276.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At277.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At278.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At279.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At28.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At280.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At281.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At282.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At283.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At284.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At285.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At286.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At287.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At288.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At289.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At29.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At290.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At291.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At292.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At293.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At294.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At295.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At296.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At297.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At298.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At299.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At30.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At300.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At301.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At302.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At303.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At304.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At305.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At306.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At307.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At308.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At309.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At31.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At310.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At311.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At312.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At313.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At314.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At315.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At316.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At317.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At318.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At319.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At32.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At320.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At321.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At322.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At323.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At324.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At325.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At326.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At327.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At328.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At329.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At33.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At330.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At331.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At332.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At333.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At334.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At335.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At336.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At337.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At338.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At339.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At34.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At340.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At341.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At342.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At343.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At344.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At345.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At346.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At347.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At348.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At349.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At35.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At350.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At351.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At352.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At353.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At354.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At355.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At356.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At357.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At358.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At359.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At36.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At360.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At361.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At362.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At363.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At364.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At365.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At366.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At367.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At368.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At369.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At37.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At370.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At371.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At372.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At373.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At374.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At375.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At376.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At377.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At378.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At379.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At38.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At380.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-0

Synes godt om

daki Juniormester

13. september 2010 - 14:24 #5

Lige resten af loggen :-)

2010-09-12 c:\windows\Tasks\At380.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At381.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At382.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At383.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At384.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At385.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At386.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At387.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At388.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At389.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At39.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At390.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At391.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At392.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At393.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At394.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At395.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At396.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At397.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At398.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At399.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At40.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At400.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At401.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At402.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At403.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At404.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At405.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At406.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At407.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At408.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At409.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At41.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At410.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At411.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At412.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At413.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At414.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At415.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At416.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At417.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At418.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At419.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At42.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At420.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At421.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At422.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At423.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At424.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At425.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At426.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At427.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At428.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At429.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At43.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At430.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At431.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At432.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At433.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At434.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At435.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At436.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At437.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At438.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At439.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At44.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At440.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At441.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At442.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At443.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At444.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At445.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At446.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At447.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At448.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At449.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At45.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At450.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At451.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At452.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At453.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At454.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At455.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At456.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At457.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At458.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At459.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At46.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At460.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At461.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At462.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At463.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At464.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At465.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At466.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At467.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At468.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At469.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At47.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At470.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At471.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At472.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At473.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At474.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At475.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At476.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At477.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At478.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At479.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At48.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At480.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At481.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At482.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At483.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At484.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At485.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At486.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At487.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At488.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At489.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At49.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At490.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At491.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At492.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At493.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At494.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At495.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At496.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At497.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At498.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At499.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At50.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At500.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At501.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At502.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At503.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At504.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At505.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At506.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At507.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At508.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At509.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At51.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At510.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At511.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At512.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At513.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At514.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At515.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At516.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At517.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At518.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At519.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At52.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At520.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At521.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At522.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At523.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At524.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At525.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At526.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At527.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At528.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At53.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At54.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At55.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At56.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At57.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At58.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At59.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At60.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At61.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At62.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At63.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At64.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At65.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At66.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At67.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At68.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At69.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At70.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At71.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At72.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At73.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At74.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At75.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At76.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At77.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At78.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At79.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At80.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At81.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At82.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At83.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\At84.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At85.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At86.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At87.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At88.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At89.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At90.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At91.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-12 c:\windows\Tasks\At92.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At93.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At94.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At95.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-08 c:\windows\Tasks\At96.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-07 c:\windows\Tasks\At97.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-10 c:\windows\Tasks\At98.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-11 c:\windows\Tasks\At99.job
- c:\documents and settings\All Users\Application Data\GD8fuH70.exe [2010-09-13 10:42]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{340844B3-DA8F-4B80-9205-2C99B89CDA14}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{E6639A72-C60C-40AB-A0CA-094B80DD34B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/dk/da
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmer\Panda Security\WAC\pavlsp.dll
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
AddRemove-InstallShield_{82366F64-4503-4D47-8D30-AEF8BCF25B6E} - c:\program files\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1508)
c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3844)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Panda Security\WAC\pavFnSvr.exe
c:\programmer\Panda Security\WAC\pavsrvx86.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Panda Security\WAC\PsCtrlS.exe
c:\programmer\Panda Security\WAC\PSHost.exe
c:\programmer\Panda Security\WAC\PSIMSVC.EXE
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\LVComS.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\TpShocks .exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\Panda Security\WAC\AVENGINE.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\programmer\Internet Explorer\IEXPLORE.EXE
c:\programmer\Internet Explorer\IEXPLORE.EXE
c:\programmer\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Gennemført tid: 2010-09-13 12:58:57 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-13 10:58

Pre-Kørsel: 14.324.355.072 byte ledig
Post-Kørsel: 11.153.711.104 byte ledig

- - End Of File - - 94AB6C7FC448810410A505DB41937769

Synes godt om

Computer Hjælp (Gratis) Mester

13. september 2010 - 22:33 #6

Under alle omstændigheder så skal du SLETTE alle disse
c:\windows\Tasks\*.job
Ellers kommer den bare igen ~528 gang i døgnet *S* ...

---

Du har da også en million elementer i din opstart - en del ganske unødvendige...

---

ComboFix ser lidt 'underlig' ud...

Kør også denne ->
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Synes godt om

f-arn Guru

14. september 2010 - 02:40 #7

Vi må vel gå udfra <beguze> ved hvordan en Combofix log skal behandles. Ellers var den vel ikke indkaldt!

Synes godt om

daki Juniormester

14. september 2010 - 08:31 #8

Alle opgaver slettet i tasks!
Malewarebytes samt ccleaner afviklet engang til!
Ny hijackthis log.

-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:46, on 14-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
c:\programmer\lenovo\system update\suservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\IBM\Client Access\cwbsvstr.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
C:\Programmer\Picasa2\PicasaMediaDetector .exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor .exe
C:\Programmer\Panda Security\WAC\PSCtrlC .exe
C:\Programmer\Lenovo\AwayTask\AwaySch .exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
C:\Programmer\Labtec\Webcam\LogiTray .exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\Programmer\Analog Devices\Core\smax4pnp .exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\Winamp\winampa .exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Hp\HP Software Update\HPWuSchd2 .exe
C:\Programmer\Java\jre6\bin\jusched .exe
C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Lenovo\VIRTSCRL\virtscrl .exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Java\jre6\bin\jucheck.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Java\jre6\bin\javaw.exe
C:\temp\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Labtec\Webcam\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Labtec\Webcam\LogiTray.exe
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda EndPoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 22439 bytes

Synes godt om

beguze Nybegynder

15. september 2010 - 12:27 #9

Hej igen. Din combofix har fjernet en masse skidt fra din pc, samt rydet op i fejramte filer. dog ikke i dinGD8fuH70.exe som ikke findes længere, og som jeg ikke kan finde nogen relation til.

Denne exe fil har muligvis tilknytning til et program og jeg ville tro det kunne være til motherbord eller grafikkortet fra ABIT.
Kommer denne fejl frem når du starter windows op i starten. eller kommer den frem når klikker på et program, for så skal di installere programerne igen.

Synes godt om

f-arn Guru

15. september 2010 - 12:41 #10

Flyt lige den Combofix ud på Skrivebordet.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\drivers\ldjil.sys
Filelook::
c:\windows\system32\drivers\nsfim.sys
Driver::
yhmtid
Renv::
c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmer\Alcohol Soft\Alcohol 120\axcmd .exe
c:\programmer\Analog Devices\Core\smax4pnp .exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Fælles filer\InstallShield\UpdateService\issch .exe
c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy .exe
c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor .exe
c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmer\Hp\HP Software Update\HPWuSchd2 .exe
c:\programmer\IBM\Client Access\cwbsvstr .exe
c:\programmer\IBM ThinkVantage\Client Security Solution\cssauth .exe
c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Labtec\Webcam\ISStart .exe
c:\programmer\Labtec\Webcam\LogiTray .exe
c:\programmer\Lenovo\AwayTask\AwaySch .exe
c:\programmer\Lenovo\HOTKEY\TPOSDSVC .exe
c:\programmer\Lenovo\VIRTSCRL\virtscrl .exe
c:\programmer\Malwarebytes' Anti-Malware\mbam .exe
c:\programmer\Microsoft Office\Office12\GrooveMonitor .exe
c:\windows\system32\tp4ex .exe
c:\windows\system32\TpShocks .exe

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

daki Juniormester

15. september 2010 - 17:20 #11

GD8fuH70.exe ser ud til at være fjernet!
Ny log fra Combofix:

ComboFix 10-09-12.03 - DAHE 15-09-2010 16:51:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3062.2317 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
"c:\windows\system32\drivers\ldjil.sys"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_yhmtid

((((((((((((((((((((((((((((( Filer skabt fra 2010-08-15 til 2010-09-15 )))))))))))))))))))))))))))))))))))
.

2010-09-14 20:23 . 2010-09-15 14:43 -------- d-----w- c:\programmer\Panda Security
2010-09-14 11:41 . 2010-09-14 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-13 14:39 . 2010-09-13 14:55 -------- d-----w- c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-14 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-13 10:11 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32 -------- d-----w- c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00 16896 ----a-w- c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-15 14:40 -------- d-----w- c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41 -------- d-----w- C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46 -------- d-----w- c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50 -------- d-----w- c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51 -------- d-----w- c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-08-19 06:06 -------- d-----w- C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44 -------- d-----w- c:\programmer\HPDesignjet30-130PrinterSeries

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 15:02 . 2010-06-25 12:43 1796432 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-15 14:51 . 2008-10-10 18:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46 -------- d-----w- c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28 -------- d-----w- c:\programmer\Multimedia Center for Think Offerings
2010-09-15 06:50 . 2008-11-11 19:18 -------- d-----w- c:\programmer\Winamp
2010-09-15 06:49 . 2008-10-09 17:37 -------- d-----w- c:\programmer\Picasa2
2010-09-14 19:33 . 2010-09-14 19:33 45056 ----a-w- c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
2010-09-14 17:44 . 2010-09-14 17:44 112 ----a-w- c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 11:43 . 2008-10-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 07:01 . 2008-10-13 05:55 -------- d-----w- c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12 -------- d-----w- c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47 -------- d-----w- c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00 550382 ----a-w- c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00 113816 ----a-w- c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27 -------- d-----w- c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13 -------- d-----w- c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22 -------- d-----w- c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12 -------- d-----w- c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29 -------- d-----w- c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09 0 ----a-w- c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14 -------- d-----w- c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42 24304 ----a-w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31 -------- d-----w- c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19 -------- d-----w- c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 05:52 . 2010-06-23 05:52 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb59.tmp.exe
2010-06-21 15:27 . 1979-12-31 22:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2009-04-16 07:15 . 2009-04-16 07:15 16496 --sha-w- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Picasa2\PicasaMediaDetector .exe
c:\programmer\Spybot - Search & Destroy\TeaTimer .exe
c:\programmer\Synaptics\SynTP\SynTPEnh .exe
c:\programmer\Synaptics\SynTP\SynTPLpr .exe
c:\programmer\ThinkPad\ConnectUtilities\ACTray .exe
c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon .exe
c:\programmer\ThinkPad\Utilities\EzEjMnAp .exe
c:\programmer\ThinkVantage\PrdCtr\LPMGR .exe
c:\programmer\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
c:\programmer\Winamp\winampa .exe
c:\programmer\Windows Media Player\WMPNSCFG .exe
</pre>[/code]

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-06-03 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03 49152 ----a-w- c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41 100104 ----a-w- c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-14 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 17:10
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1812)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(6132)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-15 17:13:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-15 15:13
ComboFix2.txt 2010-09-14 17:57
ComboFix3.txt 2010-09-13 10:58

Pre-Kørsel: 18.043.564.032 byte ledig
Post-Kørsel: 18.057.547.776 byte ledig

- - End Of File - - 38234CAA88611DF5F22B2B98D19B40CA

Synes godt om

f-arn Guru

16. september 2010 - 10:33 #12

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\dllcache\ac97intc.sys
c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
Renv::
c:\programmer\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedhlp .exe
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
c:\programmer\Picasa2\PicasaMediaDetector .exe
c:\programmer\Spybot - Search & Destroy\TeaTimer .exe
c:\programmer\Synaptics\SynTP\SynTPEnh .exe
c:\programmer\Synaptics\SynTP\SynTPLpr .exe
c:\programmer\ThinkPad\ConnectUtilities\ACTray .exe
c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon .exe
c:\programmer\ThinkPad\Utilities\EzEjMnAp .exe
c:\programmer\ThinkVantage\PrdCtr\LPMGR .exe
c:\programmer\ThinkVantage\PrdCtr\LPMLCHK .exe
c:\programmer\Ulead Systems\Ulead Photo Express 6\CalCheck .exe
c:\programmer\Winamp\winampa .exe
c:\programmer\Windows Media Player\WMPNSCFG .exe

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

daki Juniormester

16. september 2010 - 13:39 #13

Ny log fra Combofix!

ComboFix 10-09-15.01 - DAHE 16-09-2010 13:02:34.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3062.2337 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((( Filer skabt fra 2010-08-16 til 2010-09-16 )))))))))))))))))))))))))))))))))))
.

2010-09-15 16:04 . 2010-09-15 16:04 -------- d-----w- c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-15 14:43 -------- d-----w- c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-13 14:55 -------- d-----w- c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32 -------- d-----w- c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00 16896 ----a-w- c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-15 15:15 -------- d-----w- c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41 -------- d-----w- C:\Program Data
2010-09-04 18:00 . 2010-09-05 11:04 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46 -------- d-----w- c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8
2010-08-21 10:50 . 2010-08-21 10:50 -------- d-----w- c:\programmer\Lexmark
2010-08-19 17:51 . 2010-08-19 17:51 -------- d-----w- c:\documents and settings\DAHE\.oces2
2010-08-19 06:06 . 2010-09-15 16:13 -------- d-----w- C:\Dokumenter
2010-08-18 06:44 . 2010-08-18 06:44 -------- d-----w- c:\programmer\HPDesignjet30-130PrinterSeries

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 11:02 . 2008-11-11 19:18 -------- d-----w- c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37 -------- d-----w- c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46 -------- d-----w- c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28 -------- d-----w- c:\programmer\Multimedia Center for Think Offerings
2010-09-14 19:33 . 2010-09-14 19:33 45056 ----a-w- c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll
2010-09-14 17:44 . 2010-09-14 17:44 112 ----a-w- c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 11:43 . 2008-10-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 07:01 . 2008-10-13 05:55 -------- d-----w- c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12 -------- d-----w- c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47 -------- d-----w- c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00 550382 ----a-w- c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00 113816 ----a-w- c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27 -------- d-----w- c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13 -------- d-----w- c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22 -------- d-----w- c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12 -------- d-----w- c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29 -------- d-----w- c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09 0 ----a-w- c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14 -------- d-----w- c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42 24304 ----a-w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-08-13 09:18 . 2009-03-16 21:31 -------- d-----w- c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19 -------- d-----w- c:\programmer\SolarWinds
2010-06-30 12:32 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 22:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 05:52 . 2010-06-23 05:52 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb59.tmp.exe
2010-06-21 15:27 . 1979-12-31 22:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2009-04-16 07:15 . 2009-04-16 07:15 16496 --sha-w- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.
[code]<pre>
c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe
</pre>[/code]

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-3473d24d-n\jniwrap.dll ---
Company: TeamDev Ltd
File Description: JNIWrapper Native Library
File Version: 3.6
Product Name: JNIWrapper
Copyright: Copyright © 2001-2006, TeamDev Ltd
Original Filename: jniwrap.dll
File size: 45056
Created time: 2010-09-14 19:33
Modified time: 2010-09-14 19:33
MD5: E10A67677C00C0C4EF9593FFC9A8DD7C
SHA1: EE85E50E4B249504B2CE2020A99F9D43ED9EA2C0

--- c:\windows\system32\dllcache\ac97intc.sys ---
Company: Intel Corporation
File Description: Intel(r) Integrated Controller Hub Audio Driver
File Version: 5.10.3523 built by: WinDDK
Product Name: Intel(r) Integrated Controller Hub Audio Driver
Copyright: Copyright (C) Intel Corporation 1998-2001
Original Filename: ichaud.sys
File size: 96256
Created time: 2010-09-08 06:08
Modified time: 2001-08-17 18:20
MD5: 0F2D66D5F08EBE2F77BB904288DCF6F0
SHA1: 0E2676F868D3DD0E593F33F5DA7F766DE7462AC4

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03 49152 ----a-w- c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41 100104 ----a-w- c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [29-04-2009 20:08 16512]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1832)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3416)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-16 13:35:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-16 11:35
ComboFix2.txt 2010-09-14 17:57
ComboFix3.txt 2010-09-13 10:58

Pre-Kørsel: 18.416.091.136 byte ledig
Post-Kørsel: 18.452.451.328 byte ledig

- - End Of File - - 5AEC97C8B78045DBDD5C740F91AD81F7

Synes godt om

f-arn Guru

16. september 2010 - 14:53 #14

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
adobearm*

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Synes godt om

daki Juniormester

16. september 2010 - 15:19 #15

SystemLook 04.09.10 by jpshortstuff
Log created at 15:19 on 16/09/2010 by DAHE
Administrator - Elevation successful

========== filefind ==========

Searching for "adobearm*"
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe --a---- 976832 bytes [14:57 11/12/2009] [08:06 09/06/2010] 0B232C77D822983397674AEEC9AB59DC
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe -ra---- 976832 bytes [08:06 09/06/2010] [08:06 09/06/2010] 0B232C77D822983397674AEEC9AB59DC
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe.vir --a---- 35332 bytes [14:57 11/12/2009] [06:22 07/09/2010] C7EC8CC808964775E9341499E078B583
C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA70301B7449A0300000010\9.3.0\adobearm.exe -ra---- 948672 bytes [13:57 11/12/2009] [13:57 11/12/2009] 73BB442A717B9BB0097C243374C14A3E
C:\WINDOWS\Prefetch\ADOBEARM.EXE-25927BA6.pf --a---- 22436 bytes [09:17 15/02/2010] [11:28 16/09/2010] 7BC7480AC35B8283C00A1E2C49FD73CF

-= EOF =-

Synes godt om

f-arn Guru

16. september 2010 - 16:00 #16

Start Stifinder og find C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM .exe (Bemærk mellemrum mellem M og .exe)
Slet den.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste svar.

Synes godt om

daki Juniormester

16. september 2010 - 18:53 #17

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0ba99dc306c274486c3cce9c7b7c949
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-16 04:44:22
# local_time=2010-09-16 06:44:22 (+0100, Rom, sommertid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 297 297 0 0
# scanned=135397
# found=96
# cleaned=96
# scan_time=8115
C:\Qoobox\Quarantine\C\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Analog Devices\Core\smax4pnp.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Hp\HP Software Update\HPWuSchd2.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\IBM\Client Access\cwbsvstr.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Java\jre6\bin\jusched.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Labtec\Webcam\ISStart.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Labtec\Webcam\LogiTray.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Lenovo\AwayTask\AwaySch.EXE.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Lenovo\VIRTSCRL\virtscrl.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Messenger\msmsgs.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft ActiveSync\Wcescomm.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Microsoft Office\Office12\GrooveMonitor.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Panda Security\WAC\PSCtrlC.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Picasa2\PicasaMediaDetector.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Spybot - Search & Destroy\TeaTimer.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Ulead Systems\Ulead Photo Express 6\CalCheck.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Winamp\winampa.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Programmer\Windows Media Player\WMPNSCFG.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe.vir Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000039.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000087.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000088.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000089.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000090.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000091.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000092.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000093.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000094.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000095.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000096.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000097.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000098.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000099.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000100.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000101.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000102.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000103.EXE Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000104.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000105.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000106.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000107.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000108.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000109.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000110.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000111.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP1\A0000112.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000351.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000352.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000353.EXE Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000354.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000355.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000357.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000358.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000359.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000360.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000361.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000362.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000363.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000364.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000365.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000366.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000367.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000368.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000369.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000370.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000371.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000372.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000373.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000500.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP2\A0000501.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\temp\Downloads\Hirens\UBCD4WinV350.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Synes godt om

f-arn Guru

16. september 2010 - 20:21 #18

Fint - bortset fra Ultimate Boot Disk lå det hele, enten i Combofix karantæne, eller i Systemgendannelsen.

------

Tast <Windows> + <R> samtidig og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

Klik Start -> Kør -> kopier dette ind control sysdm.cpl,,4
Klik OK

Slå System Gendannelse fra.
Klik OK.

Genstart.

Klik Start -> Kør -> kopier dette ind control sysdm.cpl,,4
Klik OK
Slå System Gendannelse til.
Klik OK.

------

hent Security Check af screen317
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Start den og følg instruktionerne.
Kopier loggen herind.

Synes godt om

daki Juniormester

16. september 2010 - 20:58 #19

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 12
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.4 - Dansk
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Synes godt om

f-arn Guru

16. september 2010 - 21:53 #20

Er der nogen speciel grund til at Windows Sikkerheds Center ikke kører?

Hvis du ønsker at starte det:

Klik start -> kør og kopier dette ind services.msc
Klik OK
Find Sikkerheds Centeret -> højreklik på det -> Egenskaber -> Starttype Automatisk.
Klik OK
Genstart.

------

Din Java skal opdateres.
Hent en opdateret her: http://www.java.com/en/download/index.jsp
I Kontrolpanelet under Tilføj/Fjern Programmer finder du "Java(TM) 6 Update 12" og afinstallerer den.

Hvordan kører PCen nu?

PS Fik du slettet AdobeARM .exe?

Synes godt om

daki Juniormester

17. september 2010 - 08:43 #21

AdobeARM .exe blev slettet.

Hvorfor Widows Sikkerheds Center ikke kører, ved jeg ikke - jeg har ihvertfald ikke deaktriveret det med vilje. :-)
Var sat automatisk start, mern ikke startet - 'Tjenesten Sikkerhedscenter på Lokal computer startede og stoppede derefter. Nogle tjenester stopper automatisk, hvis de ikke udfører nogle opgaver, dette gælder f.eks. tjenesten ydelseslogger og -beskeder'

Kan ikke forstå hvorfor java ikke er opdateret, plejer jeg at være meget opmærksom på.
Siger altid ja til opdateringer fra java.

PCen kører fint, der har ikke været nogen pop-ups længe heller ikke den kedelige besked fra GD8fuH70.exe

Synes godt om

f-arn Guru

17. september 2010 - 12:46 #22

[div]Hvorfor Widows Sikkerheds Center ikke kører, ved jeg ikke [div]
Start services.msc
Kontroller at "Windows Management Instrumentation" og "Remote Procedure Call (RPC)" kører.

Fik du opdateret Java?

Synes godt om

daki Juniormester

17. september 2010 - 14:36 #23

Ja, java er opdateret!

Kontroller at "Windows Management Instrumentation" og "Remote Procedure Call (RPC)" kører.
Det gørt de.

Synes godt om

f-arn Guru

17. september 2010 - 15:44 #24

1. Hent dette lille værktøj: (Hvis du har slettet det)

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:service
wscsvc
RpcSs
winmgmt
RPCSS

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Synes godt om

daki Juniormester

17. september 2010 - 19:41 #25

SystemLook 04.09.10 by jpshortstuff
Log created at 19:39 on 17/09/2010 by DAHE
Administrator - Elevation successful

========== service ==========

wscsvc
Sikkerhedscenter
"Overvåger sikkerhedsindstillinger og -konfigurationer på systemet."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->winmgmt
Dependant Services:
(none)

RpcSs
RPC (Remote Procedure Call )
"Slutpunktsafbildning og diverse andre RPC-tjenester."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost -k rpcss
Group: COM Infrastructure
SafeBoot: Minimal Network
Dependencies:
(none)
Dependant Services:
->Panda Host Service (PSHost) (Stopped)
->Panda Software Controller (Panda Software Controller) (Started)
->Panda Antivirus Service (PavSrv) (Started)
->Tjenesten Netværksadgang (xmlprov) (Stopped)
->Automatisk konfiguration af trådløse enheder (WZCSVC) (Started)
->Sikkerhedscenter (wscsvc) (Stopped)
->WMI-ydelseskort (WmiApSrv) (Started)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)
->Windows Management Instrumentation (winmgmt) (Started)
->Øjebliksbillede af diskenhed (VSS) (Stopped)
->Distributed Link Tracking Client (TrkWks) (Started)
->Telnet (TlntSvr) (Stopped)
->Windows Search (WSearch) (Started)
->Hurtigt brugerskift-kompatibilitet (FastUserSwitchingCompatibility) (Stopped)
->Terminal Services (TermService) (Started)
->Remote Access Auto Connection Manager (RasAuto) (Stopped)
->Remote Access Connection Manager (RasMan) (Started)
->Telekommunikation (TapiSrv) (Started)
->MS Software Shadow Copy Provider (SwPrv) (Stopped)
->Windows-billedscanning (stisvc) (Started)
->Tjenesten Systemgendannelse (srservice) (Started)
->Print Spooler (Spooler) (Started)
->Hardwaregenkendelse på brugergrænsefladen (ShellHWDetection) (Started)
->Opgavestyring (Schedule) (Started)
->DTC (Distributed Transaction Coordinator) (MSDTC) (Stopped)
->SAM (Security Accounts Manager) (SamSs) (Started)
->QoS RSVP (RSVP) (Stopped)
->Remote Registry (RemoteRegistry) (Started)
->Routing og Remote Access (RemoteAccess) (Stopped)
->Intel(R) PROSet/Wireless Registry Service (RegSrvc) (Started)
->Hjælp til Sessionsstyring til Fjernskrivebord (RDSessMgr) (Stopped)
->Beskyttet lager (ProtectedStorage) (Started)
->Power Manager DBC Service (Power Manager DBC Service) (Started)
->IPSEC Policy Agent (PolicyAgent) (Stopped)
->Flytbare lagermedier (NtmsSvc) (Stopped)
->Netværksforbindelser (Netman) (Started)
->Network Access Protection Agent (napagent) (Stopped)
->Windows Installer (MSIServer) (Stopped)
->Messenger (Messenger) (Stopped)
->Machine Debug Manager (MDM) (Started)
->IviRegMgr (IviRegMgr) (Started)
->IPS Core Service (IPSSVC) (Started)
->Tjenesten Tilstandsnøgle og certifikatadministration (hkmsvc) (Stopped)
->HID Input Service (HidServ) (Stopped)
->Hjælp og support (helpsvc) (Started)
->Google Software Updater (gusvc) (Stopped)
->Tjenesten Google Update (gupdate) (gupdate) (Stopped)
->getPlus(R) Helper (getPlus(R) Helper) (Stopped)
->System Event Notification (SENS) (Started)
->COM+-hændelsessystem (EventSystem) (Started)
->Tjenesten Fejlrapportering (ERSvc) (Started)
->Automatisk konfiguration af traditionelt netværk (Dot3svc) (Stopped)
->Tjenesten Extensible Authentication Protocol (EapHost) (Stopped)
->Logical Disk Manager Administrative Service (dmadmin) (Stopped)
->Logical Disk Manager (dmserver) (Started)
->Diskeeper (Diskeeper) (Started)
->CryptSvc (CryptSvc) (Started)
->COM+-systemprogram (COMSysApp) (Stopped)
->Indekseringstjeneste (CiSvc) (Stopped)
->Tjenesten Background Intelligent Transfer (BITS) (Started)
->Windows Audio (AudioSrv) (Started)
->Acronis Scheduler2 Service (AcrSch2Svc) (Started)
->Ac Profile Manager Service (AcPrfMgrSvc) (Started)

winmgmt
Windows Management Instrumentation
"Omfatter en fælles grænseflade og objektmodel, der giver adgang til oplysninger om administration af operativsystemer, enheder, programmer og tjenester. Hvis denne tjeneste stoppes, vil de fleste Windows-baserede programmer ikke fungere korrekt. Hvis denne tjeneste deaktiveres, vil alle tjenester, som er afhængige af den, ikke kunne starte."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot: Minimal Network
Dependencies:
->RPCSS
Dependant Services:
->Sikkerhedscenter (wscsvc) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)

RPCSS
RPC (Remote Procedure Call )
"Slutpunktsafbildning og diverse andre RPC-tjenester."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost -k rpcss
Group: COM Infrastructure
SafeBoot: Minimal Network
Dependencies:
(none)
Dependant Services:
->Panda Host Service (PSHost) (Stopped)
->Panda Software Controller (Panda Software Controller) (Started)
->Panda Antivirus Service (PavSrv) (Started)
->Tjenesten Netværksadgang (xmlprov) (Stopped)
->Automatisk konfiguration af trådløse enheder (WZCSVC) (Started)
->Sikkerhedscenter (wscsvc) (Stopped)
->WMI-ydelseskort (WmiApSrv) (Started)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->System Update (SUService) (Started)
->Windows Firewall/Deling af Internetforbindelse (SharedAccess) (Started)
->Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) (Started)
->Intel(R) PROSet/Wireless Event Log (EvtEng) (Started)
->Access Connections Main Service (AcSvc) (Started)
->Windows Management Instrumentation (winmgmt) (Started)
->Øjebliksbillede af diskenhed (VSS) (Stopped)
->Distributed Link Tracking Client (TrkWks) (Started)
->Telnet (TlntSvr) (Stopped)
->Windows Search (WSearch) (Started)
->Hurtigt brugerskift-kompatibilitet (FastUserSwitchingCompatibility) (Stopped)
->Terminal Services (TermService) (Started)
->Remote Access Auto Connection Manager (RasAuto) (Stopped)
->Remote Access Connection Manager (RasMan) (Started)
->Telekommunikation (TapiSrv) (Started)
->MS Software Shadow Copy Provider (SwPrv) (Stopped)
->Windows-billedscanning (stisvc) (Started)
->Tjenesten Systemgendannelse (srservice) (Started)
->Print Spooler (Spooler) (Started)
->Hardwaregenkendelse på brugergrænsefladen (ShellHWDetection) (Started)
->Opgavestyring (Schedule) (Started)
->DTC (Distributed Transaction Coordinator) (MSDTC) (Stopped)
->SAM (Security Accounts Manager) (SamSs) (Started)
->QoS RSVP (RSVP) (Stopped)
->Remote Registry (RemoteRegistry) (Started)
->Routing og Remote Access (RemoteAccess) (Stopped)
->Intel(R) PROSet/Wireless Registry Service (RegSrvc) (Started)
->Hjælp til Sessionsstyring til Fjernskrivebord (RDSessMgr) (Stopped)
->Beskyttet lager (ProtectedStorage) (Started)
->Power Manager DBC Service (Power Manager DBC Service) (Started)
->IPSEC Policy Agent (PolicyAgent) (Stopped)
->Flytbare lagermedier (NtmsSvc) (Stopped)
->Netværksforbindelser (Netman) (Started)
->Network Access Protection Agent (napagent) (Stopped)
->Windows Installer (MSIServer) (Stopped)
->Messenger (Messenger) (Stopped)
->Machine Debug Manager (MDM) (Started)
->IviRegMgr (IviRegMgr) (Started)
->IPS Core Service (IPSSVC) (Started)
->Tjenesten Tilstandsnøgle og certifikatadministration (hkmsvc) (Stopped)
->HID Input Service (HidServ) (Stopped)
->Hjælp og support (helpsvc) (Started)
->Google Software Updater (gusvc) (Stopped)
->Tjenesten Google Update (gupdate) (gupdate) (Stopped)
->getPlus(R) Helper (getPlus(R) Helper) (Stopped)
->System Event Notification (SENS) (Started)
->COM+-hændelsessystem (EventSystem) (Started)
->Tjenesten Fejlrapportering (ERSvc) (Started)
->Automatisk konfiguration af traditionelt netværk (Dot3svc) (Stopped)
->Tjenesten Extensible Authentication Protocol (EapHost) (Stopped)
->Logical Disk Manager Administrative Service (dmadmin) (Stopped)
->Logical Disk Manager (dmserver) (Started)
->Diskeeper (Diskeeper) (Started)
->CryptSvc (CryptSvc) (Started)
->COM+-systemprogram (COMSysApp) (Stopped)
->Indekseringstjeneste (CiSvc) (Stopped)
->Tjenesten Background Intelligent Transfer (BITS) (Started)
->Windows Audio (AudioSrv) (Started)
->Acronis Scheduler2 Service (AcrSch2Svc) (Started)
->Ac Profile Manager Service (AcPrfMgrSvc) (Started)

-= EOF =-

Synes godt om

f-arn Guru

18. september 2010 - 13:39 #26

Det ser jo rigtigt ud. Kan den startes?

Prøv at opdatere og køre Malwarebytws. Kør en "Hurtig Skan"
og kopier loggen herind.

Har di geninstalleret "Panda Endpoint Protection" ?

Synes godt om

daki Juniormester

18. september 2010 - 14:46 #27

Nej, Sikkerheds Center kan ikke startes i tjenester!
Ja, jeg har installeret Panda Endpoint Protection igen!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4645

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18-09-2010 14:45:14
mbam-log-2010-09-18 (14-45-14).txt

Skanningstype: Hurtig skanning
Objekter skannet: 164788
Tid gået: 12 minut(ter), 45 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

Synes godt om

f-arn Guru

18. september 2010 - 15:34 #28

1. Hent dette lille værktøj: (Hvis du har slettet det)

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
*wscsvc*
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Synes godt om

daki Juniormester

18. september 2010 - 16:55 #29

SystemLook 04.09.10 by jpshortstuff
Log created at 16:50 on 18/09/2010 by DAHE
Administrator - Elevation successful

========== filefind ==========

Searching for "*wscsvc*"
C:\I386\WSCSVC.DL_ --a---- 34101 bytes [14:00 27/08/2004] [14:00 27/08/2004] 4CD6530CA6FE9DB19BA7444AEF67E438
C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll -----c- 81408 bytes [18:25 09/10/2008] [14:00 27/08/2004] A9F015585543612D9B88AB019DF0636F
C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll ------- 80896 bytes [16:05 14/04/2008] [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1
C:\WINDOWS\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\wscsvc.dll ------- 80896 bytes [16:05 14/04/2008] [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1
C:\WINDOWS\system32\wscsvc.dll ------- 80896 bytes [22:00 31/12/1979] [16:05 14/04/2008] BC71BC51DD57E792851D31795F3EDBF1

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

-= EOF =-

Synes godt om

f-arn Guru

19. september 2010 - 13:01 #30

Vil du godt kopiere C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll op på dit Skrivebord som <første 3 bogstaver i dit efternavn>.DLL
Send denne fil til analyse hos:

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind.

Filernes størrelse er korrekt - men jeg undrer mig over dato og MD5 ved C:\WINDOWS\system32\wscsvc.dll

Synes godt om

daki Juniormester

19. september 2010 - 13:54 #31

virusscan.jotti.org reslutat
Additional info
File size: 80896 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: bc71bc51dd57e792851d31795f3edbf1
SHA1: e5787f9e1ad1653a0fa644a05c2740c8702972da
Scanners
2010-09-19 Found nothing 2010-09-19 Found nothing
2010-09-19 Found nothing 2010-09-19 Found nothing
2010-09-19 Found nothing 2010-09-18 Found nothing
2010-09-18 Found nothing 2010-09-18 Found nothing
2010-09-19 Found nothing 2010-09-18 Found nothing
2010-09-18 Found nothing 2010-09-17 Found nothing
2010-09-19 Found nothing 2010-09-19 Found nothing
2010-09-19 Found nothing 2010-09-17 Found nothing
2010-09-18 Found nothing 2010-09-18 Found nothing
2010-09-19 Found nothing

virustotal.com resultat:
Antivirus Version Last update Result
AhnLab-V3 2010.09.19.00 2010.09.18 -
AntiVir 8.2.4.58 2010.09.18 -
Antiy-AVL 2.0.3.7 2010.09.19 -
Authentium 5.2.0.5 2010.09.18 -
Avast 4.8.1351.0 2010.09.19 -
Avast5 5.0.594.0 2010.09.19 -
AVG 9.0.0.851 2010.09.19 -
BitDefender 7.2 2010.09.19 -
CAT-QuickHeal 11.00 2010.09.18 -
ClamAV 0.96.2.0-git 2010.09.18 -
Comodo 6128 2010.09.19 -
DrWeb 5.0.2.03300 2010.09.19 -
Emsisoft 5.0.0.37 2010.09.19 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7862 2010.09.17 -
F-Prot 4.6.1.107 2010.09.18 -
F-Secure 9.0.15370.0 2010.09.19 -
Fortinet 4.1.143.0 2010.09.19 -
GData 21 2010.09.19 -
Ikarus T3.1.1.88.0 2010.09.19 -
Jiangmin 13.0.900 2010.09.19 -
K7AntiVirus 9.63.2552 2010.09.18 -
Kaspersky 7.0.0.125 2010.09.19 -
McAfee 5.400.0.1158 2010.09.19 -
McAfee-GW-Edition 2010.1C 2010.09.18 -
Microsoft 1.6201 2010.09.19 -
NOD32 5460 2010.09.18 -
Norman 6.06.06 2010.09.19 -
nProtect 2010-09-19.01 2010.09.19 -
Panda 10.0.2.7 2010.09.18 -
PCTools 7.0.3.5 2010.09.19 -
Prevx 3.0 2010.09.19 -
Rising 22.65.05.00 2010.09.18 -
Sophos 4.57.0 2010.09.19 -
Sunbelt 6895 2010.09.19 -
SUPERAntiSpyware 4.40.0.1006 2010.09.19 -
Symantec 20101.1.1.7 2010.09.19 -
TheHacker 6.7.0.0.024 2010.09.19 -
TrendMicro 9.120.0.1004 2010.09.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.19 -
VBA32 3.12.14.0 2010.09.17 -
ViRobot 2010.9.18.4048 2010.09.19 -
VirusBuster 12.65.13.0 2010.09.18 -
MD5: bc71bc51dd57e792851d31795f3edbf1
SHA1: e5787f9e1ad1653a0fa644a05c2740c8702972da
SHA256: f83930f27662f49dbcdeb8aca1bb36ca0dedd31d744093bb48aa707767226b96
File size: 80896 bytes
Scan date: 2010-09-19 11:44:14 (UTC)

Synes godt om

daki Juniormester

21. september 2010 - 09:43 #32

Her til morgen, da jeg startede pc'en gik den fuldstændig amok!!

'Windows Antivirus' + 'Windows Sikkerhedscenter' blev installeret, desuden kom der en masse genvejsikoner på skrivebordet til div. tvivlsomme sider.
Jeg begyndte at scanne med malwarebytes og efter ca. 1 time og fundet 18 inficerede filer gik den ned og jeg kan kun starte i fejlsikret, hvor jeg kører en ny scanning lige nu.
Jeg ligger en log fra Malwarebytes og HiJackThis når scanningen er færdig, jeg foretager også lige en scanning med CCleaner!!

Men alt tyder vel på, at en formatering er sidste udvej......

Synes godt om

daki Juniormester

21. september 2010 - 14:45 #33

Hermed logs - malwarebytes er der 3 logs, 2 i fejlsikret og 1 i 'normal' !!!!

Log1 og Log2:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21-09-2010 10:26:14
mbam-log-2010-09-21 (10-26-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 290809
Time elapsed: 57 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaqqowpcwkbu (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Programmer\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\DAHE\Menuen Start\Programmer\Start\monmvr32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006424.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\pragmabbr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAc.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\pragmaserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\M9CVO9CT\5-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Menuen Start\Programmer\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAqqowpcwkbu\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\PRAGMA263c.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\DAHE\Lokale indstillinger\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
----------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21-09-2010 12:17:59
mbam-log-2010-09-21 (12-17-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 290757
Time elapsed: 56 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006429.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006430.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006431.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP6\A0006432.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Synes godt om

daki Juniormester

21. september 2010 - 14:47 #34

Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4663

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21-09-2010 14:30:05
mbam-log-2010-09-21 (14-30-05).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 275440
Tid gået: 1 time(e), 50 minut(ter), 24 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 2
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Desværre ingen log fra Malwarebytes

----------

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:58, on 21-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\WAC\pavFnSvr.exe
C:\Programmer\Panda Security\WAC\psksvc.exe
C:\Programmer\Panda Security\WAC\pavsrvx86.exe
C:\Programmer\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PsCtrlS.exe
C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Security\WAC\PSHost.exe
C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Panda Security\WAC\PSCtrlC.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\mltarc\StrJwSrv.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\mltarc\jre\bin\javaw.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\Programmer\Java\jre6\bin\jucheck.exe
C:\Programmer\Panda Security\WaAgent\WASLPMNG\WapLpMng.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Java\jre6\bin\javaw.exe
C:\temp\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\userinit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmer\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Start Java Server.lnk = C:\Programmer\mltarc\StrJwSrv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://ltw.danmarksgruppen.dk/qp2.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278084491444
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278084470474
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmer\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmer\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavFnSvr.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Panda Security International - C:\Programmer\Panda Security\WAC\PSHost.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmer\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmer\Panda Security\WAC\psksvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmer\Panda Security\WaAgent\WasWD\WasWD.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 20059 bytes

Synes godt om

f-arn Guru

22. september 2010 - 12:40 #35

Bliver den Panda overhovedet opdateret? Noget af det den har sluppet ind er temmelig gammelt.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

daki Juniormester

22. september 2010 - 21:16 #36

Ja - Panda opdateres automatisk, sidste gang 21-09-10 20:52 før det var det 21-09-10 09:42.
Har afinstalleret Panda, indtil der er styr på dette her :-)

ComboFix 10-09-21.03 - DAHE 22-09-2010 15:51:28.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3062.2484 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mulige inficerede internetsteder -----

hxxp://dktnm:8530
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-08-22 til 2010-09-22 )))))))))))))))))))))))))))))))))))
.

2010-09-22 08:55 . 2010-09-22 08:55 -------- d-----w- C:\_rpcs
2010-09-22 08:55 . 2008-07-08 13:09 32256 ----a-w- c:\windows\system32\RC00C140.dll
2010-09-22 08:55 . 2008-07-08 13:09 1291363 ----a-w- c:\windows\system32\RCAEE140.DLL
2010-09-22 08:55 . 2008-06-06 11:13 94208 ----a-w- c:\windows\system32\RCPRINT.dll
2010-09-22 08:55 . 2008-07-08 13:09 27136 ----a-w- c:\windows\system32\RCINST.DLL
2010-09-22 08:55 . 2008-06-19 17:18 1310720 ----a-w- c:\windows\system32\MPC22dat.dll
2010-09-22 08:55 . 2008-06-03 13:52 221184 ----a-w- c:\windows\system32\Rc4manNT.dll
2010-09-22 08:55 . 2008-04-23 15:58 192512 ----a-w- c:\windows\system32\rdrvlog.dll
2010-09-22 08:55 . 2008-03-28 16:26 61440 ----a-w- c:\windows\system32\MFRICRES.dll
2010-09-22 08:55 . 2007-06-13 16:42 268252 ----a-w- c:\windows\system32\rpcsecl.dll
2010-09-22 08:55 . 2004-02-13 12:20 57344 ----a-w- c:\windows\system32\rdrvinf.dll
2010-09-22 08:43 . 2008-05-30 12:59 22832 ----a-w- c:\windows\system32\pfdnnt.exe
2010-09-21 14:04 . 2010-09-21 14:09 -------- d-----w- c:\documents and settings\DAHE\ShareCalendar
2010-09-21 13:32 . 2010-09-21 13:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\Softalk
2010-09-21 13:19 . 2010-09-21 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Softalk
2010-09-21 12:55 . 2010-09-21 13:41 -------- d-----w- c:\documents and settings\DAHE\ShareContacts
2010-09-21 12:35 . 2010-09-21 12:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2010-09-21 06:13 . 2010-09-22 14:08 564800 ----a-w- c:\windows\system32\drivers\ukknbd.sys
2010-09-21 06:13 . 2010-09-21 06:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-21 06:12 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-21 06:12 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-21 06:11 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-21 06:11 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-09-17 06:37 . 2010-09-22 13:09 202988 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-09-16 15:25 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-16 15:24 . 2010-06-18 17:47 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-16 15:23 . 2010-04-16 15:38 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-16 14:24 . 2010-09-16 14:24 -------- d-----w- c:\programmer\ESET
2010-09-15 16:04 . 2010-09-15 16:04 -------- d-----w- c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-17 06:36 -------- d-----w- c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-21 14:15 -------- d-----w- c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32 -------- d-----w- c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00 16896 ----a-w- c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-21 12:07 -------- d-----w- c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41 -------- d-----w- C:\Program Data
2010-09-05 10:45 . 2010-09-05 10:45 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Apple Computer
2010-09-04 18:00 . 2010-09-05 11:04 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46 -------- d-----w- c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 13:38 . 2010-06-25 12:43 1796432 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-09-22 13:21 . 2010-09-22 13:21 0 ---ha-w- c:\windows\ravtc.tmp
2010-09-22 13:09 . 2010-09-17 06:37 202988 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-22 12:53 . 2010-09-17 06:37 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-22 12:53 . 2010-09-17 06:37 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-09-21 10:38 . 2010-09-21 10:38 45056 ----a-w- c:\documents and settings\DAHE\Application Data\Sun\Java\Deployment\cache\6.0\14\25d7b48e-1b6e1613-n\jniwrap.dll
2010-09-17 07:25 . 2008-10-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-17 06:56 . 2008-11-11 10:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-17 06:55 . 2009-11-15 14:28 152576 ----a-w- c:\documents and settings\DAHE\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-09-16 11:02 . 2008-11-11 19:18 -------- d-----w- c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37 -------- d-----w- c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46 -------- d-----w- c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28 -------- d-----w- c:\programmer\Multimedia Center for Think Offerings
2010-09-14 17:44 . 2010-09-14 17:44 112 ----a-w- c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 07:01 . 2008-10-13 05:55 -------- d-----w- c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12 -------- d-----w- c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47 -------- d-----w- c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00 550382 ----a-w- c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00 113816 ----a-w- c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27 -------- d-----w- c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13 -------- d-----w- c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22 -------- d-----w- c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12 -------- d-----w- c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29 -------- d-----w- c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09 0 ----a-w- c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14 -------- d-----w- c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42 24304 ----a-w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-08-21 10:50 . 2010-08-21 10:50 -------- d-----w- c:\programmer\Lexmark
2010-08-18 06:44 . 2010-08-18 06:44 -------- d-----w- c:\programmer\HPDesignjet30-130PrinterSeries
2010-08-17 13:17 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 09:18 . 2009-03-16 21:31 -------- d-----w- c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19 -------- d-----w- c:\programmer\SolarWinds
2010-07-22 15:46 . 1979-12-31 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 21:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2009-04-16 07:15 . 2009-04-16 07:15 16496 --sha-w- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-17 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03 49152 ----a-w- c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41 100104 ----a-w- c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 ygaojcb;ygaojcb;c:\windows\system32\drivers\wumfa.sys --> c:\windows\system32\drivers\wumfa.sys [?]
S1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS --> c:\windows\system32\Drivers\APPFLT.SYS [?]
S1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS --> c:\windows\system32\Drivers\DSAFLT.SYS [?]
S1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS --> c:\windows\system32\Drivers\fnetmon.SYS [?]
S1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS --> c:\windows\system32\Drivers\IDSFLT.SYS [?]
S1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS --> c:\windows\system32\Drivers\NETFLTDI.SYS [?]
S1 nsfim;Network Shared Files Information Manager Plugin;\??\c:\windows\system32\Drivers\NSFIM.SYS --> c:\windows\system32\Drivers\NSFIM.SYS [?]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8651.sys --> c:\windows\system32\DRIVERS\amm8651.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 PavAt3Scheduler;Panda Endpoint Scheduler;"c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe" --> c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [?]
S2 PavWASLpMng;Panda Endpoint Local Process Manager;"c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe" --> c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [?]
S2 PskSvc;Panda Kernel Service;"c:\programmer\Panda Security\WAC\psksvc.exe" --> c:\programmer\Panda Security\WAC\psksvc.exe [?]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe --> c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [?]
S2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe --> c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys --> c:\windows\System32\DRIVERS\ASPI32.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - ukknbd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ukknbd]

.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(3844)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\programmer\Java\jre6\bin\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-22 16:17:44 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-22 14:17

Pre-Kørsel: 17.475.428.352 byte ledig
Post-Kørsel: 17.703.067.648 byte ledig

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 83F5FE3BF5150976A4ACDA3FB101A130

Synes godt om

f-arn Guru

22. september 2010 - 22:40 #37

Det er en helt anden slags infektiom du har her, så måske er din Panda ikke det rette. Hvor gammel er den?

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\RC00C140.dll
c:\windows\system32\RCAEE140.DLL
RootKit::
c:\windows\system32\drivers\ukknbd.sys
Dirlook::
C:\_rpcs
Driver::
ukknbd

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

daki Juniormester

23. september 2010 - 09:06 #38

Computeren er min gamle arbejdsmakine som jeg har købt af firmaet, en del af aftalen er at jeg kunne beholde Panda indtil denne ophører juli 2011.
Når jeg har skulle scanne med ComboFix, er Panda blevet afinstalleret og efterfølgende er installationsfilen hentet fra vores administrationsdel hos Panda Security - burde være
sidste nye version....

Overvejer kraftigt, at fjerne alle Lenovo programmerne, det kan vel ikke skade?

ComboFix 10-09-22.05 - DAHE 23-09-2010 8:22.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3062.1982 [GMT 2:00]
Kører fra: c:\documents and settings\DAHE\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\DAHE\Skrivebord\CFScript

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UKKNBD
-------\Service_ukknbd

((((((((((((((((((((((((((((( Filer skabt fra 2010-08-23 til 2010-09-23 )))))))))))))))))))))))))))))))))))
.

2010-09-22 08:55 . 2010-09-22 08:55 -------- d-----w- C:\_rpcs
2010-09-22 08:55 . 2008-07-08 13:09 32256 ----a-w- c:\windows\system32\RC00C140.dll
2010-09-22 08:55 . 2008-07-08 13:09 1291363 ----a-w- c:\windows\system32\RCAEE140.DLL
2010-09-22 08:55 . 2008-06-06 11:13 94208 ----a-w- c:\windows\system32\RCPRINT.dll
2010-09-22 08:55 . 2008-07-08 13:09 27136 ----a-w- c:\windows\system32\RCINST.DLL
2010-09-22 08:55 . 2008-06-19 17:18 1310720 ----a-w- c:\windows\system32\MPC22dat.dll
2010-09-22 08:55 . 2008-06-03 13:52 221184 ----a-w- c:\windows\system32\Rc4manNT.dll
2010-09-22 08:55 . 2008-04-23 15:58 192512 ----a-w- c:\windows\system32\rdrvlog.dll
2010-09-22 08:55 . 2008-03-28 16:26 61440 ----a-w- c:\windows\system32\MFRICRES.dll
2010-09-22 08:55 . 2007-06-13 16:42 268252 ----a-w- c:\windows\system32\rpcsecl.dll
2010-09-22 08:55 . 2004-02-13 12:20 57344 ----a-w- c:\windows\system32\rdrvinf.dll
2010-09-22 08:43 . 2008-05-30 12:59 22832 ----a-w- c:\windows\system32\pfdnnt.exe
2010-09-21 14:04 . 2010-09-21 14:09 -------- d-----w- c:\documents and settings\DAHE\ShareCalendar
2010-09-21 13:32 . 2010-09-21 13:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\Softalk
2010-09-21 13:19 . 2010-09-21 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Softalk
2010-09-21 12:55 . 2010-09-21 13:41 -------- d-----w- c:\documents and settings\DAHE\ShareContacts
2010-09-21 12:35 . 2010-09-21 12:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2010-09-21 06:13 . 2010-09-21 06:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-21 06:12 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-21 06:12 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-21 06:11 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-21 06:11 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-09-17 06:37 . 2010-09-22 13:09 202988 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-09-16 15:25 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-16 15:24 . 2010-06-18 17:47 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-16 15:23 . 2010-04-16 15:38 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-16 14:24 . 2010-09-16 14:24 -------- d-----w- c:\programmer\ESET
2010-09-15 16:04 . 2010-09-15 16:04 -------- d-----w- c:\temp\RemoteKeys
2010-09-14 20:23 . 2010-09-17 06:36 -------- d-----w- c:\programmer\Panda Security
2010-09-13 14:39 . 2010-09-21 14:15 -------- d-----w- c:\temp\workgroupshare
2010-09-13 09:37 . 2010-09-13 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 14:20 . 2010-09-16 11:14 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2010-09-11 14:20 . 2010-09-14 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 21:32 . 2010-09-08 21:32 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\BVRP Software
2010-09-08 21:31 . 2010-09-08 21:32 -------- d-----w- c:\programmer\NetWaiting
2010-09-08 21:29 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll
2010-09-08 06:08 . 2001-08-17 18:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys
2010-09-08 06:08 . 2004-08-27 14:00 16896 ----a-w- c:\windows\system32\dllcache\tftp.exe
2010-09-07 09:51 . 2010-09-21 12:07 -------- d-----w- c:\temp\hijackthis
2010-09-07 09:06 . 2010-09-07 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-09-07 09:05 . 2010-09-07 09:19 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Adobe
2010-09-07 08:55 . 2010-09-07 08:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-07 08:54 . 2010-09-07 08:54 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne
2010-09-06 06:41 . 2010-09-06 06:41 -------- d-----w- C:\Program Data
2010-09-04 18:00 . 2010-09-05 11:04 -------- d-----w- c:\documents and settings\DAHE\Lokale indstillinger\Application Data\kevcgnamf
2010-09-04 17:58 . 2010-09-05 10:46 -------- d-----w- c:\documents and settings\DAHE\Application Data\09EE612E8BCA967E684BE9521BBFF2D8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 13:21 . 2010-09-22 13:21 0 ---ha-w- c:\windows\ravtc.tmp
2010-09-22 13:09 . 2010-09-17 06:37 202988 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-22 12:53 . 2010-09-17 06:37 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-22 12:53 . 2010-09-17 06:37 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-09-17 07:25 . 2008-10-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-17 06:56 . 2008-11-11 10:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-16 11:02 . 2008-11-11 19:18 -------- d-----w- c:\programmer\Winamp
2010-09-16 11:02 . 2008-10-09 17:37 -------- d-----w- c:\programmer\Picasa2
2010-09-15 14:51 . 2008-10-10 18:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-09-15 07:37 . 2008-11-07 18:46 -------- d-----w- c:\programmer\Microsoft ActiveSync
2010-09-15 06:50 . 2008-10-09 17:28 -------- d-----w- c:\programmer\Multimedia Center for Think Offerings
2010-09-14 17:44 . 2010-09-14 17:44 112 ----a-w- c:\documents and settings\All Users\Application Data\BQ7UPb.dat
2010-09-14 07:01 . 2008-10-13 05:55 -------- d-----w- c:\documents and settings\DAHE\Application Data\Teleca
2010-09-14 07:00 . 2008-10-12 20:12 -------- d-----w- c:\programmer\Fælles filer\Teleca Shared
2010-09-13 19:32 . 2009-05-12 04:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-13 06:10 . 2010-05-31 09:47 -------- d-----w- c:\programmer\PC-Doctor
2010-09-11 18:23 . 2009-01-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-09-10 23:41 . 1979-12-31 22:00 550382 ----a-w- c:\windows\system32\perfh006.dat
2010-09-10 23:41 . 1979-12-31 22:00 113816 ----a-w- c:\windows\system32\perfc006.dat
2010-09-08 22:03 . 2008-10-09 20:27 -------- d-----w- c:\programmer\Digital Line Detect
2010-09-08 21:34 . 2008-10-09 17:13 -------- d-----w- c:\programmer\Lenovo
2010-09-08 21:30 . 2008-10-09 17:22 -------- d-----w- c:\programmer\CONEXANT
2010-09-08 06:25 . 2008-10-10 18:12 -------- d-----w- c:\programmer\CCleaner
2010-09-05 10:46 . 2009-07-06 06:29 -------- d-----w- c:\programmer\QuickTime
2010-08-31 06:36 . 2009-03-11 10:09 0 ----a-w- c:\documents and settings\DAHE\temp.dat
2010-08-26 07:01 . 2008-10-22 10:14 -------- d-----w- c:\programmer\Microsoft.NET
2010-08-24 23:28 . 2010-05-31 09:42 24304 ----a-w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-24 23:28 . 2008-10-09 17:39 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-08-24 23:28 . 2008-10-09 17:39 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-08-21 10:50 . 2010-08-21 10:50 -------- d-----w- c:\programmer\Lexmark
2010-08-18 06:44 . 2010-08-18 06:44 -------- d-----w- c:\programmer\HPDesignjet30-130PrinterSeries
2010-08-17 13:17 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 09:18 . 2009-03-16 21:31 -------- d-----w- c:\documents and settings\DAHE\Application Data\FileZilla
2010-08-12 06:34 . 2010-08-12 06:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-08-02 13:19 . 2010-08-02 13:19 -------- d-----w- c:\programmer\SolarWinds
2010-07-22 15:46 . 1979-12-31 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 21:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2009-04-16 07:15 . 2009-04-16 07:15 16496 --sha-w- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\RC00C140.dll ---
Company: RICOH CO., LTD.
File Description: RPCS Printer Driver
File Version: 7.8.9
Product Name: RC00C140
Copyright: Copyright(C) 1999-2008 RICOH CO., LTD.
Original Filename:
File size: 32256
Created time: 2010-09-22 08:55
Modified time: 2008-07-08 13:09
MD5: 2E6A7F9242654E8FE6CA0F491A14BD9F
SHA1: 0B7C3BDA8DE167E0DE78A6F1E7108B8C7F28571F

--- c:\windows\system32\RCAEE140.DLL ---
Company: RICOH CO., LTD.
File Description: RICOH RPCS Printer Driver
File Version: 7.8.9
Product Name: RICOH RPCS Printer Driver
Copyright: Copyright(C) 1999-2008 RICOH CO., LTD.
Original Filename: RCAEE140.DLL
File size: 1291363
Created time: 2010-09-22 08:55
Modified time: 2008-07-08 13:09
MD5: 9774BA651F17D8D306CB27E61E7C6604
SHA1: 1F58F1290D2D88A3F10FA2EC768B02E0C954C035

---- Directory of C:\_rpcs ----

2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE197.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE196.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE195.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE193.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE194.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE191.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE192.rsr
2010-09-22 08:55 . 2010-09-22 08:55 1611 ----a-w- c:\_rpcs\RCAEE190.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2451 ----a-w- c:\_rpcs\RCAEE186.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2587 ----a-w- c:\_rpcs\RCAEE185.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2451 ----a-w- c:\_rpcs\RCAEE182.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2587 ----a-w- c:\_rpcs\RCAEE183.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2451 ----a-w- c:\_rpcs\RCAEE184.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2451 ----a-w- c:\_rpcs\RCAEE181.rsr
2010-09-22 08:55 . 2010-09-22 08:55 2451 ----a-w- c:\_rpcs\RCAEE180.rsr
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE197.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE194.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE195.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE196.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE193.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE190.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE191.rsq
2010-09-22 08:55 . 2010-09-22 11:01 1628 ----a-w- c:\_rpcs\RCAEE192.rsq
2010-09-22 08:55 . 2010-09-22 11:01 2339 ----a-w- c:\_rpcs\RCAEE186.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2373 ----a-w- c:\_rpcs\RCAEE182.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2520 ----a-w- c:\_rpcs\RCAEE185.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2536 ----a-w- c:\_rpcs\RCAEE183.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2372 ----a-w- c:\_rpcs\RCAEE184.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2289 ----a-w- c:\_rpcs\RCAEE180.rsd
2010-09-22 08:55 . 2010-09-22 11:01 2346 ----a-w- c:\_rpcs\RCAEE181.rsd
2010-09-22 08:55 . 2010-09-22 08:55 0 ----a-w- c:\_rpcs\RC00C171.ini
2010-09-22 08:55 . 2010-09-22 11:01 7125 ----a-w- c:\_rpcs\RCAEE170.ini
2010-09-22 08:55 . 2010-09-22 08:55 57 ----a-w- c:\_rpcs\RC00C170.ini

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-24 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-08-24 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-07-07 155648]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Ulead AutoDetector"="c:\programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"BrMfcWnd"="c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2010-09-17 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DAHE\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Java Server.lnk - c:\programmer\mltarc\StrJwSrv.exe [2008-10-9 115712]
UltimateZip Quick Start.lnk - c:\programmer\UltimateZip 2.7\uzqkst.exe [2002-3-17 266240]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2008-10-9 50688]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-12-12 805392]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-22 6144]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-03-23 00:03 49152 ----a-w- c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 11:41 100104 ----a-w- c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mltarc\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Programmer\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [31-05-2010 11:42 24304]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [01-10-2009 08:14 902432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09-10-2009 12:10 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [31-05-2010 11:33 13480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe [01-10-2009 08:14 2326920]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programmer\ThinkPad\Utilities\DOZESVC.EXE [31-05-2010 11:42 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programmer\ThinkPad\Utilities\PWMDBSVC.exe [09-10-2008 22:30 53248]
R2 PrivateDisk;PrivateDisk;c:\programmer\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 13:11 46142]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;Vis på skærm;c:\programmer\Lenovo\HOTKEY\TPHKSVC.exe [24-10-2008 13:32 63928]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [01-10-2009 08:14 159168]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [18-02-2010 18:31 199688]
S0 ygaojcb;ygaojcb;c:\windows\system32\drivers\wumfa.sys --> c:\windows\system32\drivers\wumfa.sys [?]
S1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS --> c:\windows\system32\Drivers\APPFLT.SYS [?]
S1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS --> c:\windows\system32\Drivers\DSAFLT.SYS [?]
S1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS --> c:\windows\system32\Drivers\fnetmon.SYS [?]
S1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS --> c:\windows\system32\Drivers\IDSFLT.SYS [?]
S1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS --> c:\windows\system32\Drivers\NETFLTDI.SYS [?]
S1 nsfim;Network Shared Files Information Manager Plugin;\??\c:\windows\system32\Drivers\NSFIM.SYS --> c:\windows\system32\Drivers\NSFIM.SYS [?]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8651.sys --> c:\windows\system32\DRIVERS\amm8651.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [07-02-2010 14:23 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programmer\Lenovo\HOTKEY\micmute.exe [31-05-2010 11:33 45496]
S2 PavAt3Scheduler;Panda Endpoint Scheduler;"c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe" --> c:\programmer\Panda Security\WaAgent\Scheduler\PavSched.exe [?]
S2 PavWASLpMng;Panda Endpoint Local Process Manager;"c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe" --> c:\programmer\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [?]
S2 PskSvc;Panda Kernel Service;"c:\programmer\Panda Security\WAC\psksvc.exe" --> c:\programmer\Panda Security\WAC\psksvc.exe [?]
S2 smi2;smi2;\??\c:\programmer\SMI2\smi2.sys --> c:\programmer\SMI2\smi2.sys [?]
S2 WASAgent;Panda Endpoint Communications Agent;c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe --> c:\programmer\Panda Security\WaAgent\WasAgent\WasAgent.exe [?]
S2 WASWD;Panda Endpoint Watchdog;c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe --> c:\programmer\Panda Security\WaAgent\WasWD\WasWD.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys --> c:\windows\System32\DRIVERS\ASPI32.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13-07-2005 03:55 13840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-11-2008 14:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 12:23]

2010-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programmer\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-09-23 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-09 23:28]

2010-09-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programmer\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: {77A6491C-3293-41BB-A2B6-11749ABBF61F} = 192.168.13.202,192.168.13.203
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\DAHE\Application Data\Mozilla\Firefox\Profiles\eu3tjcrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk|http://intranote.xl-byg.dk/xl?user=MzY5QQ==|http://mail.google.com/mail/?hl=da&shva=1#inbox
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 08:39
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infql2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\qlbase.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(5308)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\programmer\PC-Doctor\ATLPcdToolbar551452.dll
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
c:\progra~1\ThinkPad\UTILIT~1\DK\PWRMGRRT.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\IGFXEXPS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\RealVNC\VNC4\WinVNC4.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Microsoft ActiveSync\Wcescomm.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\Microsoft ActiveSync\WCESMgr.exe
c:\programmer\mltarc\jre\bin\javaw.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\NOTEPAD.EXE
c:\programmer\Java\jre6\bin\jucheck.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-23 08:54:30 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-23 06:54
ComboFix2.txt 2010-09-22 14:17

Pre-Kørsel: 17.691.389.952 byte ledig
Post-Kørsel: 17.582.690.304 byte ledig

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 28D0B6F74BAF14D11044C5FEAE0C6244

Synes godt om

f-arn Guru

23. september 2010 - 11:21 #39

Klik her: http://www.gmer.net/download.php
og download installationsprogrammet for Gmer til skrivebordet, og klik derefter på filen for at køre Gmer.

Hvis den i indledende scanning lokaliserer poster vist i rødt eller angiver "skjult" eller "rootkit", stop der, og klik på Kopiér knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier indholdet og post det her

Hvis ikke, så klik på Scan, før scanning, skal du sørge for alle andre programmer er lukket, og ingen andre aktioner såsom en planlagt antivirus scanning vil ske samtidig med denne scanning. Brug heller ikke computeren under scanningen.
Du skal også huske at fjerne flueben i andre drev end dit C drev, IAT/EAT og Show All.
Når scanningen er færdig, klik på Kopier knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier oplysninger og post det her

Synes godt om

daki Juniormester

23. september 2010 - 11:51 #40

Dette kom under opstart Rootkit/Malware.....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-23 11:42:12
Windows 5.1.2600 Service Pack 3
Running: fyhjyhwd.exe; Driver: C:\DOCUME~1\DAHE\LOKALE~1\Temp\pwldipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Synes godt om

f-arn Guru

23. september 2010 - 15:11 #41

Dette kom under opstart Rootkit/Malware.....

Hvad mener du?
Der står da ikke noget om Rootkit/Malware.....

Synes godt om

daki Juniormester

23. september 2010 - 15:27 #42

Der er en fane som hedder Rootkit/Malware, hvor disse 3 linier står!
Til højre er der en række flueben - System + sections +IAT/EAT + Devices + Modules + Processes + Threads + Libraries + Services + Registry + Files + C:\ + ADS, Show all er der ikke noget i og kan heller ikke sættes.
Jeg kan vel bare vælge scan som du skriver, men navnet rootkit står der jo også bliver jeg lidt nervøs :-)

Synes godt om

f-arn Guru

23. september 2010 - 15:48 #43

Prøv at køre GMER efter denne vejledning.

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=208&title=gmer-vejledning

Læg mærke til:

Hvis du bliver advaret om rootkit aktivitet og den spørger om du vil køre en fuld scanning, så svar "NO"

PS Da dine sikkerhedsprogammer kan konflikte med GMER er det vigtigt at du deaktiverer dem.

Synes godt om

daki Juniormester

24. september 2010 - 09:29 #44

Nu har jeg prøvet at scanne 3 gange, hver gang går maskinen i blåskærm.
Jeg prøver lige en gang mere i eftermiddag!

Synes godt om

daki Juniormester

24. september 2010 - 09:36 #45

Jeg tror har fundet ud af, hvor det sidste problem opstod. Har været inde på en lokal sportsforenings hjemmeside, og deres hostserver var blevet hacket...

Synes godt om

f-arn Guru

24. september 2010 - 10:15 #46

Lad os prøve en anden.

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.

Synes godt om

daki Juniormester

24. september 2010 - 11:33 #47

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB85E1000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 6598656 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xB8C93000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5767168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT-kerne og -system)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-flerbrugerdriver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xB8480000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 1298432 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xA0E4D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB9B99000 tdrpm251.sys 897024 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0xA0ACF000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 876544 bytes
0xB9E17000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB11EF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 835584 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xA0D9A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA04D1000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB9D2B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9C74000 timntr.sys 565248 bytes (Acronis, Acronis Backup Archive Explorer)
0xB840F000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA0BE3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB10EB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA0D0E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA0209000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB109D000 C:\WINDOWS\system32\drivers\btaudio.sys 319488 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0378000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA0F3E000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xA0F89000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 196608 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xB1179000 C:\WINDOWS\system32\DRIVERS\neti1642.sys 196608 bytes (Panda Security, S.L., netimflt)
0xB1149000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver til NT)
0xA07B7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CFE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8C2C000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x9E480000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA0C53000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB8C57000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA0CC0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA0651000 C:\WINDOWS\system32\DRIVERS\afcdp.sys 155648 bytes (Acronis, File Level CDP Kernel Helper)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, I/O-driver til NT Disk Manager)
0xA0CE8000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9B74000 snapman.sys 151552 bytes (Acronis, Acronis Snapshot API)
0xB1079000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB85BD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB12BB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9FB06000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA0C9E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9B54000 Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xB9DF7000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, Diskdriver til FT)
0xA0BA5000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 122880 bytes (Broadcom Corporation., Bluetooth LAN Access Server Driver)
0xB11D1000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, Driver til PCMCIA-bus)
0xB9B3A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA0F72000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xA09DA000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 94208 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DB8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB11BA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0A19000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA09C4000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DCF000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x9F909000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB12DE000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver til parallel printerport)
0xB8C7F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0D67000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DE5000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver til Systemgendannelse)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-optælling)
0xB11A9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA258000 C:\WINDOWS\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xB9213000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB31B4000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB45BD000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver til seriel port)
0xB9253000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB22EB000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB31A4000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Filterdriver til Redbook-lyd)
0x9FC09000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB5A13000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver til tjenesten Volume Snapshot)
0xB9263000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9273000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver til i8042-port)
0xB3194000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA0199000 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys 49152 bytes (Utimaco Safeware AG, SafeGuard® PrivateDisk Driver)
0xB3174000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9243000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Driver til FIPS Crypto)
0xB31C4000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB3184000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA268000 C:\WINDOWS\System32\Drivers\tcusb.sys 45056 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xB463D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB9283000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorenhedsdriver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-busdriver)
0xB22DB000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB3144000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB3164000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB461D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9E2B8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB45DD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB37CF000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xBA390000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Enhedsdriver til modem)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA410000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA480000 C:\WINDOWS\system32\DRIVERS\btwmodem.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB57B8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA478000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Klassedriver til tastatur)
0xBA458000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB292C000 C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3C0000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA348000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xB37D7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Klassedriver til mus)
0xBA378000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xBA408000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xB57A8000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3D0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA338000 DozeHDD.sys 20480 bytes (Lenovo., Doze Mode Kernel Driver for HDD control)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA368000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA370000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA360000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xBA3F0000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA3E8000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xB57C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9A61000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA0A93000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA03E5000 C:\WINDOWS\system32\drivers\ibmfilter.sys 16384 bytes (IBM, IBM Rescue and Recovery filter driver)
0xB296A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0xA0350000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9A35000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA0A11000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA0A0D000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB2972000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Driver til ACPI-integreret-controller)
0xB177D000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB99F1000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB44C9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB295E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9A09000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0xB9A4D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB2956000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB44C1000 C:\WINDOWS\system32\DRIVERS\sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
0xBA63C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB2327000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA60A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5DE000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xBA63A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA644000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA63E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA638000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA640000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60C000 C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0xBA642000 C:\WINDOWS\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0xB2325000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA622000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA73F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB137F000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA773000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6A2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, PCI IDE-standarddriver)
0xBA69C000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
==============================================
>Stealth
==============================================
0x034B0000 Hidden Image-->System.ServiceProcess.resources.dll [ EPROCESS 0x88BBEA78 ] PID: 1412, 53248 bytes
0x03860000 Hidden Image-->System.ServiceProcess.resources.dll [ EPROCESS 0x88A94750 ] PID: 3184, 53248 bytes

Synes godt om

f-arn Guru

25. september 2010 - 13:08 #48

OK - det blev for selektivt. Vil du godt køre RootRepeal efter denne vejledning. http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=224&title=rootrepeal-vejledning

PS Får du også Script fejl når du åbner denne "Tråd"

Synes godt om

daki Juniormester

25. september 2010 - 18:53 #49

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/25 18:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9F049000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D9E0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RRbackups
Status: Locked to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df161c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df2059.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df234f.tmp
Status: Allocation size mismatch (API: 81920, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df348f.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4c17.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df502e.tmp
Status: Allocation size mismatch (API: 49152, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df596e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df6be1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df75be.tmp
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df929f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dfcb8c.tmp
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dffaba.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\hsperfdata_dahe\4956
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\hibernation.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\thisted[2].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\rss2[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DAHE\Lokale indstillinger\Temporary Internet Files\Content.IE5\S7TK29TF\rss2[2].xml
Status: Visible to the Windows API, but not on disk.

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\939866f0-34dd-4ad8-8473-7d5ee2c79030
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\24ec9507-a7da-4514-a852-7a1f3dd651dc
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\615f6775-d8c3-4a0a-89dc-c05bdb9b368e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\771b4780-e8f3-4077-8a9d-6a8b84c47c99
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\896b0f3c-25cf-41e8-971c-63f937837823
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\90ae67a5-ada9-47e3-909b-11a586f0be02
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\9c730f16-f0af-45ca-86af-9ebfe116e4c7
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\a1262621-4096-40b4-a1f0-629546b822dd
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\f06fc735-8c62-4bc9-90ba-992a54a9c695
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\e1ea9328-3ed7-4bb6-b06f-0a83067951d5
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Keys
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\a3b8427744189984f9582d03d40d1eda_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Appl==EOF==

PS Jeg får også Script fejl når jeg åbner denne "Tråd"...

Synes godt om

f-arn Guru

26. september 2010 - 11:22 #50

Er du sikke på du fik sat flueben i "alle" Jeg synes der mangler noget.

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

------

Hent MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe

Hvis Programmet finder en ukendt MBR, vil du få en række valgmuligheder.
Tryk N og derfter "ENTER" for at lukke Programmet.

Den vil lave en log på dit Skrivebord, "MBRCheck_mm.dd.yy_hh.mm.ss.txt"
Kopier denne log herind.

PS Du kan brokke dig over den Script fejl her:
http://www.eksperten.dk/spm/Eksperten/Fejl/

Synes godt om

daki Juniormester

27. september 2010 - 09:16 #51

Jeg har 'brokket' mig over scriptfejlen!!

Scannede en ekstra gang med RootRepeal, derfor kommer der 3 logs...

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/27 08:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2B68000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0090000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RRbackups
Status: Locked to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df2109.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df3d2b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4229.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df44d4.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df4515.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df6946.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df698c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~df8d7e.tmp
Status: Allocation size mismatch (API: 212992, Raw: 16384)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dfcbfd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dahe\lokale indstillinger\temp\~dff46f.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\ThinkVantage\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\ThinkVantage\Client Security\hibernation.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dan H. J. Kirk\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\939866f0-34dd-4ad8-8473-7d5ee2c79030
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1060284298-1292428093-725345543-1111
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-1005
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\24ec9507-a7da-4514-a852-7a1f3dd651dc
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\615f6775-d8c3-4a0a-89dc-c05bdb9b368e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\771b4780-e8f3-4077-8a9d-6a8b84c47c99
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\896b0f3c-25cf-41e8-971c-63f937837823
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\90ae67a5-ada9-47e3-909b-11a586f0be02
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\9c730f16-f0af-45ca-86af-9ebfe116e4c7
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\a1262621-4096-40b4-a1f0-629546b822dd
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\f06fc735-8c62-4bc9-90ba-992a54a9c695
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1060284298-1292428093-725345543-1111\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\e1ea9328-3ed7-4bb6-b06f-0a83067951d5
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3378202848-1054493662-3614785191-1005\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\My\Keys
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\DAHE\Application Data\Microsoft\SystemCertificates\Request\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\1ff7e0a7-6e07-49f8-b036-322f5949b02e
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1195319810-25830917-1608214133-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\c70e4957-de74-4594-b296-0756d07eb288
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3931957283-3664123729-401999198-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3378202848-1054493662-3614785191-500\a3b8427744189984f9582d03d40d1eda_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a55add43cb630a980b32f2881e67365_97e57a67-13c5-4d88-9eda-7b223b6c381f
Status: Invisible to the Windows API!=

Synes godt om

daki Juniormester

27. september 2010 - 09:18 #52

2010/09/27 08:58:13.0244 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/27 08:58:13.0244 ================================================================================
2010/09/27 08:58:13.0244 SystemInfo:
2010/09/27 08:58:13.0244
2010/09/27 08:58:13.0244 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/27 08:58:13.0244 Product type: Workstation
2010/09/27 08:58:13.0244 ComputerName: TNMPC52
2010/09/27 08:58:13.0244 UserName: DAHE
2010/09/27 08:58:13.0244 Windows directory: C:\WINDOWS
2010/09/27 08:58:13.0244 System windows directory: C:\WINDOWS
2010/09/27 08:58:13.0244 Processor architecture: Intel x86
2010/09/27 08:58:13.0244 Number of processors: 2
2010/09/27 08:58:13.0244 Page size: 0x1000
2010/09/27 08:58:13.0244 Boot type: Normal boot
2010/09/27 08:58:13.0244 ================================================================================
2010/09/27 08:58:13.0525 Initialize success
2010/09/27 08:58:40.0048 ================================================================================
2010/09/27 08:58:40.0048 Scan started
2010/09/27 08:58:40.0048 Mode: Manual;
2010/09/27 08:58:40.0048 ================================================================================
2010/09/27 08:58:42.0231 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/27 08:58:42.0294 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/27 08:58:42.0325 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/27 08:58:42.0403 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/27 08:58:42.0450 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/27 08:58:42.0528 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/27 08:58:42.0699 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/27 08:58:42.0746 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2010/09/27 08:58:42.0808 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/27 08:58:42.0871 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/27 08:58:42.0886 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/27 08:58:42.0933 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/27 08:58:43.0089 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/27 08:58:43.0120 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/27 08:58:43.0151 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/27 08:58:43.0214 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/27 08:58:43.0276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/27 08:58:43.0338 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/27 08:58:43.0479 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/09/27 08:58:43.0557 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/27 08:58:43.0588 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/27 08:58:43.0603 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/27 08:58:43.0619 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/27 08:58:43.0697 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/27 08:58:43.0744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/27 08:58:43.0884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/27 08:58:44.0243 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2010/09/27 08:58:44.0336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/27 08:58:44.0539 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/27 08:58:44.0929 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/27 08:58:45.0132 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/09/27 08:58:45.0568 btaudio (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/27 08:58:45.0677 BTDriver (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/27 08:58:45.0818 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/27 08:58:45.0927 BTWDNDIS (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/27 08:58:46.0332 btwmodem (3af5757648a196e2d5e6b9c8e9c5f62e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2010/09/27 08:58:46.0472 BTWUSB (589400f357f6cb156a6f804035514da0) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/27 08:58:46.0597 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/27 08:58:46.0722 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/27 08:58:46.0878 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/27 08:58:47.0252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/27 08:58:47.0439 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/27 08:58:47.0673 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/27 08:58:47.0985 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/27 08:58:48.0141 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2010/09/27 08:58:48.0344 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/27 08:58:48.0702 CmdIde (5f473210a23e33afafef3cf42b064d88) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/27 08:58:48.0874 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/27 08:58:48.0983 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/27 08:58:49.0217 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/09/27 08:58:49.0607 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/27 08:58:49.0809 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/27 08:58:49.0950 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/27 08:58:50.0059 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/27 08:58:50.0184 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/27 08:58:50.0215 DLADResN (2da3a336878e93e198e514b7d5fa956f) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/27 08:58:50.0230 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/27 08:58:50.0262 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/27 08:58:50.0277 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/27 08:58:50.0308 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/27 08:58:50.0371 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/27 08:58:50.0386 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/27 08:58:50.0464 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/27 08:58:50.0620 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/27 08:58:50.0636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/27 08:58:50.0683 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/27 08:58:50.0761 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/09/27 08:58:50.0807 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
2010/09/27 08:58:50.0838 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/27 08:58:50.0885 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/27 08:58:50.0901 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/27 08:58:50.0963 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/27 08:58:51.0166 E100B (391242693d1d56ffad5782dd3a5de29f) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/27 08:58:51.0228 EGATHDRV (938f1ec77ba35858248e584b2d2e9776) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2010/09/27 08:58:51.0353 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/27 08:58:51.0431 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/27 08:58:51.0509 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/27 08:58:51.0603 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/27 08:58:51.0680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/27 08:58:51.0790 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/27 08:58:51.0868 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/27 08:58:51.0946 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/27 08:58:52.0070 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/27 08:58:52.0117 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/27 08:58:52.0211 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/27 08:58:52.0273 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/27 08:58:52.0351 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/27 08:58:52.0569 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/27 08:58:52.0632 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/27 08:58:52.0694 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/27 08:58:52.0756 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/27 08:58:53.0209 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/27 08:58:54.0331 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/09/27 08:58:54.0518 ibmfilter (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/09/27 08:58:54.0581 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/09/27 08:58:54.0628 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2010/09/27 08:58:54.0674 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/27 08:58:54.0721 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/27 08:58:54.0783 IntelIde (3bcdda95f24d21d4b050c9f0f531c88b) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/27 08:58:54.0924 intelppm (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/27 08:58:54.0971 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/27 08:58:55.0017 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/27 08:58:55.0080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/27 08:58:55.0142 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/27 08:58:55.0298 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/27 08:58:55.0345 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/27 08:58:55.0423 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/27 08:58:55.0470 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/09/27 08:58:55.0501 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/27 08:58:55.0516 kbdhid (530d40f58095397b6b8aa5a0fdd074a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/27 08:58:55.0563 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/27 08:58:55.0610 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/27 08:58:55.0766 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010/09/27 08:58:55.0828 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
2010/09/27 08:58:55.0891 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/27 08:58:55.0937 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/27 08:58:55.0984 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/27 08:58:56.0046 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/27 08:58:56.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/27 08:58:56.0234 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/27 08:58:56.0296 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/27 08:58:56.0358 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/27 08:58:56.0405 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/27 08:58:56.0452 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/27 08:58:56.0561 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/27 08:58:56.0655 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/27 08:58:56.0701 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/27 08:58:56.0764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/27 08:58:56.0779 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/27 08:58:56.0904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/27 08:58:56.0966 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/27 08:58:57.0013 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/27 08:58:57.0044 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/27 08:58:57.0107 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/27 08:58:57.0169 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/27 08:58:57.0294 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/27 08:58:57.0372 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/27 08:58:57.0403 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/27 08:58:57.0419 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/27 08:58:57.0465 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/27 08:58:57.0543 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/27 08:58:57.0575 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/27 08:58:57.0746 NETIMFLT01060042 (9eeb6df1f5ffd878a3a44874607eaaef) C:\WINDOWS\system32\DRIVERS\neti1642.sys
2010/09/27 08:58:58.0089 NETw5x32 (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/09/27 08:58:58.0541 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/27 08:58:58.0604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/27 08:58:58.0666 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/27 08:58:58.0869 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/27 08:58:58.0962 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/27 08:58:59.0165 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/27 08:58:59.0212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/27 08:58:59.0274 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/27 08:58:59.0352 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/27 08:58:59.0383 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/27 08:58:59.0461 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/27 08:58:59.0570 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/27 08:58:59.0602 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/27 08:58:59.0617 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/27 08:58:59.0726 pepifilter (cec24da7f7dd1758e569019232f49def) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/09/27 08:58:59.0773 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/27 08:58:59.0789 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/27 08:58:59.0867 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/09/27 08:58:59.0929 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/27 08:59:00.0023 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/09/27 08:59:00.0210 PrivateDisk (e580dd7d54415905bb0bab306b659fdf) C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
2010/09/27 08:59:00.0334 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/09/27 08:59:00.0366 Processor (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/27 08:59:00.0444 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/09/27 08:59:00.0553 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/27 08:59:00.0568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/27 08:59:00.0615 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/27 08:59:00.0662 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/27 08:59:00.0771 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/27 08:59:00.0818 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/27 08:59:00.0833 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/27 08:59:00.0865 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/27 08:59:00.0943 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/27 08:59:01.0021 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/27 08:59:01.0036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/27 08:59:01.0052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/27 08:59:01.0099 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/27 08:59:01.0177 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/27 08:59:01.0270 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/27 08:59:01.0301 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/27 08:59:01.0410 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/27 08:59:01.0551 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/09/27 08:59:01.0582 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/09/27 08:59:01.0660 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/09/27 08:59:01.0691 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/09/27 08:59:01.0707 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/09/27 08:59:01.0738 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/09/27 08:59:01.0753 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/09/27 08:59:01.0816 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/27 08:59:01.0925 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/27 08:59:01.0972 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/27 08:59:02.0019 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/27 08:59:02.0112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/27 08:59:02.0159 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2010/09/27 08:59:02.0221 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/27 08:59:02.0315 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/27 08:59:02.0393 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/09/27 08:59:02.0549 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys
2010/09/27 08:59:02.0689 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/09/27 08:59:02.0751 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/27 08:59:02.0845 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/27 08:59:02.0923 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/27 08:59:03.0048 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/27 08:59:03.0126 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/27 08:59:03.0188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/27 08:59:03.0282 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/27 08:59:03.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/27 08:59:03.0406 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/27 08:59:03.0500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/27 08:59:03.0515 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/27 08:59:03.0531 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/27 08:59:03.0656 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/27 08:59:03.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/27 08:59:03.0905 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/27 08:59:03.0999 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/09/27 08:59:04.0030 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/27 08:59:04.0139 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2010/09/27 08:59:04.0326 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/09/27 08:59:04.0357 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/27 08:59:04.0389 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/27 08:59:04.0482 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/09/27 08:59:04.0685 TosIde (9b0edfa321a32202b0d0d94b853f0a78) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/27 08:59:04.0872 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2010/09/27 08:59:04.0919 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2010/09/27 08:59:04.0981 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2010/09/27 08:59:05.0044 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/09/27 08:59:05.0059 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/09/27 08:59:05.0121 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/27 08:59:05.0262 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/27 08:59:05.0340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/27 08:59:05.0418 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/27 08:59:05.0465 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/27 08:59:05.0496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/27 08:59:05.0574 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/27 08:59:05.0636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/27 08:59:05.0652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/27 08:59:05.0698 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/27 08:59:05.0761 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/27 08:59:05.0808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/27 08:59:05.0839 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/27 08:59:05.0901 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/27 08:59:06.0026 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/27 08:59:06.0088 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/09/27 08:59:06.0213 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/27 08:59:06.0400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/27 08:59:06.0478 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/09/27 08:59:06.0572 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/27 08:59:06.0634 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/27 08:59:06.0759 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/27 08:59:06.0883 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2010/09/27 08:59:06.0946 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/27 08:59:07.0008 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/27 08:59:07.0086 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/27 08:59:07.0149 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/27 08:59:07.0242 ================================================================================
2010/09/27 08:59:07.0242 Scan finished
2010/09/27 08:59:07.0242 ================================================================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x01b1eb0d

Kernel Drivers (total 187):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA0A8000 isapnp.sys
0xB9F68000 pci.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E17000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DF7000 fltmgr.sys
0xB9DE5000 sr.sys
0xB9DCF000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DB8000 KSecDD.sys
0xBA338000 DozeHDD.sys
0xB9D2B000 Ntfs.sys
0xB9CFE000 NDIS.sys
0xB9C74000 timntr.sys
0xB9B99000 tdrpm251.sys
0xBA108000 ApsHM86.sys
0xB9B74000 snapman.sys
0xB9B54000 Apsx86.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9B3A000 Mup.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8A6E000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8A5A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8A32000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8A07000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB83BC000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8398000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB825B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA602000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA1E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB81EA000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB5C66000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB5829000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9A15000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB339F000 \SystemRoot\system32\DRIVERS\parport.sys
0xB5C5E000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9A11000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB5C56000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB5819000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB5C4E000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA600000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB5809000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB57F9000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB337C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB32B0000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB3292000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB364C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB57E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A01000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB327B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB57D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB52B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB5C46000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB326A000 \SystemRoot\system32\DRIVERS\psched.sys
0xB52A1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB4FA2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB4F9A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB323A000 \SystemRoot\system32\DRIVERS\neti1642.sys
0xB320A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB5291000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB4F8A000 \SystemRoot\system32\DRIVERS\psadd.sys
0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB31AC000 \SystemRoot\system32\DRIVERS\update.sys
0xB99E9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB315E000 \SystemRoot\system32\drivers\btaudio.sys
0xB313A000 \SystemRoot\system32\drivers\portcls.sys
0xB5261000 \SystemRoot\system32\drivers\drmk.sys
0xB5251000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA304A000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA3033000 \SystemRoot\system32\drivers\AEAudio.sys
0xA2FFF000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA2F0E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA2E5B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS
0xB3E6C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9A7D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA664000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7AB000 \SystemRoot\System32\Drivers\Null.SYS
0xBA65C000 \SystemRoot\System32\Drivers\Beep.SYS
0xB4F5A000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB39C9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB39C1000 \SystemRoot\System32\drivers\vga.sys
0xBA65E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB39B1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB39A9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9A55000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2E28000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2DCF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2DA9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2D81000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3E4C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2D5F000 \SystemRoot\System32\drivers\afd.sys
0xB3E3C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3447000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB3989000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xB39A1000 \SystemRoot\System32\drivers\Tppwrif.sys
0xB3981000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xB3604000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xB35FC000 \SystemRoot\System32\drivers\Smapint.sys
0xA2D14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA6ED000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xA2CA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\smiif32.sys
0xBA5B4000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xB3437000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9A3D000 \SystemRoot\System32\drivers\ANC.SYS
0xB3407000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB33F7000 \SystemRoot\System32\Drivers\btwusb.sys
0xB33E7000 \SystemRoot\System32\Drivers\tcusb.sys
0xB35F4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB35EC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9177000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB33C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3BBD000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xB9173000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB916B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB35E4000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB35DC000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xA2C3E000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xB35D4000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xB35CC000 \SystemRoot\system32\DRIVERS\btport.sys
0xA2B68000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9A79000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA490000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB3467000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB902E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB346D000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA2AB2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA2B34000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA638000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA63A000 \??\C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys
0xBA440000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA2A73000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA2A5D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA2AD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2AC8000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA2828000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xA26C2000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA256A000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xBA64A000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xA2411000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2616000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xA227A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA225A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA5E4000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xA212A000 \??\C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
0xBA3F0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA1B9F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA1B8A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA2905000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0015000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 104):
0 System Idle Process
4 System
868 C:\WINDOWS\system32\smss.exe
800 csrss.exe
824 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\ibmpmsvc.exe
1148 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1484 C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
1684 svchost.exe
1860 svchost.exe
460 C:\WINDOWS\system32\brsvc01a.exe
488 C:\WINDOWS\system32\brss01a.exe
492 C:\WINDOWS\system32\spoolsv.exe
1804 svchost.exe
1884 C:\Programmer\Lenovo\HOTKEY\TPHKSVC.exe
1896 C:\WINDOWS\system32\IPSSVC.EXE
1980 C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
2032 C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
380 C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
660 C:\Programmer\Fælles filer\Acronis\CDP\afcdpsrv.exe
772 C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
1252 C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
1288 wmiprvse.exe
1308 C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
1360 C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
1380 C:\Programmer\Intel\WiFi\bin\EvtEng.exe
1504 PresentationFontCache.exe
2120 C:\WINDOWS\system32\svchost.exe
2156 C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
2208 C:\Programmer\Java\jre6\bin\jqs.exe
2272 C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
2432 unsecapp.exe
2712 C:\WINDOWS\system32\svchost.exe
2736 C:\WINDOWS\system32\svchost.exe
2820 C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
2984 C:\WINDOWS\system32\svchost.exe
3100 C:\Programmer\Lenovo\System Update\SUService.exe
3156 C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
3172 C:\WINDOWS\system32\TpKmpSvc.exe
3240 ibmtcsd.exe
3300 C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
3368 C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
3420 C:\Programmer\RealVNC\VNC4\winvnc4.exe
3460 C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
3660 wmpnetwk.exe
3712 C:\WINDOWS\system32\searchindexer.exe
3928 C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
1568 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2424 C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3064 alg.exe
4072 C:\WINDOWS\explorer.exe
3792 C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
4088 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
2352 C:\WINDOWS\system32\TpShocks.exe
1640 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
2320 C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
2860 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2460 C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
2488 C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
1264 C:\Programmer\Lenovo\ZOOM\TpScrex.exe
2584 C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
2376 C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
3868 C:\WINDOWS\system32\rundll32.exe
556 C:\WINDOWS\system32\igfxtray.exe
780 C:\WINDOWS\system32\hkcmd.exe
2532 C:\WINDOWS\system32\igfxpers.exe
2856 C:\WINDOWS\system32\igfxsrvc.exe
3392 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
2368 C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
3856 C:\Programmer\Lenovo\Message Center Plus\MCPLaunch.exe
1428 C:\WINDOWS\system32\igfxext.exe
4296 C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\Monitor.exe
4332 C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
4744 C:\Programmer\Brother\ControlCenter3\BrccMCtl.exe
4804 C:\Programmer\Java\jre6\bin\jusched.exe
4996 C:\Programmer\Microsoft ActiveSync\wcescomm.exe
5020 C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
5268 C:\WINDOWS\system32\ctfmon.exe
5296 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
5320 C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
5560 C:\Programmer\Brother\Brmfcmon\BrMfcMon.exe
5568 C:\Programmer\Digital Line Detect\DLG.exe
5796 C:\Programmer\Logitech\SetPoint\SetPoint.exe
6048 C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
1928 C:\Programmer\Windows Desktop Search\WindowsSearch.exe
4256 C:\Programmer\OpenOffice.org 3\program\soffice.exe
4252 C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
2012 C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.exe
4380 C:\Programmer\mltarc\StrJwSrv.exe
4496 C:\Programmer\OpenOffice.org 3\program\soffice.bin
4528 C:\Programmer\UltimateZip 2.7\uzqkst.exe
4916 C:\Programmer\mltarc\jre\bin\javaw.exe
4764 C:\Programmer\Internet Explorer\iexplore.exe
2776 C:\Programmer\Java\jre6\bin\jucheck.exe
5464 C:\Programmer\Java\jre6\bin\javaw.exe
3496 C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
3788 C:\Programmer\Internet Explorer\iexplore.exe
7020 C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
4284 C:\Programmer\IBM\Client Access\Emulator\pcscm.exe
7536 C:\Documents and Settings\DAHE\Skrivebord\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS541680J9SA00, Rev: SB2IC7UP

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 58AC720519FA3814561BECB05D306DFAD5A9E346

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Synes godt om

f-arn Guru

27. september 2010 - 16:40 #53

Vi venter til i morgen. Hvis der ikke er kommet styr på den fejl , vil jeg ha' spørgsmålet flyttet til Spywarefri.

Synes godt om

f-arn Guru

27. september 2010 - 17:15 #54

Jeg har nu snakket med de andre på Spywarefri, og du flytter bare spørgsmålet hvis du har lyst.
http://www.spywarefri.dk/forum/ Almindelig rensning
http://www.spywarefri.dk/forum/viewforum/10/ Det er Almindelig rensning

Synes godt om

f-arn Guru

28. september 2010 - 16:26 #55

Fortæl mig lige, hvilken type PC er det. Kom XP preinstalleret?
Jeg bryder mig mig ikke om det MBRCheck skriver.

Synes godt om

daki Juniormester

28. september 2010 - 19:54 #56

Det er en Lenovo R60 med XP preinstalleret/recovery funktion via F11...
Spm. flyttet tl Spywarefri Forum.... http://www.spywarefri.dk/forum/viewthread/79166/

/Dan

Synes godt om

daki Juniormester

15. oktober 2010 - 08:32 #57

Skal vi lukke spm., nogen som vil have points?

Synes godt om

daki Juniormester

28. oktober 2010 - 09:03 #58

svar!!!!

Synes godt om

daki Juniormester

28. november 2010 - 17:04 #59

Ingen som vil have points??

Synes godt om

Computer Hjælp (Gratis) Mester

28. november 2010 - 17:17 #60

(Hvad endte 'sagen' med ?)

Synes godt om

daki Juniormester

28. november 2010 - 17:22 #61

f-arn og jeg fortsatte fejlfindingen på spywarefri forum, og alt blev løst til UG. Dog kan er Sikkerrhedscenter ikke aktiveret.

Synes godt om

Computer Hjælp (Gratis) Mester

28. november 2010 - 17:38 #62

(Acceptér selv dit [svar] i #58...)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS