CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

kiwankow Nybegynder

08. december 2010 - 13:06 Der er 71 kommentarer og
1 løsning

hjælp til virus / spyware

Jeg har fået raget et eller andet skidt til mig som gør at der af og til popper et vindue op med noget media.mynewswheel.com og selvom superantispyware finder det og sletter de inficerede filer bliver det ved med at komme igen.
AVG og Malwarebytes finder ingenting heller ikke i fejlsikret tilstand.. HJÆLP..!!

Synes godt om

f-arn Guru

08. december 2010 - 13:26 #1

Opdater Malwarebytes, og kør den igen.

------

Hent og kør DDS

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind, sammen med loggen fra Malwarebytes.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista og Windows 7 - højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

Synes godt om

Slettet bruger

08. december 2010 - 13:28 #2

opret en ny bruger i dit Windows, en hurtig og nem løsning

Synes godt om

f-arn Guru

08. december 2010 - 13:33 #3

opret en ny bruger i dit Windows, en hurtig og nem løsning

Ja, hvis man vil garantere at hverken programfiler, Windows Systemfiler eller MBR er inficeret.

Synes godt om

kiwankow Nybegynder

09. december 2010 - 09:06 #4

DDS (Ver_10-12-05.01) - NTFSx86
Run by Kennie S›gaard at 8:57:02,14 on 09-12-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.958.235 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmer\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
svchost.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Companion\TMonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\AVG\AVG9\avgemc.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Kennie Søgaard\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
c:\documents and settings\kennie s›gaard\lokale indstillinger\temp\8c.tmp\temp00
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\micros~1.lnk - c:\programmer\microsoft office\office\OSA9.EXE
IE: Free YouTube to Mp3 Converter - c:\documents and settings\kennie søgaard\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
Trusted Zone: sydbank.dk
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-30 243024]
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmer\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmer\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R3 BrYNSvc;BrYNSvc;c:\programmer\browny02\BrYNSvc.exe [2010-9-24 245760]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-8 38224]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-3 13224]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\programmer\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-11-29 155344]

=============== Created Last 30 ================

2010-12-08 16:29:53 29184 ----a-r- c:\docume~1\kennie~1\applic~1\microsoft\installer\{21ae04e8-ebf6-40db-9aa9-b7a80c5d057d}\Icon21AE04E8.exe
2010-12-08 16:29:43 -------- d-----w- c:\programmer\mkv2vob
2010-12-08 16:29:09 -------- d-----w- c:\programmer\fælles filer\Wise Installation Wizard
2010-12-08 16:14:46 -------- d-----w- c:\programmer\NCH Swift Sound
2010-12-08 12:26:08 -------- d--h--r- c:\documents and settings\kennie søgaard\Recent
2010-12-08 06:51:42 -------- d-----w- c:\docume~1\kennie~1\applic~1\Malwarebytes
2010-12-08 06:51:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 06:51:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-08 06:51:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 06:51:18 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-12-08 02:17:14 -------- d-----w- c:\docume~1\kennie~1\applic~1\BSplayer Pro
2010-12-08 02:17:13 -------- d-----w- c:\docume~1\kennie~1\applic~1\BSplayer
2010-12-08 02:17:12 -------- d-----w- c:\programmer\Webteh
2010-12-06 07:35:06 -------- d-----w- c:\docume~1\kennie~1\applic~1\SUPERAntiSpyware.com
2010-12-06 07:35:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-06 07:34:45 -------- d-----w- c:\programmer\SUPERAntiSpyware
2010-12-05 16:14:00 -------- d-----w- c:\programmer\fælles filer\DESIGNER
2010-12-05 15:59:53 -------- d-----w- c:\documents and settings\all users\Microsoft
2010-12-05 15:50:56 -------- d-----w- c:\docume~1\kennie~1\lokale~1\applic~1\Microsoft Help
2010-12-05 13:38:47 61215 ----a-w- c:\windows\system32\fgtfmxzbpljtgdue.exe
2010-12-05 11:59:09 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-05 11:59:07 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-05 11:59:07 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-05 11:59:01 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-05 09:43:57 -------- d-----w- c:\programmer\fælles filer\Apple
2010-12-03 17:12:11 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-12-03 17:12:11 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-12-03 17:12:11 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-12-03 17:12:11 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-12-03 17:12:10 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-12-03 17:12:10 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-12-03 17:12:10 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-12-03 17:12:10 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-12-03 17:12:09 -------- d-----w- c:\docume~1\kennie~1\applic~1\FreeBurner
2010-11-29 11:20:23 -------- d-----w- c:\docume~1\kennie~1\applic~1\HamsterSoft
2010-11-29 06:10:37 -------- d-----w- c:\programmer\Sony Ericsson
2010-11-29 05:57:27 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-29 05:57:27 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-25 13:39:55 -------- d-----w- c:\docume~1\kennie~1\applic~1\DVDVideoSoftIEHelpers
2010-11-25 13:39:11 -------- d-----w- c:\programmer\fælles filer\DVDVideoSoft
2010-11-25 13:39:11 -------- d-----w- c:\programmer\DVDVideoSoft
2010-11-24 15:54:54 416768 ----a-w- c:\windows\system32\gpogfjjbselbenuiy.dll
2010-11-09 16:45:39 -------- d-----w- c:\programmer\NCH Software
2010-11-09 14:56:46 -------- d-----w- c:\docume~1\kennie~1\applic~1\Subversion
2010-11-09 14:55:24 -------- d-----w- c:\docume~1\kennie~1\applic~1\Subsync

==================== Find3M ====================

2010-11-03 21:00:09 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-26 01:05:19 87608 ----a-w- c:\docume~1\kennie~1\applic~1\inst.exe
2010-09-26 01:05:19 47360 ----a-w- c:\docume~1\kennie~1\applic~1\pcouffin.sys
2010-09-18 10:23:40 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:39 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53:38 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-17 17:04:00 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-09-17 17:04:00 22 --sha-w- c:\docume~1\kennie~1\applic~1\Sys6925.Config Collection.sys

============= FINISH: 9:03:44,46 ===============

Synes godt om

f-arn Guru

09. december 2010 - 10:26 #5

Start Malwarebytes og under fanebladet "Log" , finder du den seneste. Kopier den herind !

------

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Start den. Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig, klik File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.

------

Jeg skal se logs fra:
Malwarebytes
Rootkit Unhooker

Synes godt om

kiwankow Nybegynder

09. december 2010 - 16:11 #6

jeg ved ikke lige hvordan jeg deaktivere AVG. har scannet med Malware bytes det tog ca. 4 timer men der er ikke gemt nogen logfil. :-(

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF5E92000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2314240 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT-kerne og -system)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-flerbrugerdriver)
0xF60C7000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1273856 bytes (Agere Systems, SoftModem Device Driver)
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1216512 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF7389000 PCI_PNP3584 1048576 bytes
0xF7389000 spes.sys 1048576 bytes
0xF7389000 sptd 1048576 bytes
0xF71E1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB1B86000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5581000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5DEF000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB3B08000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAF033000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAEA42000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6263000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 258048 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xB3A3E000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB1B52000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF55DF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7343000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver til NT)
0xF6221000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xAF1CB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71B4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE384000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB1BF6000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB1C65000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF72CF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, I/O-driver til NT Disk Manager)
0xB3A18000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5E6E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5E4A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF61FE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB1C43000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB1C21000 C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7297000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF72F5000 ftdisk.sys 126976 bytes (Microsoft Corporation, Diskdriver til FT)
0xF7314000 pcmcia.sys 122880 bytes (Microsoft Corporation, Driver til PCMCIA-bus)
0xF719A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72B7000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB1B3A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7371000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF726E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5DD8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAF33E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF624F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB3B61000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7285000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver til Systemgendannelse)
0xF7332000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-optælling)
0xF5DC7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77FA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF777A000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77AA000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF778A000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Filterdriver til Redbook-lyd)
0xF4D52000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF536F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75AA000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver til tjenesten Volume Snapshot)
0xF75CA000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF775A000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver til i8042-port)
0xF77BA000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75EA000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xF769A000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF77DA000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB4C22000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Driver til FIPS Crypto)
0xF776A000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF759A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77CA000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF758A000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-busdriver)
0xF691E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF774A000 C:\WINDOWS\system32\DRIVERS\processr.sys 40960 bytes (Microsoft Corporation, Processorenhedsdriver)
0xF75DA000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF76AA000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75BA000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77EA000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF4CF2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAED1B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF4D42000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7882000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Enhedsdriver til modem)
0xB4C52000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7892000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7872000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Klassedriver til tastatur)
0xF780A000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB4C62000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF787A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Klassedriver til mus)
0xB4C72000 C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB4C6A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB4C5A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7812000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78FA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7902000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF789A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF788A000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF781A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB36F7000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF79A2000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7161000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF62C2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB0AEB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB42DE000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 16384 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF79A6000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Driver til ACPI-integreret-controller)
0xF799A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799E000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB1CA9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF715D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A46000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B28000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A8E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7AF6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B26000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A8A000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B2A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B2C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AC4000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Enhedsdriver til serielspejling)
0xF7AD6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AC0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8C000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B95000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C2D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CB4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B53000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B52000 pciide.sys 4096 bytes (Microsoft Corporation, PCI IDE-standarddriver)
0x8596D1F8 unknown_irp_handler 3592 bytes
0x859DA1F8 unknown_irp_handler 3592 bytes
0x857291F8 unknown_irp_handler 3592 bytes
0x8596F1F8 unknown_irp_handler 3592 bytes
0x858231F8 unknown_irp_handler 3592 bytes
0x8571D1F8 unknown_irp_handler 3592 bytes
0x85829500 unknown_irp_handler 2816 bytes
0x85539500 unknown_irp_handler 2816 bytes
0x855D9500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

Synes godt om

f-arn Guru

09. december 2010 - 16:30 #7

Vi får brug for ComboFix senere, så AVG skal væk. Jeg vil anbefale Avast.
http://www.avast.com/en-eu/free-antivirus-download

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue.
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

Synes godt om

kiwankow Nybegynder

09. december 2010 - 16:51 #8

den finder 1 trussel C:\WINDOWS\system32\drivers\sptd.sys og jeg klikker continue. Jeg scanner igen og den finder samme trussel men der er igen genstart eller logfil..

Synes godt om

kiwankow Nybegynder

09. december 2010 - 16:54 #9

jo der var sørme en log da jeg kiggede ordentligt efter :-)

2010/12/09 16:45:53.0328 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 16:45:53.0328 ================================================================================
2010/12/09 16:45:53.0328 SystemInfo:
2010/12/09 16:45:53.0328
2010/12/09 16:45:53.0328 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/09 16:45:53.0328 Product type: Workstation
2010/12/09 16:45:53.0328 ComputerName: KENNIE-B7EC7E27
2010/12/09 16:45:53.0328 UserName: Kennie Søgaard
2010/12/09 16:45:53.0328 Windows directory: C:\WINDOWS
2010/12/09 16:45:53.0328 System windows directory: C:\WINDOWS
2010/12/09 16:45:53.0328 Processor architecture: Intel x86
2010/12/09 16:45:53.0328 Number of processors: 1
2010/12/09 16:45:53.0328 Page size: 0x1000
2010/12/09 16:45:53.0328 Boot type: Normal boot
2010/12/09 16:45:53.0328 ================================================================================
2010/12/09 16:45:53.0796 Initialize success
2010/12/09 16:46:09.0375 ================================================================================
2010/12/09 16:46:09.0375 Scan started
2010/12/09 16:46:09.0375 Mode: Manual;
2010/12/09 16:46:09.0375 ================================================================================
2010/12/09 16:46:12.0375 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 16:46:12.0578 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/09 16:46:12.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 16:46:13.0187 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/09 16:46:13.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 16:46:13.0968 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/09 16:46:15.0546 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/09 16:46:17.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 16:46:17.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 16:46:17.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 16:46:17.0968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 16:46:18.0250 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/09 16:46:18.0484 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/09 16:46:18.0734 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/09 16:46:19.0093 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/09 16:46:19.0390 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 16:46:19.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 16:46:19.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 16:46:20.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 16:46:20.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 16:46:20.0765 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/09 16:46:21.0125 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/09 16:46:21.0859 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 16:46:22.0296 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 16:46:22.0687 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 16:46:22.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 16:46:23.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 16:46:23.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 16:46:23.0765 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 16:46:23.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/09 16:46:24.0203 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 16:46:24.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/09 16:46:24.0593 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/09 16:46:24.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 16:46:24.0968 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 16:46:25.0187 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/12/09 16:46:25.0390 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/12/09 16:46:25.0593 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/12/09 16:46:25.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 16:46:26.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 16:46:26.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 16:46:27.0140 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/09 16:46:27.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 16:46:27.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/09 16:46:28.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 16:46:28.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 16:46:28.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 16:46:28.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 16:46:28.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 16:46:29.0046 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 16:46:29.0265 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 16:46:29.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 16:46:29.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 16:46:30.0109 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 16:46:30.0296 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 16:46:30.0468 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 16:46:30.0671 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 16:46:30.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 16:46:31.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 16:46:31.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 16:46:31.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 16:46:32.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 16:46:32.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 16:46:32.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 16:46:32.0906 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 16:46:33.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 16:46:33.0375 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 16:46:33.0593 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 16:46:33.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 16:46:33.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 16:46:34.0171 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 16:46:34.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 16:46:34.0593 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 16:46:34.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 16:46:35.0234 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 16:46:35.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 16:46:35.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 16:46:35.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 16:46:36.0171 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/09 16:46:36.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 16:46:36.0546 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 16:46:36.0718 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 16:46:37.0046 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 16:46:37.0265 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/09 16:46:37.0484 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/09 16:46:38.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 16:46:38.0937 Processor (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/09 16:46:39.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 16:46:39.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 16:46:40.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 16:46:40.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 16:46:40.0890 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 16:46:41.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 16:46:41.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 16:46:41.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 16:46:41.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 16:46:42.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 16:46:42.0296 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 16:46:42.0484 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/09 16:46:42.0562 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/09 16:46:42.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 16:46:43.0000 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/09 16:46:43.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 16:46:43.0687 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/12/09 16:46:43.0937 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/09 16:46:44.0156 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/12/09 16:46:44.0343 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/12/09 16:46:44.0546 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/12/09 16:46:44.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 16:46:45.0328 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/09 16:46:45.0328 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/09 16:46:45.0343 sptd - detected Locked file (1)
2010/12/09 16:46:45.0546 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 16:46:45.0843 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 16:46:46.0156 StillCam (d923c28eb64f5c5d7a583bfb75f42395) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/09 16:46:46.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 16:46:46.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 16:46:47.0453 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/09 16:46:47.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 16:46:47.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 16:46:48.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 16:46:48.0453 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 16:46:48.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 16:46:49.0062 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 16:46:49.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 16:46:49.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 16:46:50.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 16:46:50.0359 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 16:46:50.0562 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/09 16:46:50.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 16:46:50.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 16:46:51.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 16:46:51.0500 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 16:46:51.0765 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 16:46:52.0078 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/09 16:46:52.0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 16:46:52.0984 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/12/09 16:46:53.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 16:46:53.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 16:46:54.0015 ================================================================================
2010/12/09 16:46:54.0015 Scan finished
2010/12/09 16:46:54.0015 ================================================================================
2010/12/09 16:46:54.0046 Detected object count: 1
2010/12/09 16:47:08.0859 Locked file(sptd) - User select action: Skip
2010/12/09 16:47:19.0593 ================================================================================
2010/12/09 16:47:19.0593 Scan started
2010/12/09 16:47:19.0593 Mode: Manual;
2010/12/09 16:47:19.0593 ================================================================================
2010/12/09 16:47:20.0796 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 16:47:20.0968 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/09 16:47:21.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 16:47:21.0609 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/09 16:47:21.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 16:47:22.0375 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/09 16:47:23.0718 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/09 16:47:24.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 16:47:25.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 16:47:25.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 16:47:25.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 16:47:25.0890 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/09 16:47:26.0109 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/09 16:47:26.0421 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/09 16:47:26.0765 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/09 16:47:27.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 16:47:27.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 16:47:27.0859 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 16:47:28.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 16:47:28.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 16:47:28.0734 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/09 16:47:29.0093 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/09 16:47:29.0875 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 16:47:30.0265 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 16:47:30.0468 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 16:47:30.0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 16:47:30.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 16:47:31.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 16:47:31.0421 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 16:47:31.0609 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/09 16:47:31.0796 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 16:47:31.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/09 16:47:32.0171 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/09 16:47:32.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 16:47:32.0546 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 16:47:32.0781 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/12/09 16:47:32.0968 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/12/09 16:47:33.0171 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/12/09 16:47:33.0406 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 16:47:33.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 16:47:34.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 16:47:34.0656 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/09 16:47:34.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 16:47:35.0453 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/09 16:47:35.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 16:47:35.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 16:47:36.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 16:47:36.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 16:47:36.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 16:47:36.0640 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 16:47:36.0828 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 16:47:37.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 16:47:37.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 16:47:37.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 16:47:37.0890 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 16:47:38.0062 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 16:47:38.0250 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 16:47:38.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 16:47:38.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 16:47:39.0109 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 16:47:39.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 16:47:39.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 16:47:39.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 16:47:39.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 16:47:40.0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 16:47:40.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 16:47:40.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 16:47:40.0796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 16:47:40.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 16:47:41.0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 16:47:41.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 16:47:41.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 16:47:41.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 16:47:42.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 16:47:42.0343 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 16:47:42.0562 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 16:47:42.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 16:47:42.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 16:47:43.0140 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/09 16:47:43.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 16:47:43.0500 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 16:47:43.0671 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 16:47:44.0015 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 16:47:44.0218 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/09 16:47:44.0421 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/09 16:47:45.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 16:47:45.0859 Processor (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/09 16:47:46.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 16:47:46.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 16:47:47.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 16:47:47.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 16:47:47.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 16:47:47.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 16:47:48.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 16:47:48.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 16:47:48.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 16:47:48.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 16:47:49.0000 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 16:47:49.0203 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/09 16:47:49.0343 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/09 16:47:49.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 16:47:49.0781 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/09 16:47:50.0000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 16:47:50.0406 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/12/09 16:47:50.0625 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/09 16:47:50.0812 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/12/09 16:47:51.0015 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/12/09 16:47:51.0234 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/12/09 16:47:51.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 16:47:52.0015 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/09 16:47:52.0015 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/09 16:47:52.0031 sptd - detected Locked file (1)
2010/12/09 16:47:52.0218 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 16:47:52.0484 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 16:47:52.0671 StillCam (d923c28eb64f5c5d7a583bfb75f42395) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/09 16:47:52.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 16:47:53.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 16:47:53.0984 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/09 16:47:54.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 16:47:54.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 16:47:54.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 16:47:54.0859 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 16:47:55.0046 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 16:47:55.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 16:47:55.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 16:47:56.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 16:47:56.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 16:47:56.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 16:47:56.0765 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/09 16:47:56.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 16:47:57.0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 16:47:57.0343 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 16:47:57.0703 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 16:47:57.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 16:47:58.0265 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/09 16:47:58.0640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 16:47:58.0906 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/12/09 16:47:59.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 16:47:59.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 16:47:59.0796 ================================================================================
2010/12/09 16:47:59.0796 Scan finished
2010/12/09 16:47:59.0796 ================================================================================
2010/12/09 16:47:59.0828 Detected object count: 1
2010/12/09 16:48:19.0187 Locked file(sptd) - User select action: Skip
2010/12/09 16:49:03.0656 ================================================================================
2010/12/09 16:49:03.0656 Scan started
2010/12/09 16:49:03.0656 Mode: Manual;
2010/12/09 16:49:03.0656 ================================================================================
2010/12/09 16:49:04.0703 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 16:49:04.0890 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/09 16:49:05.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 16:49:05.0484 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/09 16:49:05.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 16:49:06.0218 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/09 16:49:07.0500 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/09 16:49:08.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 16:49:08.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 16:49:09.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 16:49:09.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 16:49:09.0625 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/09 16:49:09.0828 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/09 16:49:10.0062 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/09 16:49:10.0343 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/09 16:49:10.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 16:49:10.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 16:49:11.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 16:49:11.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 16:49:11.0546 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 16:49:11.0921 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/09 16:49:12.0250 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/09 16:49:13.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 16:49:13.0453 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 16:49:13.0687 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 16:49:13.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 16:49:14.0062 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 16:49:14.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 16:49:14.0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 16:49:15.0000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/09 16:49:15.0187 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 16:49:15.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/09 16:49:15.0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/09 16:49:15.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 16:49:16.0031 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 16:49:16.0203 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/12/09 16:49:16.0390 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/12/09 16:49:16.0593 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/12/09 16:49:16.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 16:49:17.0062 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 16:49:17.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 16:49:18.0031 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/09 16:49:18.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 16:49:18.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/09 16:49:18.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 16:49:19.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 16:49:19.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 16:49:19.0593 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 16:49:19.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 16:49:19.0968 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 16:49:20.0156 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 16:49:20.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 16:49:20.0593 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 16:49:20.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 16:49:21.0187 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 16:49:21.0343 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 16:49:21.0531 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 16:49:21.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 16:49:22.0093 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 16:49:22.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 16:49:22.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 16:49:22.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 16:49:23.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 16:49:23.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 16:49:23.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 16:49:23.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 16:49:23.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 16:49:24.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 16:49:24.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 16:49:24.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 16:49:25.0031 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 16:49:25.0250 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 16:49:25.0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 16:49:25.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 16:49:26.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 16:49:26.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 16:49:26.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 16:49:27.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 16:49:27.0421 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/09 16:49:27.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 16:49:27.0937 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 16:49:28.0125 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 16:49:28.0562 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 16:49:28.0750 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/09 16:49:29.0000 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/09 16:49:30.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 16:49:30.0781 Processor (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/09 16:49:30.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 16:49:31.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 16:49:32.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 16:49:32.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 16:49:32.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 16:49:32.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 16:49:33.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 16:49:33.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 16:49:33.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 16:49:33.0718 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 16:49:33.0953 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 16:49:34.0109 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/09 16:49:34.0171 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/09 16:49:34.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 16:49:34.0562 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/09 16:49:34.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 16:49:35.0390 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/12/09 16:49:35.0625 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/09 16:49:35.0796 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/12/09 16:49:36.0046 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/12/09 16:49:36.0390 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/12/09 16:49:36.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 16:49:37.0234 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/09 16:49:37.0234 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/09 16:49:37.0250 sptd - detected Locked file (1)
2010/12/09 16:49:37.0437 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 16:49:37.0718 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 16:49:37.0921 StillCam (d923c28eb64f5c5d7a583bfb75f42395) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/09 16:49:38.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 16:49:38.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 16:49:39.0531 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/09 16:49:39.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 16:49:40.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 16:49:40.0250 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 16:49:40.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 16:49:40.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 16:49:41.0203 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 16:49:41.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 16:49:41.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 16:49:42.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 16:49:42.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 16:49:42.0468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/09 16:49:42.0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 16:49:42.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 16:49:43.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 16:49:43.0578 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 16:49:43.0781 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 16:49:44.0125 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/09 16:49:44.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 16:49:44.0812 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/12/09 16:49:45.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 16:49:45.0312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 16:49:45.0796 ================================================================================
2010/12/09 16:49:45.0796 Scan finished
2010/12/09 16:49:45.0796 ================================================================================
2010/12/09 16:49:45.0812 Detected object count: 1
2010/12/09 16:49:49.0703 Locked file(sptd) - User select action: Skip
2010/12/09 16:49:53.0062 Deinitialize success

Synes godt om

kiwankow Nybegynder

09. december 2010 - 17:04 #10

så nu slettede jeg filen :-)

Synes godt om

kiwankow Nybegynder

09. december 2010 - 17:05 #11

2010/12/09 16:54:57.0984 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 16:54:57.0984 ================================================================================
2010/12/09 16:54:57.0984 SystemInfo:
2010/12/09 16:54:57.0984
2010/12/09 16:54:57.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/09 16:54:57.0984 Product type: Workstation
2010/12/09 16:54:57.0984 ComputerName: KENNIE-B7EC7E27
2010/12/09 16:54:57.0984 UserName: Kennie Søgaard
2010/12/09 16:54:57.0984 Windows directory: C:\WINDOWS
2010/12/09 16:54:57.0984 System windows directory: C:\WINDOWS
2010/12/09 16:54:57.0984 Processor architecture: Intel x86
2010/12/09 16:54:57.0984 Number of processors: 1
2010/12/09 16:54:57.0984 Page size: 0x1000
2010/12/09 16:54:57.0984 Boot type: Normal boot
2010/12/09 16:54:57.0984 ================================================================================
2010/12/09 16:54:58.0218 Initialize success
2010/12/09 16:55:01.0125 ================================================================================
2010/12/09 16:55:01.0125 Scan started
2010/12/09 16:55:01.0125 Mode: Manual;
2010/12/09 16:55:01.0125 ================================================================================
2010/12/09 16:55:03.0015 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 16:55:03.0187 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/09 16:55:03.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 16:55:03.0781 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/09 16:55:04.0000 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 16:55:04.0640 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/09 16:55:05.0890 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/09 16:55:06.0968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 16:55:07.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 16:55:07.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 16:55:07.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 16:55:08.0000 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/09 16:55:08.0171 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/09 16:55:08.0406 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/09 16:55:08.0734 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/09 16:55:08.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 16:55:09.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 16:55:09.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 16:55:09.0734 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 16:55:09.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 16:55:10.0265 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/09 16:55:10.0625 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/09 16:55:11.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 16:55:11.0796 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 16:55:12.0000 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 16:55:12.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 16:55:12.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 16:55:12.0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 16:55:13.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 16:55:13.0265 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/09 16:55:13.0437 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 16:55:13.0671 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/09 16:55:13.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/09 16:55:14.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 16:55:14.0265 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 16:55:14.0437 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/12/09 16:55:14.0609 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/12/09 16:55:14.0796 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/12/09 16:55:14.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 16:55:15.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 16:55:15.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 16:55:16.0203 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/09 16:55:16.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 16:55:16.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/09 16:55:17.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 16:55:17.0281 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 16:55:17.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 16:55:17.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 16:55:17.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 16:55:18.0062 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 16:55:18.0250 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 16:55:18.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 16:55:18.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 16:55:19.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 16:55:19.0265 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 16:55:19.0437 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 16:55:19.0640 mouhid (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 16:55:19.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 16:55:20.0187 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 16:55:20.0500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 16:55:20.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 16:55:20.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 16:55:21.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 16:55:21.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 16:55:21.0453 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 16:55:21.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 16:55:21.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 16:55:22.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 16:55:22.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 16:55:22.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 16:55:22.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 16:55:22.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 16:55:23.0000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 16:55:23.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 16:55:23.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 16:55:23.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 16:55:23.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 16:55:24.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 16:55:24.0328 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/09 16:55:24.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 16:55:24.0687 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 16:55:24.0875 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 16:55:25.0203 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 16:55:25.0390 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/09 16:55:25.0609 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/09 16:55:26.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 16:55:26.0984 Processor (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/09 16:55:27.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 16:55:27.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 16:55:28.0343 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 16:55:28.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 16:55:28.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 16:55:28.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 16:55:29.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 16:55:29.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 16:55:29.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 16:55:29.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 16:55:29.0921 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 16:55:30.0093 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/09 16:55:30.0156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/09 16:55:30.0359 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 16:55:30.0562 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/09 16:55:30.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 16:55:31.0171 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/12/09 16:55:31.0375 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/09 16:55:31.0578 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/12/09 16:55:31.0781 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/12/09 16:55:31.0984 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/12/09 16:55:32.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 16:55:32.0703 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/09 16:55:32.0703 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/09 16:55:32.0734 sptd - detected Locked file (1)
2010/12/09 16:55:32.0906 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 16:55:33.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 16:55:33.0390 StillCam (d923c28eb64f5c5d7a583bfb75f42395) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/09 16:55:33.0578 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 16:55:33.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 16:55:34.0671 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/09 16:55:34.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 16:55:35.0171 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 16:55:35.0359 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 16:55:35.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 16:55:35.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 16:55:36.0125 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 16:55:36.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 16:55:36.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 16:55:37.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 16:55:37.0218 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 16:55:37.0421 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/09 16:55:37.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 16:55:37.0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 16:55:37.0968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 16:55:38.0328 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 16:55:38.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 16:55:38.0875 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/09 16:55:39.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 16:55:39.0500 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/12/09 16:55:39.0765 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 16:55:39.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 16:55:40.0328 ================================================================================
2010/12/09 16:55:40.0328 Scan finished
2010/12/09 16:55:40.0328 ================================================================================
2010/12/09 16:55:40.0359 Detected object count: 1
2010/12/09 16:55:58.0687 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/12/09 16:55:58.0734 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2010/12/09 16:55:58.0734 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2010/12/09 16:55:58.0734 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2010/12/09 16:55:58.0734 Locked file(sptd) - User select action: Delete
2010/12/09 16:56:13.0937 Deinitialize success

Synes godt om

f-arn Guru

09. december 2010 - 17:20 #12

Vi får brug for ComboFix senere, så AVG skal væk

Hent AVG Remover(32bit).
Afinstaller AVG
Kør AVG Remover.

------

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Synes godt om

kiwankow Nybegynder

09. december 2010 - 19:25 #13

Jeg kender ikke halvdelen af de programmer du beder mig installere men det bliver værre og værre. Nu spiller computeren noget heavy metal musik som jeg ikke aner hvor kommer fra, og combofix har nu stået i to timer uden nogen som helst reaktion.

Synes godt om

f-arn Guru

09. december 2010 - 20:10 #14

Beklager. Jeg glemte Link til AVG Remover.
Stop ComboFix.

Gå i Kontrol Panelet og under Tilføj/Fjern Programmer
afinstaller AVG.

Hent og kør denne.
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1165.exe

Prøv så igen.

Synes godt om

f-arn Guru

09. december 2010 - 20:21 #15

For en sikkerheds skyld - Hent en ny CombboFix.

Synes godt om

kiwankow Nybegynder

10. december 2010 - 08:06 #16

Her kommer 4 nye logfiler men combofix går stadig bare i stå og står i flere timer uden nogen reaktion.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/09/2010 at 09:14 PM

Application Version : 4.46.1000

Core Rules Database Version : 5978
Trace Rules Database Version: 3790

Scan type : Complete Scan
Total Scan Time : 01:05:00

Memory items scanned : 435
Memory threats detected : 0
Registry items scanned : 6455
Registry threats detected : 0
File items scanned : 22025
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adserver3.openadex[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@tribalfusion[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@content.yieldmanager[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@tradedoubler[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@serving-sys[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@collective-media[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@track.adform[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@media6degrees[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@atdmt[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ad.yieldmanager[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@statse.webtrendslive[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@server.iad.liveperson[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adtech[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@bs.serving-sys[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@liveperson[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@liveperson[3].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ads.raasnet[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@content.yieldmanager[3].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@doubleclick[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@apmebf[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@mediaplex[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adform[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@delivery-media.surftown[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@revsci[1].txt

Trojan.Agent/Gen-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP332\A0333179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP338\A0337328.DLL

------------------------------------------------------

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5282

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10-12-2010 07:31:02
mbam-log-2010-12-10 (07-30-54).txt

Skanningstype: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 280929
Tid gået: 1 time(e), 23 minut(ter), 30 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 1
Registreringsdatabasenøgler Inficeret: 5
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 3

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
c:\WINDOWS\system32\gpogfjjbselbenuiy.dll (Trojan.Agent) -> No action taken.

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{F707BEF3-6E64-AE9B-5E01-38FBF3BC0A4B} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F707BEF3-6E64-AE9B-5E01-38FBF3BC0A4B} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F707BEF3-6E64-AE9B-5E01-38FBF3BC0A4B} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F707BEF3-6E64-AE9B-5E01-38FBF3BC0A4B} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fgtfmxzbpljtgdue (Trojan.Agent) -> No action taken.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icpclxnvfdivtgyos (Trojan.Agent) -> Value: icpclxnvfdivtgyos -> No action taken.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\system volume information\_restore{4a22b285-c0e5-4a30-8e4d-b97a460a7598}\RP338\A0337329.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\fgtfmxzbpljtgdue.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\gpogfjjbselbenuiy.dll (Trojan.Agent) -> No action taken.

-------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:45:48, on 10-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmer\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] //~soundman.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Programmer\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAwADIAMQA2ADgAMgAxADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] //~c:\programmer\messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Programmer\Browny02\BrYNSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7016 bytes

------------------------------------------------

2010-12-10 07:02:19,765 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2010-12-10 07:02:19,781 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2010-12-10 07:02:19,781 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2010-12-10 07:02:19,781 INFO Command line: "C:\Documents and Settings\Kennie Søgaard\Skrivebord\avg_remover_stf_x86_2011_1165.exe"
2010-12-10 07:02:19,796 WARN AvgDir param empty.
2010-12-10 07:02:19,796 WARN AvgAdminDir param empty.
2010-12-10 07:02:19,796 WARN AvgDataDir param empty.
2010-12-10 07:02:33,390 INFO AvgRemover runs in attempt number 1
2010-12-10 07:02:33,390 INFO ***** Msi data *****
2010-12-10 07:02:33,390 DEBUG No product code found for our upgrade codes, nothing to do here
2010-12-10 07:02:33,390 INFO ***** Exchange&Outlook plugins data *****
2010-12-10 07:02:33,390 INFO Removing AvgOutlook addin
2010-12-10 07:02:33,390 INFO AvgOutlook Removing HKCR addin keys x86
2010-12-10 07:02:33,390 INFO Removing Sharepoint plugin if exists
2010-12-10 07:02:33,390 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2010-12-10 07:02:33,390 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2010-12-10 07:02:33,390 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2010-12-10 07:02:33,390 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2010-12-10 07:02:33,390 INFO ***** Services *****
2010-12-10 07:02:33,390 INFO Processing service avg8emc, it can take several minutes...
2010-12-10 07:02:33,390 INFO Service avg8emc is not installed
2010-12-10 07:02:33,390 INFO Processing service avgfws8, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service avg8wd, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgWFPx, it can take several minutes...
2010-12-10 07:02:33,390 INFO Service AvgWFPx is not installed
2010-12-10 07:02:33,390 INFO Service avg8wd is not installed
2010-12-10 07:02:33,390 INFO Service avgfws8 is not installed
2010-12-10 07:02:33,390 DEBUG Service avg8emc RegCleanup
2010-12-10 07:02:33,390 INFO Processing service AvgWFPa, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service avg9wd, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgMfx86, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgMfx64, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgLdx86, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgLdx64, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgTdiX, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgTdiA, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgRkx86, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AvgRkx64, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service avg9emc, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service avgfws9, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service avgfws, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AVGIDSAgent, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
2010-12-10 07:02:33,390 INFO Processing service AVGIDSShimvtx, it can take several minutes...
2010-12-10 07:02:33,406 DEBUG Registry keys for service avg8emc are not present
2010-12-10 07:02:33,406 INFO Service AVGIDSShimvtx is not installed
2010-12-10 07:02:33,406 INFO Service AVGIDSDriverxpx is not installed
2010-12-10 07:02:33,406 INFO Service AVGIDSFilterxpx is not installed
2010-12-10 07:02:33,406 INFO Service AVGIDSShimxpx is not installed
2010-12-10 07:02:33,406 INFO Service AVGIDSAgent is not installed
2010-12-10 07:02:33,406 INFO Service avgfws is not installed
2010-12-10 07:02:33,406 INFO Service avgfws9 is not installed
2010-12-10 07:02:33,406 INFO Service avg9emc is not installed
2010-12-10 07:02:33,406 INFO Service AvgRkx64 is not installed
2010-12-10 07:02:33,406 INFO Service AvgRkx86 is not installed
2010-12-10 07:02:33,406 INFO Service AvgTdiA is not installed
2010-12-10 07:02:33,406 INFO Service AvgTdiX is not installed
2010-12-10 07:02:33,406 INFO Service AvgLdx64 is not installed
2010-12-10 07:02:33,406 INFO Service AvgLdx86 is not installed
2010-12-10 07:02:33,406 INFO Service AvgMfx64 is not installed
2010-12-10 07:02:33,406 INFO Service AvgMfx86 is not installed
2010-12-10 07:02:33,406 INFO Service avg9wd is not installed
2010-12-10 07:02:33,406 INFO Service AvgWFPa is not installed
2010-12-10 07:02:33,406 DEBUG Service avgfws8 RegCleanup
2010-12-10 07:02:33,406 DEBUG Service avg8wd RegCleanup
2010-12-10 07:02:33,406 DEBUG Service AvgWFPx RegCleanup
2010-12-10 07:02:33,406 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSFiltervta, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSDrivervta, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSShimw7x, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2010-12-10 07:02:33,406 INFO Processing service avgwd, it can take several minutes...
2010-12-10 07:02:33,453 DEBUG Registry keys for service avgfws8 are not present
2010-12-10 07:02:33,453 DEBUG Registry keys for service avg8wd are not present
2010-12-10 07:02:33,453 DEBUG Registry keys for service AvgWFPx are not present
2010-12-10 07:02:33,546 INFO Service AVGIDSDrivervta is not installed
2010-12-10 07:02:33,546 INFO Service AVGIDSFiltervta is not installed
2010-12-10 07:02:33,546 INFO Service AVGIDSDrivervtx is not installed
2010-12-10 07:02:33,546 INFO Service AVGIDSFiltervtx is not installed
2010-12-10 07:02:33,593 INFO Service avgwd is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSErHrw7a is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSErHrw7x is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSErHrvta is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSErHrvtx is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSErHrxpx is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSDriverw7a is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSFilterw7a is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSDriverw7x is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSFilterw7x is not installed
2010-12-10 07:02:33,593 INFO Service AVGIDSShimw7x is not installed
2010-12-10 07:02:33,593 DEBUG Service AvgWFPa RegCleanup
2010-12-10 07:02:33,593 DEBUG Service avg9wd RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgMfx86 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgMfx64 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgLdx86 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgLdx64 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgTdiX RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgTdiA RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgRkx86 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AvgRkx64 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service avg9emc RegCleanup
2010-12-10 07:02:33,593 DEBUG Service avgfws9 RegCleanup
2010-12-10 07:02:33,593 DEBUG Service avgfws RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AVGIDSAgent RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AVGIDSShimxpx RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AVGIDSFilterxpx RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AVGIDSDriverxpx RegCleanup
2010-12-10 07:02:33,593 DEBUG Service AVGIDSShimvtx RegCleanup
2010-12-10 07:02:33,593 INFO Processing service AvgAdminServer, it can take several minutes...
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgWFPa are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service avg9wd are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgMfx86 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgMfx64 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgLdx86 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgLdx64 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgTdiX are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgTdiA are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgRkx86 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AvgRkx64 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service avg9emc are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service avgfws9 are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service avgfws are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AVGIDSAgent are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AVGIDSShimxpx are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2010-12-10 07:02:33,593 DEBUG Registry keys for service AVGIDSShimvtx are not present
2010-12-10 07:02:33,609 INFO Service AvgAdminServer is not installed
2010-12-10 07:02:33,609 DEBUG Service AVGIDSShimw7x RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSFilterw7x RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSDriverw7x RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSFilterw7a RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSDriverw7a RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSErHrxpx RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSErHrvtx RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSErHrvta RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSErHrw7x RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSErHrw7a RegCleanup
2010-12-10 07:02:33,609 DEBUG Service avgwd RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSFiltervtx RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSDrivervtx RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSFiltervta RegCleanup
2010-12-10 07:02:33,609 DEBUG Service AVGIDSDrivervta RegCleanup
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSShimw7x are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSErHrvta are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service avgwd are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSFiltervta are not present
2010-12-10 07:02:33,609 DEBUG Registry keys for service AVGIDSDrivervta are not present
2010-12-10 07:02:33,609 DEBUG Service AvgAdminServer RegCleanup
2010-12-10 07:02:33,609 DEBUG Registry keys for service AvgAdminServer are not present
2010-12-10 07:02:33,609 INFO ***** Avg Fw NDIS driver(separate process) *****
2010-12-10 07:02:33,625 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2010-12-10 07:02:33,625 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2010-12-10 07:02:33,625 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2010-12-10 07:02:33,625 INFO Command line: "C:\Documents and Settings\Kennie Søgaard\Skrivebord\avg_remover_stf_x86_2011_1165.exe" /ndisonly /skipask
2010-12-10 07:02:33,640 WARN AvgDir param empty.
2010-12-10 07:02:33,640 WARN AvgAdminDir param empty.
2010-12-10 07:02:33,640 WARN AvgDataDir param empty.
2010-12-10 07:02:33,640 INFO AvgRemover runs in attempt number 1
2010-12-10 07:02:33,640 INFO ***** Avg Fw NDIS driver *****
2010-12-10 07:02:33,640 INFO ...this operation can take several minutes...
2010-12-10 07:02:33,640 INFO FW removing policy
2010-12-10 07:02:35,500 INFO FW NDIS driver not present
2010-12-10 07:02:35,500 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1
2010-12-10 07:02:35,515 INFO ***** end of Fw NDIS separated process *****
2010-12-10 07:02:35,515 INFO ***** Drivers *****
2010-12-10 07:02:35,515 INFO ***** Running AVG process *****
2010-12-10 07:02:37,843 INFO ***** Registry keys and values *****
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2010-12-10 07:02:37,843 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2010-12-10 07:02:37,843 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2010-12-10 07:02:37,843 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2010-12-10 07:02:37,843 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2010-12-10 07:02:37,843 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2010-12-10 07:02:37,843 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2010-12-10 07:02:37,843 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2010-12-10 07:02:37,843 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2010-12-10 07:02:37,843 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2010-12-10 07:02:37,843 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2010-12-10 07:02:37,843 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-12-10 07:02:37,843 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-12-10 07:02:37,843 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2010-12-10 07:02:37,843 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2010-12-10 07:02:37,843 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2010-12-10 07:02:37,859 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2010-12-10 07:02:37,859 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2010-12-10 07:02:37,859 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2010-12-10 07:02:37,859 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2010-12-10 07:02:37,859 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2010-12-10 07:02:37,859 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2010-12-10 07:02:37,859 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-12-10 07:02:37,859 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2010-12-10 07:02:37,859 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2010-12-10 07:02:37,875 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-12-10 07:02:37,875 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2010-12-10 07:02:37,875 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2010-12-10 07:02:37,890 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-12-10 07:02:37,890 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2010-12-10 07:02:37,890 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2010-12-10 07:02:37,890 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-12-10 07:02:37,890 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2010-12-10 07:02:37,890 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2010-12-10 07:02:37,906 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-12-10 07:02:37,906 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2010-12-10 07:02:37,906 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2010-12-10 07:02:37,906 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-12-10 07:02:37,921 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2010-12-10 07:02:37,921 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2010-12-10 07:02:37,921 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2010-12-10 07:02:37,921 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2010-12-10 07:02:37,921 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2010-12-10 07:02:37,921 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2010-12-10 07:02:37,921 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2010-12-10 07:02:37,921 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2010-12-10 07:02:37,921 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2010-12-10 07:02:37,937 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2010-12-10 07:02:37,937 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2010-12-10 07:02:37,937 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2010-12-10 07:02:37,937 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2010-12-10 07:02:37,937 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2010-12-10 07:02:37,953 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2010-12-10 07:02:37,953 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2010-12-10 07:02:37,953 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2010-12-10 07:02:37,953 INFO Processing registry SOFTWARE\Classes\.avgdi
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2010-12-10 07:02:37,953 DEBUG Key SOFTWARE\Classes\.avgdi not found
2010-12-10 07:02:37,953 INFO Processing registry SOFTWARE\Classes\.avgdx
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx not found
2010-12-10 07:02:37,968 INFO Processing registry SOFTWARE\Classes\.avgdx
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx not found
2010-12-10 07:02:37,968 INFO Processing registry SOFTWARE\Classes\.avgdx
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx not found
2010-12-10 07:02:37,968 INFO Processing registry SOFTWARE\Classes\.avgdx
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\.avgdx not found
2010-12-10 07:02:37,968 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2010-12-10 07:02:37,968 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2010-12-10 07:02:37,968 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2010-12-10 07:02:37,984 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2010-12-10 07:02:37,984 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:37,984 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:37,984 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:38,000 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:38,000 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:38,000 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:38,000 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:38,015 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2010-12-10 07:02:38,015 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2010-12-10 07:02:38,015 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2010-12-10 07:02:38,015 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2010-12-10 07:02:38,015 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2010-12-10 07:02:38,031 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2010-12-10 07:02:38,031 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2010-12-10 07:02:38,046 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2010-12-10 07:02:38,046 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2010-12-10 07:02:38,046 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2010-12-10 07:02:38,046 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL ForceRemove
2010-12-10 07:02:38,046 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL not found
2010-12-10 07:02:38,046 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-12-10 07:02:38,062 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2010-12-10 07:02:38,062 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2010-12-10 07:02:38,062 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-12-10 07:02:38,062 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2010-12-10 07:02:38,062 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2010-12-10 07:02:38,062 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2010-12-10 07:02:38,078 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2010-12-10 07:02:38,078 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2010-12-10 07:02:38,078 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2010-12-10 07:02:38,078 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2010-12-10 07:02:38,078 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2010-12-10 07:02:38,078 INFO Processing registry SYSTEM\ControlSet001\Control\GroupOrderList
2010-12-10 07:02:38,078 DEBUG Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG Remove
2010-12-10 07:02:38,109 INFO Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG is not present
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\Avg
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avg ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avg not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\Avgfwfd
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\AVG Security Toolbar Service
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\Avgfws
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avgfws ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\Avgfws not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSAgent
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSDriver
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSEH
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSFilter
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter ForceRemove
2010-12-10 07:02:38,109 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter not found
2010-12-10 07:02:38,109 INFO Processing registry SYSTEM\ControlSet001\services\avgldx64
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 ForceRemove
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 not found
2010-12-10 07:02:38,125 INFO Processing registry SYSTEM\ControlSet001\services\avgldx86
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 ForceRemove
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 not found
2010-12-10 07:02:38,125 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx64
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 ForceRemove
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 not found
2010-12-10 07:02:38,125 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx86
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgmfx86 ForceRemove
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgmfx86 not found
2010-12-10 07:02:38,125 INFO Processing registry SYSTEM\ControlSet001\services\avgrkx64
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgrkx64 ForceRemove
2010-12-10 07:02:38,125 DEBUG Key SYSTEM\ControlSet001\services\avgrkx64 not found
2010-12-10 07:02:38,125 INFO Processing registry SYSTEM\ControlSet001\services\avgrkx86
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgrkx86 ForceRemove
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgrkx86 not found
2010-12-10 07:02:38,140 INFO Processing registry SYSTEM\ControlSet001\services\avgtdia
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgtdia ForceRemove
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgtdia not found
2010-12-10 07:02:38,140 INFO Processing registry SYSTEM\ControlSet001\services\avgtdix
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgtdix ForceRemove
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgtdix not found
2010-12-10 07:02:38,140 INFO Processing registry SYSTEM\ControlSet001\services\avgwd
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgwd ForceRemove
2010-12-10 07:02:38,140 DEBUG Key SYSTEM\ControlSet001\services\avgwd not found
2010-12-10 07:02:38,140 INFO Processing registry SYSTEM\ControlSet001\services\avgfwdx
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet001\services\avgfwdx ForceRemove
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet001\services\avgfwdx not found
2010-12-10 07:02:38,156 INFO Processing registry SYSTEM\ControlSet001\services\avgfwda
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet001\services\avgfwda ForceRemove
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet001\services\avgfwda not found
2010-12-10 07:02:38,156 INFO Processing registry SYSTEM\ControlSet002\services\Avg
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet002\services\Avg ForceRemove
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet002\services\Avg not found
2010-12-10 07:02:38,156 INFO Processing registry SYSTEM\ControlSet002\services\Avgfwfd
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet002\services\Avgfwfd ForceRemove
2010-12-10 07:02:38,156 DEBUG Key SYSTEM\ControlSet002\services\Avgfwfd not found
2010-12-10 07:02:38,156 INFO Processing registry SYSTEM\ControlSet002\services\AVG Security Toolbar Service
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVG Security Toolbar Service ForceRemove
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVG Security Toolbar Service not found
2010-12-10 07:02:38,171 INFO Processing registry SYSTEM\ControlSet002\services\Avgfws
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\Avgfws ForceRemove
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\Avgfws not found
2010-12-10 07:02:38,171 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSAgent
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSAgent ForceRemove
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSAgent not found
2010-12-10 07:02:38,171 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSDriver
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSDriver ForceRemove
2010-12-10 07:02:38,171 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSDriver not found
2010-12-10 07:02:38,171 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSEH
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSEH ForceRemove
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSEH not found
2010-12-10 07:02:38,187 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSFilter
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSFilter ForceRemove
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSFilter not found
2010-12-10 07:02:38,187 INFO Processing registry SYSTEM\ControlSet002\services\avgldx64
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\avgldx64 ForceRemove
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\avgldx64 not found
2010-12-10 07:02:38,187 INFO Processing registry SYSTEM\ControlSet002\services\avgldx86
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\avgldx86 ForceRemove
2010-12-10 07:02:38,187 DEBUG Key SYSTEM\ControlSet002\services\avgldx86 not found
2010-12-10 07:02:38,187 INFO Processing registry SYSTEM\ControlSet002\services\avgmfx64
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgmfx64 ForceRemove
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgmfx64 not found
2010-12-10 07:02:38,203 INFO Processing registry SYSTEM\ControlSet002\services\avgmfx86
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgmfx86 ForceRemove
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgmfx86 not found
2010-12-10 07:02:38,203 INFO Processing registry SYSTEM\ControlSet002\services\avgrkx64
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgrkx64 ForceRemove
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgrkx64 not found
2010-12-10 07:02:38,203 INFO Processing registry SYSTEM\ControlSet002\services\avgrkx86
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgrkx86 ForceRemove
2010-12-10 07:02:38,203 DEBUG Key SYSTEM\ControlSet002\services\avgrkx86 not found
2010-12-10 07:02:38,203 INFO Processing registry SYSTEM\ControlSet002\services\avgtdia
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgtdia ForceRemove
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgtdia not found
2010-12-10 07:02:38,218 INFO Processing registry SYSTEM\ControlSet002\services\avgtdix
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgtdix ForceRemove
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgtdix not found
2010-12-10 07:02:38,218 INFO Processing registry SYSTEM\ControlSet002\services\avgwd
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgwd ForceRemove
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgwd not found
2010-12-10 07:02:38,218 INFO Processing registry SYSTEM\ControlSet002\services\avgfwdx
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgfwdx ForceRemove
2010-12-10 07:02:38,218 DEBUG Key SYSTEM\ControlSet002\services\avgfwdx not found
2010-12-10 07:02:38,234 INFO Processing registry SYSTEM\ControlSet002\services\avgfwda
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\avgfwda ForceRemove
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\avgfwda not found
2010-12-10 07:02:38,234 INFO Processing registry SYSTEM\ControlSet002\services\Avg
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\Avg ForceRemove
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\Avg not found
2010-12-10 07:02:38,234 INFO Processing registry SYSTEM\ControlSet002\services\Avgfwfd
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\Avgfwfd ForceRemove
2010-12-10 07:02:38,234 DEBUG Key SYSTEM\ControlSet002\services\Avgfwfd not found
2010-12-10 07:02:38,234 INFO Processing registry SYSTEM\ControlSet002\services\AVG Security Toolbar Service
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVG Security Toolbar Service ForceRemove
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVG Security Toolbar Service not found
2010-12-10 07:02:38,250 INFO Processing registry SYSTEM\ControlSet002\services\Avgfws
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\Avgfws ForceRemove
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\Avgfws not found
2010-12-10 07:02:38,250 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSAgent
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSAgent ForceRemove
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSAgent not found
2010-12-10 07:02:38,250 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSDriver
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSDriver ForceRemove
2010-12-10 07:02:38,250 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSDriver not found
2010-12-10 07:02:38,250 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSEH
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSEH ForceRemove
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSEH not found
2010-12-10 07:02:38,265 INFO Processing registry SYSTEM\ControlSet002\services\AVGIDSFilter
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSFilter ForceRemove
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\AVGIDSFilter not found
2010-12-10 07:02:38,265 INFO Processing registry SYSTEM\ControlSet002\services\avgldx64
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\avgldx64 ForceRemove
2010-12-10 07:02:38,265 DEBUG Key SYSTEM\ControlSet002\services\avgldx64 not found
2010-12-10 07:02:38,265 INFO Processing registry SYSTEM\ControlSet002\services\avgldx86
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgldx86 ForceRemove
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgldx86 not found
2010-12-10 07:02:38,281 INFO Processing registry SYSTEM\ControlSet002\services\avgmfx64
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgmfx64 ForceRemove
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgmfx64 not found
2010-12-10 07:02:38,281 INFO Processing registry SYSTEM\ControlSet002\services\avgmfx86
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgmfx86 ForceRemove
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgmfx86 not found
2010-12-10 07:02:38,281 INFO Processing registry SYSTEM\ControlSet002\services\avgrkx64
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgrkx64 ForceRemove
2010-12-10 07:02:38,281 DEBUG Key SYSTEM\ControlSet002\services\avgrkx64 not found
2010-12-10 07:02:38,281 INFO Processing registry SYSTEM\ControlSet002\services\avgrkx86
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgrkx86 ForceRemove
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgrkx86 not found
2010-12-10 07:02:38,296 INFO Processing registry SYSTEM\ControlSet002\services\avgtdia
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgtdia ForceRemove
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgtdia not found
2010-12-10 07:02:38,296 INFO Processing registry SYSTEM\ControlSet002\services\avgtdix
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgtdix ForceRemove
2010-12-10 07:02:38,296 DEBUG Key SYSTEM\ControlSet002\services\avgtdix not found
2010-12-10 07:02:38,296 INFO Processing registry SYSTEM\ControlSet002\services\avgwd
2010-12-10 07:02:38,312 DEBUG Key SYSTEM\ControlSet002\services\avgwd ForceRemove
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\ControlSet002\services\avgwd not found
2010-12-10 07:02:38,328 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWS
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWS ForceRemove
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWS not found
2010-12-10 07:02:38,328 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSAGENT
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSAGENT ForceRemove
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSAGENT not found
2010-12-10 07:02:38,328 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER ForceRemove
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER not found
2010-12-10 07:02:38,328 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH ForceRemove
2010-12-10 07:02:38,328 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH not found
2010-12-10 07:02:38,328 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER
2010-12-10 07:02:38,343 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER ForceRemove
2010-12-10 07:02:38,343 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER not found
2010-12-10 07:02:38,343 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM
2010-12-10 07:02:38,343 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM ForceRemove
2010-12-10 07:02:38,359 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM not found
2010-12-10 07:02:38,359 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX86
2010-12-10 07:02:38,359 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX86 ForceRemove
2010-12-10 07:02:38,359 WARN Deleting key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX86 failed (error e0010058)
2010-12-10 07:02:38,359 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX86
2010-12-10 07:02:38,359 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX86 ForceRemove
2010-12-10 07:02:38,359 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX86 not found
2010-12-10 07:02:38,359 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86 ForceRemove
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86 not found
2010-12-10 07:02:38,375 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64 ForceRemove
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64 not found
2010-12-10 07:02:38,375 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64 ForceRemove
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64 not found
2010-12-10 07:02:38,375 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64 ForceRemove
2010-12-10 07:02:38,375 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64 not found
2010-12-10 07:02:38,375 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX
2010-12-10 07:02:38,390 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX ForceRemove
2010-12-10 07:02:38,390 WARN Deleting key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX failed (error e0010058)
2010-12-10 07:02:38,390 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA
2010-12-10 07:02:38,390 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA ForceRemove
2010-12-10 07:02:38,390 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA not found
2010-12-10 07:02:38,390 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGWD
2010-12-10 07:02:38,406 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGWD ForceRemove
2010-12-10 07:02:38,406 DEBUG Key SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGWD not found
2010-12-10 07:02:38,406 INFO Processing registry SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG9WD
2010-12-10

Synes godt om

f-arn Guru

11. december 2010 - 07:38 #17

Beklager jeg ikke vendte tilbage igår. Mit Internet var nede. (Skyline)
Slet den ComboFix du har.

------

Hent og kør appremover: http://www.appremover.com/

Start den, og lad den scanne færdig, hvis den finder AVG, så sæt et flueben der, klik på Next, og lad den fortsætte.

Hvis den ikke finder AVG, så kør en ny scan, men denne gang flytter du prikken ned til - Cleanup a Failed Uninstall og så samme procedure igen.

------

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

fromsej Praktikant

11. december 2010 - 08:22 #18

Prøv at køre Combofix i fejlsikret.

Synes godt om

Computer Hjælp (Gratis) Mester

11. december 2010 - 10:23 #19

Ifølge MalwareBytes loggen -> No action taken ???

Synes godt om

kiwankow Nybegynder

11. december 2010 - 12:12 #20

appremover fandt ingenting, og combofix kan stadig ikke køre hverken på den ene eller anden måde og ej heller i fejlsikret tilstand...

det som superantispyware og malware fandt er selvfølgelig slettet

Synes godt om

f-arn Guru

12. december 2010 - 06:02 #21

Slet den ComboFix du har.

Hent og gem ComboFix på dit skrivebord som kiwankow.exe:

Start kiwankow.exe og følg anvisningerne.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

kiwankow Nybegynder

12. december 2010 - 08:39 #22

hver gang den skal igang med at scanne der hvor der står det ikke børe tage mere end 10 min stopper den. cursoren står bare og blinker i flere timer i træk uden nogen som helst reaktion..

Synes godt om

f-arn Guru

12. december 2010 - 09:20 #23

Har du prøvet at køre den som kiwankow.exe ?

------

Hent "System information tool" (RSIT) af random/random
http://images.malwareremoval.com/random/RSIT.exe

Den laver to logs (log.txt og info.txt)

Kopier dem begge herind.

Synes godt om

kiwankow Nybegynder

12. december 2010 - 12:04 #24

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kennie Søgaard at 2010-12-12 12:01:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (45%) free of 131 GB
Total RAM: 958 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:56, on 12-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmer\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kennie Søgaard\Skrivebord\RSIT.exe
C:\Programmer\trend micro\Kennie Søgaard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] //~soundman.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Programmer\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Programmer\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAwADIAMQA2ADgAMgAxADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] //~c:\programmer\messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Programmer\Browny02\BrYNSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8395 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-08 88363]
"SynTPLpr"=C:\Programmer\Synaptics\SynTP\SynTPLpr.exe [2004-10-08 98394]
"SynTPEnh"=C:\Programmer\Synaptics\SynTP\SynTPEnh.exe [2004-10-08 688218]
"SoundMan"=//~soundman.exe []
"SiSPower"=SiSPower.dll,ModeAgent []
"SunJavaUpdateSched"=C:\Programmer\Fælles filer\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe_ID0EYTHM"=C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Adobe Reader Speed Launcher"=C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"ControlCenter3"=C:\Programmer\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"BrStsMon00"=C:\Programmer\Browny02\Brother\BrStMonW.exe [2010-02-09 2621440]
"QuickTime Task"=C:\Programmer\QuickTime\qttask.exe [2010-09-08 421888]
"BCSSync"=C:\Programmer\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAwADIAMQA2ADgAMgAxADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA&prod=90&ver=9.0.872 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=//~c:\programmer\messenger\msmsgs.exe /background []
"SUPERAntiSpyware"=C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-11-22 2424560]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\CoffeeCup Software\Free FTP\FreeFTP.exe"="C:\Programmer\CoffeeCup Software\Free FTP\FreeFTP.exe:*:Enabled:Direct FTP Application"
"C:\Programmer\Bonjour\mDNSResponder.exe"="C:\Programmer\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Programmer\LimeWire\LimeWire.exe"="C:\Programmer\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programmer\uTorrent\uTorrent.exe"="C:\Programmer\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programmer\Microsoft Office\Office14\GROOVE.EXE"="C:\Programmer\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Programmer\Microsoft Office\Office14\ONENOTE.EXE"="C:\Programmer\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Programmer\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Programmer\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Programmer\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-12-12 12:01:50 ----D---- C:\rsit
2010-12-11 11:52:48 ----SD---- C:\ComboFix
2010-12-10 14:27:23 ----D---- C:\Programmer\Fælles filer\DESIGNER
2010-12-10 14:24:28 ----D---- C:\Programmer\Microsoft Synchronization Services
2010-12-10 14:22:24 ----D---- C:\Programmer\Microsoft.NET
2010-12-10 14:22:24 ----D---- C:\Programmer\Microsoft Sync Framework
2010-12-10 14:22:24 ----D---- C:\Programmer\Microsoft SQL Server Compact Edition
2010-12-10 14:18:39 ----D---- C:\Programmer\Microsoft Visual Studio 8
2010-12-10 14:15:39 ----D---- C:\Programmer\Microsoft Analysis Services
2010-12-09 20:02:25 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\SUPERAntiSpyware.com
2010-12-09 20:02:08 ----D---- C:\Programmer\SUPERAntiSpyware
2010-12-09 19:54:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-09 19:54:20 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2010-12-09 19:54:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-09 19:44:20 ----D---- C:\Programmer\Trend Micro
2010-12-09 18:10:35 ----A---- C:\WINDOWS\zip.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\SWSC.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\SWREG.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\sed.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\PEV.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\MBR.exe
2010-12-09 18:10:35 ----A---- C:\WINDOWS\grep.exe
2010-12-09 18:10:30 ----D---- C:\WINDOWS\ERDNT
2010-12-09 18:10:22 ----D---- C:\Qoobox
2010-12-09 16:54:57 ----A---- C:\TDSSKiller.2.4.11.0_09.12.2010_16.54.57_log.txt
2010-12-09 16:45:53 ----A---- C:\TDSSKiller.2.4.11.0_09.12.2010_16.45.53_log.txt
2010-12-08 07:51:42 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\Malwarebytes
2010-12-08 07:51:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-08 03:32:32 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\vlc
2010-12-08 03:17:14 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\BSplayer Pro
2010-12-08 03:17:13 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\BSplayer
2010-12-08 03:17:12 ----D---- C:\Programmer\Webteh
2010-12-06 08:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-05 16:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-12-05 16:48:02 ----RHD---- C:\MSOCache
2010-12-05 12:59:09 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-12-05 12:59:07 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-12-05 12:59:01 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-12-05 10:44:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-12-05 10:43:57 ----D---- C:\Programmer\Fælles filer\Apple
2010-12-05 10:43:36 ----D---- C:\Programmer\Apple Software Update
2010-12-03 18:12:11 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2010-12-03 18:12:11 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2010-12-03 18:12:11 ----A---- C:\WINDOWS\system32\inetfr.DLL
2010-12-03 18:12:10 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2010-12-03 18:12:10 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2010-12-03 18:12:10 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2010-12-03 18:12:09 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\FreeBurner
2010-11-29 12:20:23 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\HamsterSoft
2010-11-29 06:58:05 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
2010-11-29 06:57:27 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-11-25 14:39:55 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers

======List of files/folders modified in the last 1 months======

2010-12-12 12:01:57 ----D---- C:\WINDOWS\Prefetch
2010-12-12 11:58:20 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\uTorrent
2010-12-12 11:55:35 ----SHD---- C:\WINDOWS\Installer
2010-12-12 11:55:20 ----SD---- C:\Documents and Settings\Kennie Søgaard\Application Data\Microsoft
2010-12-12 11:54:31 ----D---- C:\WINDOWS\Temp
2010-12-12 11:54:31 ----D---- C:\WINDOWS
2010-12-12 08:23:22 ----D---- C:\WINDOWS\system32\wbem
2010-12-12 08:23:22 ----D---- C:\WINDOWS\system32
2010-12-12 08:23:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-11 11:53:45 ----D---- C:\WINDOWS\system32\drivers
2010-12-11 11:53:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-11 11:17:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-10 14:38:36 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-10 14:38:11 ----RSD---- C:\WINDOWS\assembly
2010-12-10 14:35:06 ----SHD---- C:\Config.Msi
2010-12-10 14:28:23 ----RSD---- C:\WINDOWS\Fonts
2010-12-10 14:27:24 ----D---- C:\Programmer\Fælles filer\Microsoft Shared
2010-12-10 14:27:23 ----D---- C:\Programmer\Fælles filer
2010-12-10 14:24:28 ----RD---- C:\Programmer
2010-12-10 14:22:31 ----D---- C:\Programmer\Microsoft Office
2010-12-10 14:22:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-12-10 14:17:19 ----A---- C:\WINDOWS\win.ini
2010-12-10 14:17:09 ----D---- C:\Programmer\Fælles filer\System
2010-12-10 14:15:48 ----D---- C:\WINDOWS\ShellNew
2010-12-10 07:32:40 ----D---- C:\WINDOWS\ime
2010-12-09 18:00:32 ----SD---- C:\WINDOWS\Tasks
2010-12-09 17:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2010-12-09 17:44:15 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-12-08 12:35:16 ----D---- C:\WINDOWS\Debug
2010-12-06 08:49:17 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\Winamp
2010-12-06 08:48:22 ----D---- C:\Programmer\CCleaner
2010-12-05 17:14:10 ----D---- C:\Programmer\MSBuild
2010-12-05 12:59:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-05 12:58:55 ----HD---- C:\WINDOWS\inf
2010-12-05 10:45:29 ----D---- C:\Programmer\QuickTime
2010-12-04 07:30:42 ----D---- C:\WINDOWS\Minidump
2010-11-29 12:06:31 ----D---- C:\Documents and Settings\Kennie Søgaard\Application Data\Vso
2010-11-29 07:13:58 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-29 07:12:04 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft AGPv3.0-standardfilter til K8-processorplatforme; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 SASDIFSV;SASDIFSV; \??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-30 17801]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680]
R3 BCM43XX;Driver til Sony Ericsson 802.11 trådløs LAN-adapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-10-30 369024]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-26 47360]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 StillCam;Driver til serielt digitalt kamera (stillbilleder); C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-04 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
S3 catchme;catchme; \??\C:\DOCUME~1\KENNIE~1\LOKALE~1\Temp\catchme.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-11-03 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-11-03 25512]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;HID-driver til mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-04 12160]
S3 SISNIC;Driver til SiS PCI Fast Ethernet-netværkskort; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
S3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-scannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programmer\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2009-10-30 65536]
R3 BrYNSvc;BrYNSvc; C:\Programmer\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 osppsvc;Office Software Protection Platform; C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2010-04-26 256512]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET-tilstandstjeneste; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Programmer\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

-------------------------------------------------------------

info.txt logfile of random's system information tool 1.08 2010-12-12 12:02:04

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Programmer\uTorrent\uTorrent.exe" /UNINSTALL
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Programmer\Fælles filer\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.3.4 - Dansk-->MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agere Systems AC'97 Modem-->agrsmdel
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Brother MFL-Pro Suite DCP-J315W-->"C:\Programmer\InstallShield Installation Information\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}\Setup.exe" -runfromtemp -l0x0006 UNINSTALL Reg=BH9e2_C1 -removeonly
BS.Player FREE-->"C:\Programmer\Webteh\BSplayer\uninstall.exe"
CCleaner-->"C:\Programmer\CCleaner\uninst.exe"
CoffeeCup Free FTP-->C:\Programmer\CoffeeCup Software\Free FTP\uninstall.exe
ConvertXtoDVD 4.0.3.313-->"C:\Programmer\VSO\ConvertX\4\unins000.exe"
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Programmer\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - DAN-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DAN\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010406-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.5)-->C:\Programmer\Mozilla Firefox\uninstall\helper.exe
Opdatering til Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Opdatering til Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Opdatering til Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Opdatering til Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiS M760GX-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem4.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x6
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SUPERAntiSpyware-->"C:\Programmer\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programmer\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Programmer\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.1.5-->C:\Programmer\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Programmer\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programmer\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}

======System event log======

Computer Name: KENNIE-B7EC7E27
Event Code: 107
Message: Tjenesten Systemgendannelse er standset, fordi der ikke er tilstrækkelig diskplads på drev \\?\Volume{67d29024-c5ec-11de-9e2a-0016363526cb}\. Systemgendannelse vil automatisk genstartes, når der er mindst 200 MB ledig på systemdrevet.

Record Number: 4646
Source Name: SRService
Time Written: 20101112075533.000000+060
Event Type: oplysninger
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 107
Message: Tjenesten Systemgendannelse er standset, fordi der ikke er tilstrækkelig diskplads på drev C:\. Systemgendannelse vil automatisk genstartes, når der er mindst 200 MB ledig på systemdrevet.

Record Number: 4645
Source Name: SRService
Time Written: 20101112070607.000000+060
Event Type: oplysninger
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 4226
Message: TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.

Record Number: 4644
Source Name: Tcpip
Time Written: 20101111223755.000000+060
Event Type: advarsel
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 4226
Message: TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.

Record Number: 4643
Source Name: Tcpip
Time Written: 20101111220912.000000+060
Event Type: advarsel
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 26
Message: Program-pop-up: Windows - Systemfejl : Der blev fundet en IP-adressekonflikt med et andet system på netværket

Record Number: 4642
Source Name: Application Popup
Time Written: 20101111192135.000000+060
Event Type: oplysninger
User:

=====Application event log=====

Computer Name: KENNIE-B7EC7E27
Event Code: 1002
Message: STI BrtSTI: [2010/12/05 11:47:46.812]: [00000880]: QueryLanguageCode:: Check Version Failed[-1]

Record Number: 17528
Source Name: Brother BrLog
Time Written: 20101205114746.000000+060
Event Type: advarsel
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 1001
Message: STI BrtSTI: [2010/12/05 11:46:42.812]: [00000880]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.100.147]

Record Number: 17527
Source Name: Brother BrLog
Time Written: 20101205114642.000000+060
Event Type: Fejl
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 1002
Message: STI BrtSTI: [2010/12/05 11:46:37.812]: [00000880]: SendSKeySettingToDevice:: Check Langcode Failed [-1]

Record Number: 17526
Source Name: Brother BrLog
Time Written: 20101205114637.000000+060
Event Type: advarsel
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 1002
Message: STI BrtSTI: [2010/12/05 11:46:37.812]: [00000880]: QueryLanguageCode:: Check Version Failed[-1]

Record Number: 17525
Source Name: Brother BrLog
Time Written: 20101205114637.000000+060
Event Type: advarsel
User:

Computer Name: KENNIE-B7EC7E27
Event Code: 1001
Message: STI BrtSTI: [2010/12/05 11:45:33.812]: [00000880]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.100.147]

Record Number: 17524
Source Name: Brother BrLog
Time Written: 20101205114533.000000+060
Event Type: Fejl
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programmer\GtkSharp\2.12\bin;C:\Programmer\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programmer\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmer\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Synes godt om

f-arn Guru

12. december 2010 - 15:53 #25

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
klmdb*

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste indlæg. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

------

Hent MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe

Hvis Programmet finder en ukendt MBR, vil du få en række valgmuligheder.
Tryk N og derfter "ENTER" for at lukke Programmet.

Den vil lave en log på dit Skrivebord, "MBRCheck_mm.dd.yy_hh.mm.ss.txt"
Kopier denne log herind.

Synes godt om

kiwankow Nybegynder

13. december 2010 - 08:59 #26

SystemLook 04.09.10 by jpshortstuff
Log created at 08:53 on 13/12/2010 by Kennie Søgaard
Administrator - Elevation successful

========== filefind ==========

Searching for "klmdb*"
No files found.

-= EOF =-

-------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7A8A000 \WINDOWS\system32\KDCOM.DLL
0xF799A000 \WINDOWS\system32\BOOTVID.dll
0xF745B000 ACPI.sys
0xF7A8C000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF744A000 pci.sys
0xF758A000 isapnp.sys
0xF799E000 compbatt.sys
0xF79A2000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B52000 pciide.sys
0xF780A000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF742C000 pcmcia.sys
0xF759A000 MountMgr.sys
0xF740D000 ftdisk.sys
0xF7A8E000 dmload.sys
0xF73E7000 dmio.sys
0xF79A6000 ACPIEC.sys
0xF7B53000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7812000 PartMgr.sys
0xF75AA000 VolSnap.sys
0xF73CF000 atapi.sys
0xF75BA000 disk.sys
0xF75CA000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AF000 fltmgr.sys
0xF739D000 sr.sys
0xF7386000 KSecDD.sys
0xF72F9000 Ntfs.sys
0xF72CC000 NDIS.sys
0xF75DA000 SISAGPX.sys
0xF72B2000 Mup.sys
0xF75EA000 gagp30kx.sys
0xF77FA000 \SystemRoot\system32\DRIVERS\processr.sys
0xF704F000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF703B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF760A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78AA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF700D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78B2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF761A000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF762A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF763A000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FEA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6EB3000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF78BA000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C7E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6C5A000 \SystemRoot\system32\drivers\portcls.sys
0xF764A000 \SystemRoot\system32\drivers\drmk.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C36000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6BDB000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7275000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7AC8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF7C83000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF765A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7271000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BC4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF766A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF767A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BB3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF768A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78E2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF769A000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6B83000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76AA000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ACE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B25000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A26000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76FA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB2D5D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB2EB9000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2C000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF829000 \SystemRoot\System32\drivers\vga.sys
0xF7B2E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B30000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF05E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB4AB6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEF989000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2584000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB252B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2503000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB24C2000 \SystemRoot\System32\drivers\afd.sys
0xB2CDD000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF3F0000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB24A0000 \??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS
0xB4AAE000 \??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
0xB2475000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB23CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB2BEF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB236F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB2BDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE89F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD958000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B20000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF974000 \SystemRoot\System32\drivers\Dxapi.sys
0xAE600000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB29AD000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAFD7A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD3E9000 \SystemRoot\system32\drivers\wdmaud.sys
0xF68EF000 \SystemRoot\system32\drivers\sysaudio.sys
0xAD1D6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAD12E000 \SystemRoot\system32\DRIVERS\srv.sys
0xACD7D000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC8EF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
652 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
892 C:\WINDOWS\system32\svchost.exe
968 svchost.exe
1004 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1184 svchost.exe
1576 C:\WINDOWS\explorer.exe
1592 C:\WINDOWS\system32\WLTRYSVC.EXE
1608 C:\WINDOWS\system32\BCMWLTRY.EXE
1728 C:\WINDOWS\system32\brsvc01a.exe
1748 C:\WINDOWS\system32\spoolsv.exe
1784 C:\WINDOWS\system32\brss01a.exe
2040 C:\WINDOWS\AGRSMMSG.exe
132 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
160 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
188 C:\WINDOWS\system32\rundll32.exe
200 C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
228 C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
224 C:\Programmer\Browny02\Brother\BrStMonW.exe
268 C:\WINDOWS\system32\ctfmon.exe
336 C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
488 C:\Programmer\Brother\ControlCenter3\BrccMCtl.exe
1432 svchost.exe
1468 C:\Programmer\Bonjour\mDNSResponder.exe
1552 C:\Programmer\Java\jre6\bin\jqs.exe
620 C:\WINDOWS\system32\svchost.exe
2156 C:\Programmer\Browny02\BrYNSvc.exe
2304 C:\WINDOWS\system32\wscntfy.exe
2600 alg.exe
2284 C:\Documents and Settings\Kennie Søgaard\Skrivebord\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001f`ff588800

PhysicalDrive0 Model Number: WDCWD2500BEVE-00A0HT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
127 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 0D33083CD9CD436C649B7447952A9CE33D4E83DA

Done!

Synes godt om

f-arn Guru

13. december 2010 - 16:59 #27

Drop fildeling ->
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://www.spywarefri.dk/forum/viewthread/40284/

Afinstaller µTorrent

------

Du svarede ikke på dette.

Har du prøvet at køre den som kiwankow.exe ?

------

Download OTL af OldTimer, gem den på dit skrivebord:

http://oldtimer.geekstogo.com/OTL.exe

Start OTL
Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"
Klik "Run Fix"

:files
ipconfig /flushdns /c

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Den laver en log, C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log som du gerne må kopiere herind

------

Prøv at køre BitDefender Online Scanner: http://www.bitdefender.com/scanner/online/free.html

Klik "Start Scanner" og følg instuktionerne.
Når den er færdig, klikker du på "Click here to view the report", og gemmer den på dit Skrivebord.
Kopier den herind.

PS Du skal bruge Internet Explorer.

Synes godt om

kiwankow Nybegynder

13. december 2010 - 18:47 #28

den går også i stå ved kiwankow.exe

----------------------------------------------

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\Kennie Søgaard\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\Kennie Søgaard\Skrivebord\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Kennie Søgaard
->Temp folder emptied: 2957484 bytes
->Temporary Internet Files folder emptied: 16450609 bytes
->Java cache emptied: 261289 bytes
->Flash cache emptied: 1839 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83929279 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2113950 bytes
%systemroot%\System32 .tmp files removed: 2660 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101,00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Kennie Søgaard
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12132010_183729

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\L4V32FC1\home_above;net=idgt;u=,idgt-74874341_1284791218,11b474740e8b934,none,;;dc=w;tile=1;fold=above;ord1=136985;sec=home;sz=930x180;contx=none;btg=;ord=646499414903069[1].5 not found!
File\Folder C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\405R6C82\home_above;net=idgt;u=,idgt-81629297_1284791235,11b474740e8b934,none,;;tile=1;dc=w;fold=above;ord1=690852;sec=home;sz=300x250;contx=none;btg=;ord=646499414903069[1].5 not found!
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temp\VGX42.tmp moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temp\VGX43.tmp moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temp\VGX44.tmp moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\XG0BHRTS\PIE[1].htc moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\MMFC0HTV\ads[1].htm moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\MMFC0HTV\free[1].htm moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\FPZ8E6LV\926021[1].htm moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\9RNTMIF0\dis[1].htm moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\Content.IE5\9RNTMIF0\jobgooglead[1].htm moved successfully.
C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

-------------------------------------------------------------

IE kan ikke åbne den side du linker til..!!

Synes godt om

f-arn Guru

13. december 2010 - 20:35 #29

Vil du godt prøve BitDefender Online Scanner igen. Den virker fint her.

------

Prøv at køre GMER efter denne vejledning.
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=208&title=gmer-vejledning

Læg mærke til:

Hvis du bliver advaret om rootkit aktivitet og den spørger om du vil køre en fuld scanning, så svar "NO"

PS Da dine sikkerhedsprogammer kan konflikte med GMER er det vigtigt at du deaktiverer dem. Husk også DeFogger delen.

Synes godt om

kiwankow Nybegynder

13. december 2010 - 20:45 #30

så kører bitdefender men den er ikke færdig før om 4 timer..

Synes godt om

kiwankow Nybegynder

14. december 2010 - 07:09 #31

Scan path: C:\;D:\;E:\;

Statistics

Time
02:45:13

Files
489951

Folders
13830

Boot Sectors
0

Archives
32470

Packed Files
49835

Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
2

Deleted Files
3

Engines Info

Virus Definitions
6410761

Engine build
AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

Scan plugins
18

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Kennie SÃ¸gaard\Skrivebord\musik\party cd\all star smash muth.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Kennie SÃ¸gaard\Skrivebord\musik\party cd\all star smash muth.mp3
Disinfected

C:\Documents and Settings\Kennie SÃ¸gaard\Skrivebord\musik\party cd\shall we be grateful CD quality.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Kennie SÃ¸gaard\Skrivebord\musik\party cd\shall we be grateful CD quality.mp3
Disinfected

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP331\A0332222.dll
Infected with: Gen:Variant.Adware.Rotator.1

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP331\A0332222.dll
Deleted

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP335\A0335258.exe
Infected with: Trojan.Generic.5176784

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP335\A0335258.exe
Deleted

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP335\A0335311.dll
Infected with: Gen:Variant.Adware.Rotator.1

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP335\A0335311.dll
Deleted

Synes godt om

kiwankow Nybegynder

14. december 2010 - 11:13 #32

kom til at køre gmer inden defogger og loggen ser sådan ud:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-14 10:56:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVE-00A0HT0 rev.11.01A11
Running: cdi4xnj5.exe; Driver: C:\DOCUME~1\KENNIE~1\LOKALE~1\Temp\uweiyaow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEABB620]

---- User code sections - GMER 1.0.15 ----

.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 413F54F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 414CDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 415C5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 415C4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 415C4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 415C4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 415C4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 415C508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[1676] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 415C4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 413F54F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 414C9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 414BD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 414CDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 41434656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 415C5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 415C4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 415C4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 415C4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 415C4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 415C508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 415C4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 414CDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmer\Internet Explorer\iexplore.exe[3452] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 415C538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

----------------------------------------------------------

kørte så defogger genstartede og kørte gmer igen denne gang så loggen således ud:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-14 11:06:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVE-00A0HT0 rev.11.01A11
Running: cdi4xnj5.exe; Driver: C:\DOCUME~1\KENNIE~1\LOKALE~1\Temp\uweiyaow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Synes godt om

f-arn Guru

14. december 2010 - 16:03 #33

Hent http://download.sysinternals.com/Files/Junction.zip
Pak den ud, og flyt Junction.exe til C:\Windows.

Klik Start -> Kør og kopier dette ind.
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

Klik OK.

Efter lidt tid vil der åbnes en log.
Kopier den herind.

Synes godt om

kiwankow Nybegynder

15. december 2010 - 16:08 #34

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\pagefile.sys: Processen kan ikke få adgang til filen, da den bruges af en anden proces.

Failed to open \\?\c:\\System Volume Information: Adgang nægtet.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...

...

.

Synes godt om

f-arn Guru

17. december 2010 - 04:00 #35

Vil du godt hente en ny ComboFix, og prøve igen.

Synes godt om

kiwankow Nybegynder

17. december 2010 - 11:17 #36

har prøvet igen. combofix vil stadig ikke køre, harddisken kører lige 30 sekunder så stopper alt aktivitet. lod den stå i 2,5 time igen uden nogen ændringer...

Synes godt om

kiwankow Nybegynder

18. december 2010 - 17:28 #37

efter endnu en opdatering af superantispyware fandt den nogle flere tracking cookies og to tjoan inficerede filer. efter disse blev fjernet lykkedes det mig at køre combofix i fejlsikret tilstand.

ComboFix 10-12-16.02 - Kennie Søgaard 18-12-2010 17:12:12.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.958.762 [GMT 1:00]
Kører fra: C:\Documents and Settings\Kennie Søgaard\Skrivebord\ComboFix.exe

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((( Filer skabt fra 2010-11-18 til 2010-12-18 )))))))))))))))))))))))))))))))))))
.

2010-12-18 14:58:16 . 2010-12-18 14:58:16 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-12-18 14:55:54 . 2010-12-18 14:55:54 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-12-16 14:08:49 . 2010-12-16 14:08:49 -------- d-----w- C:\Programmer\Lavalys
2010-12-13 18:42:32 . 2010-12-13 21:34:15 -------- d-----w- C:\WINDOWS\BDOSCAN8
2010-12-13 17:37:29 . 2010-12-13 17:37:29 -------- d-----w- C:\_OTL
2010-12-12 11:01:50 . 2010-12-12 11:02:04 -------- d-----w- C:\rsit
2010-12-09 19:02:25 . 2010-12-09 19:02:25 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\SUPERAntiSpyware.com
2010-12-09 19:02:08 . 2010-12-18 14:56:45 -------- d-----w- C:\Programmer\SUPERAntiSpyware
2010-12-09 18:54:23 . 2010-11-29 16:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-09 18:54:20 . 2010-12-09 18:54:25 -------- d-----w- C:\Programmer\Malwarebytes' Anti-Malware
2010-12-09 18:54:20 . 2010-11-29 16:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-09 18:44:21 . 2010-12-09 18:44:21 388096 ----a-r- C:\Documents and Settings\Kennie Søgaard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-09 18:44:20 . 2010-12-12 11:01:56 -------- d-----w- C:\Programmer\Trend Micro
2010-12-08 06:51:42 . 2010-12-08 06:51:42 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\Malwarebytes
2010-12-08 06:51:23 . 2010-12-08 06:51:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-08 02:32:32 . 2010-12-11 04:45:12 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\vlc
2010-12-08 02:17:14 . 2010-12-08 02:17:14 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\BSplayer Pro
2010-12-08 02:17:13 . 2010-12-12 15:00:07 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\BSplayer
2010-12-08 02:17:12 . 2010-12-08 02:17:12 -------- d-----w- C:\Programmer\Webteh
2010-12-06 07:35:06 . 2010-12-06 07:35:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-05 15:50:56 . 2010-12-05 15:50:56 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Lokale indstillinger\Application Data\Microsoft Help
2010-12-05 15:49:31 . 2010-12-12 12:49:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-12-05 11:59:09 . 2001-10-04 16:07:34 5632 ----a-w- C:\WINDOWS\system32\ptpusb.dll
2010-12-05 11:59:07 . 2008-04-13 18:45:34 15104 -c--a-w- C:\WINDOWS\system32\dllcache\usbscan.sys
2010-12-05 11:59:07 . 2008-04-13 18:45:34 15104 ----a-w- C:\WINDOWS\system32\drivers\usbscan.sys
2010-12-05 11:59:01 . 2008-04-14 16:05:32 159232 ----a-w- C:\WINDOWS\system32\ptpusd.dll
2010-12-05 09:44:51 . 2010-12-05 09:44:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-12-05 09:43:57 . 2010-12-05 09:43:57 -------- d-----w- C:\Programmer\Fælles filer\Apple
2010-12-05 09:43:36 . 2010-12-05 09:43:38 -------- d-----w- C:\Programmer\Apple Software Update
2010-12-03 17:12:11 . 2003-01-26 10:41:24 40960 ----a-w- C:\WINDOWS\system32\SSubTmr6.dll
2010-12-03 17:12:11 . 2000-05-22 12:58:12 115920 ----a-w- C:\WINDOWS\system32\msinet.OCX
2010-12-03 17:12:11 . 1999-03-25 16:00:00 101888 ----a-w- C:\WINDOWS\system32\VB6STKIT.DLL
2010-12-03 17:12:11 . 1998-07-12 20:00:00 15360 ----a-w- C:\WINDOWS\system32\inetfr.DLL
2010-12-03 17:12:10 . 2004-03-08 20:00:00 152848 ----a-w- C:\WINDOWS\system32\COMDLG32.OCX
2010-12-03 17:12:10 . 2000-10-01 16:00:00 119568 ----a-w- C:\WINDOWS\system32\VB6FR.DLL
2010-12-03 17:12:10 . 1998-07-12 20:00:00 141312 ----a-w- C:\WINDOWS\system32\MSCMCFR.DLL
2010-12-03 17:12:10 . 1998-07-12 16:00:00 32768 ----a-w- C:\WINDOWS\system32\CMDLGFR.DLL
2010-12-03 17:12:09 . 2010-12-04 04:34:37 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\FreeBurner
2010-11-29 11:20:23 . 2010-11-29 11:20:23 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\HamsterSoft
2010-11-29 05:57:27 . 2008-04-13 18:45:40 32128 -c--a-w- C:\WINDOWS\system32\dllcache\usbccgp.sys
2010-11-29 05:57:27 . 2008-04-13 18:45:40 32128 ----a-w- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-11-25 13:39:55 . 2010-11-25 13:39:55 -------- d-----w- C:\Documents and Settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 21:00:09 . 2010-11-03 21:00:11 25512 ----a-w- C:\WINDOWS\system32\drivers\ggsemc.sys
2010-11-03 21:00:09 . 2010-11-03 21:00:11 13224 ----a-w- C:\WINDOWS\system32\drivers\ggflt.sys
2010-11-03 21:00:09 . 2010-11-03 21:00:11 1112288 ----a-w- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2010-09-26 01:05:19 . 2010-09-22 06:51:41 87608 ----a-w- C:\Documents and Settings\Kennie Søgaard\Application Data\inst.exe
2010-09-26 01:05:19 . 2010-09-22 06:51:41 47360 ----a-w- C:\WINDOWS\system32\drivers\pcouffin.sys
2010-09-26 01:05:19 . 2010-09-22 06:51:41 47360 ----a-w- C:\Documents and Settings\Kennie Søgaard\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-17 17:05:22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 09:50:52 88363]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44:24 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43:12 688218]
"SiSPower"="SiSPower.dll" [2005-02-25 18:35:12 49152]
"SunJavaUpdateSched"="C:\Programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"ControlCenter3"="C:\Programmer\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 08:26:54 114688]
"BrStsMon00"="C:\Programmer\Browny02\Brother\BrStMonW.exe" [2010-02-09 14:43:16 2621440]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2010-09-08 10:17:42 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 16:05:45 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

S1 SASDIFSV;SASDIFSV;C:\Programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41:30 67656]
S3 BrYNSvc;BrYNSvc;C:\Programmer\Browny02\BrYNSvc.exe [24-09-2010 10:38:26 245760]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [03-11-2010 22:00:11 13224]
.
Indhold af mappen 'Planlagte Opgaver'

2010-12-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: sydbank.dk
FF - ProfilePath -
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Synes godt om

f-arn Guru

18. december 2010 - 21:18 #38

Start superantispyware, klik på preferences, statistics/logs, view log. Indholdet af denne log må du gerne kopiere herind. Jeg vil gerne vide hvad den fandt.

------

Vil du godt prøve at se på den ComboFix log igen. Den virker ikke komplet.

Synes godt om

kiwankow Nybegynder

19. december 2010 - 08:19 #39

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/09/2010 at 09:14 PM

Application Version : 4.46.1000

Core Rules Database Version : 5978
Trace Rules Database Version: 3790

Scan type : Complete Scan
Total Scan Time : 01:05:00

Memory items scanned : 435
Memory threats detected : 0
Registry items scanned : 6455
Registry threats detected : 0
File items scanned : 22025
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adserver3.openadex[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@tribalfusion[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@content.yieldmanager[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@tradedoubler[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@serving-sys[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@collective-media[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@track.adform[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@media6degrees[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@atdmt[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ad.yieldmanager[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@statse.webtrendslive[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@server.iad.liveperson[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adtech[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@bs.serving-sys[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@liveperson[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@liveperson[3].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ads.raasnet[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@content.yieldmanager[3].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@doubleclick[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@apmebf[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@mediaplex[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@adform[1].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@delivery-media.surftown[2].txt
C:\Documents and Settings\Kennie Søgaard\Cookies\kennie_søgaard@revsci[1].txt

Trojan.Agent/Gen-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP332\A0333179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP338\A0337328.DLL

Synes godt om

kiwankow Nybegynder

19. december 2010 - 08:26 #40

noget helt andet er at jeg på et tidspunkt brugte tweakUI til at fjerne de der irreterende popup bobler i winXP og lige siden dengang har jeg haft fejl/mangler i min IE. Når jeg trykker ctrlF for at søge på denne side kommer menubaren godt nok frem, men den er helt blank dvs. der ingen felter at skrive i...

Synes godt om

kiwankow Nybegynder

19. december 2010 - 09:36 #41

combofix i almindelig tilstand:

ComboFix 10-12-18.01 - Kennie Søgaard 19-12-2010 8:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.958.647 [GMT 1:00]
Kører fra: c:\documents and settings\Kennie Søgaard\Skrivebord\ComboFix.exe

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((( Filer skabt fra 2010-11-19 til 2010-12-19 )))))))))))))))))))))))))))))))))))
.

2010-12-18 21:40 . 2010-12-18 21:40 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\AVG10
2010-12-18 21:24 . 2010-12-18 21:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-18 21:21 . 2010-12-19 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-18 20:20 . 2010-12-18 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-18 14:58 . 2010-12-18 14:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-18 14:55 . 2010-12-18 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-12-16 14:08 . 2010-12-16 14:08 -------- d-----w- c:\programmer\Lavalys
2010-12-13 18:42 . 2010-12-13 21:34 -------- d-----w- c:\windows\BDOSCAN8
2010-12-13 17:37 . 2010-12-13 17:37 -------- d-----w- C:\_OTL
2010-12-12 11:01 . 2010-12-12 11:02 -------- d-----w- C:\rsit
2010-12-09 19:02 . 2010-12-09 19:02 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\SUPERAntiSpyware.com
2010-12-09 19:02 . 2010-12-18 14:56 -------- d-----w- c:\programmer\SUPERAntiSpyware
2010-12-09 18:54 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 18:54 . 2010-12-09 18:54 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-12-09 18:54 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 18:44 . 2010-12-09 18:44 388096 ----a-r- c:\documents and settings\Kennie Søgaard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-09 18:44 . 2010-12-12 11:01 -------- d-----w- c:\programmer\Trend Micro
2010-12-08 06:51 . 2010-12-08 06:51 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\Malwarebytes
2010-12-08 06:51 . 2010-12-08 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-08 02:32 . 2010-12-11 04:45 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\vlc
2010-12-08 02:17 . 2010-12-08 02:17 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\BSplayer Pro
2010-12-08 02:17 . 2010-12-12 15:00 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\BSplayer
2010-12-08 02:17 . 2010-12-08 02:17 -------- d-----w- c:\programmer\Webteh
2010-12-06 07:35 . 2010-12-06 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-05 15:50 . 2010-12-05 15:50 -------- d-----w- c:\documents and settings\Kennie Søgaard\Lokale indstillinger\Application Data\Microsoft Help
2010-12-05 15:49 . 2010-12-12 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-12-05 11:59 . 2001-10-04 16:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-05 11:59 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-05 11:59 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-05 11:59 . 2008-04-14 16:05 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-05 09:44 . 2010-12-05 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-05 09:43 . 2010-12-05 09:43 -------- d-----w- c:\programmer\Fælles filer\Apple
2010-12-05 09:43 . 2010-12-05 09:43 -------- d-----w- c:\programmer\Apple Software Update
2010-12-03 17:12 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-12-03 17:12 . 2000-05-22 12:58 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-12-03 17:12 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-12-03 17:12 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-12-03 17:12 . 2004-03-08 20:00 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-12-03 17:12 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-12-03 17:12 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-12-03 17:12 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-12-03 17:12 . 2010-12-04 04:34 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\FreeBurner
2010-11-29 11:20 . 2010-11-29 11:20 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\HamsterSoft
2010-11-29 05:57 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-29 05:57 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-25 13:39 . 2010-11-25 13:39 -------- d-----w- c:\documents and settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 21:00 . 2010-11-03 21:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-11-03 21:00 . 2010-11-03 21:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-11-03 21:00 . 2010-11-03 21:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-26 01:05 . 2010-09-22 06:51 87608 ----a-w- c:\documents and settings\Kennie Søgaard\Application Data\inst.exe
2010-09-26 01:05 . 2010-09-22 06:51 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-09-26 01:05 . 2010-09-22 06:51 47360 ----a-w- c:\documents and settings\Kennie Søgaard\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-18_16.19.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-19 07:36 . 2010-12-19 07:36 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2004-08-26 16:53 . 2008-04-14 16:05 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2010-12-18 21:24 . 2010-12-18 21:24 3065856 c:\windows\Installer\77b450.msi
+ 2010-12-18 21:20 . 2010-12-18 21:20 1548288 c:\windows\Installer\77b44c.msi
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-17 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ControlCenter3"="c:\programmer\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\programmer\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]
R3 BrYNSvc;BrYNSvc;c:\programmer\Browny02\BrYNSvc.exe [24-09-2010 10:38 245760]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [03-11-2010 22:00 13224]
.
Indhold af mappen 'Planlagte Opgaver'

2010-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Kennie Søgaard\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: sydbank.dk
FF - ProfilePath -
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Gennemført tid: 2010-12-19 08:58:17
ComboFix-quarantined-files.txt 2010-12-19 07:58

Pre-Kørsel: 61.726.580.736 byte ledig
Post-Kørsel: 61.830.172.672 byte ledig

- - End Of File - - 75252B7CD33F76A120D90635BCF6FAC8

Synes godt om

f-arn Guru

19. december 2010 - 19:55 #42

Vil du godt finde ComboFix-quarantined-files.txt, og kopiere den herind. Den ligger i C:\Qoobox.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

Synes godt om

kiwankow Nybegynder

20. december 2010 - 07:56 #43

2010-12-18 16:19:57 . 2010-12-19 07:57:01 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-18 16:17:44 . 2010-12-19 07:51:46 6,373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-09 17:10:30 . 2010-12-19 07:41:42 612 ----a-w- C:\Qoobox\Quarantine\catchme.log

Synes godt om

kiwankow Nybegynder

20. december 2010 - 08:12 #44

jeg kan desværre ikke køre den scanner, IE skriver udført men med fejl på siden.

Synes godt om

f-arn Guru

22. december 2010 - 10:15 #45

noget helt andet er at jeg på et tidspunkt brugte tweakUI til at fjerne de der irreterende popup bobler i winXP og lige siden dengang har jeg haft fejl/mangler i min IE

Kan du ikke huske hvad du lavede, for det kan være det der driller.

Synes godt om

kiwankow Nybegynder

22. december 2010 - 12:57 #46

nej kan desværre ikke huske hvad jeg ændrede, fandt en guide et eller andet sted. Men kan man ikke reparere/gendanne det som det var førhen..??

Synes godt om

f-arn Guru

22. december 2010 - 19:22 #47

Prøv at "Nulstille" internet indstillingerne i IE.

Synes godt om

kiwankow Nybegynder

23. december 2010 - 09:59 #48

Har både prøvet at nulstille alle indstillinger og har prøvet at geninstallere IE. men jeg kan stadig ikke søge på "denne side"...

Synes godt om

f-arn Guru

23. december 2010 - 10:26 #49

Klik Start -> Kør og kopier dette ind: regsvr32 oleacc.dll
Klik OK.

Så skulle den gerne skrive at oleacc.dll er blevet registreret ved DllRegisterServer. (noget i den retning - sidder ved en Engelsk Windows)

Synes godt om

kiwankow Nybegynder

23. december 2010 - 21:41 #50

yes og så..??

Synes godt om

f-arn Guru

23. december 2010 - 22:25 #51

Prøv om det hjalp på CTRL+F.

Synes godt om

kiwankow Nybegynder

24. december 2010 - 06:05 #52

det hjalp på CTR-F :-) Super..!!
Så er det bare et spørgsmål om hvorfor IE oftet "ikke svarer"

Synes godt om

f-arn Guru

24. december 2010 - 07:27 #53

Det er vist første gang du nævner det, men prøv lige ESET Online Scanner igen. Jeg vil gerne udelukke infektioner.

Synes godt om

kiwankow Nybegynder

27. december 2010 - 16:29 #54

C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP350\A0367851.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP362\A0378593.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{4A22B285-C0E5-4A30-8E4D-B97A460A7598}\RP362\A0378594.exe a variant of Win32/Adware.ErrorClean application deleted - quarantined

Synes godt om

f-arn Guru

27. december 2010 - 20:49 #55

Fint nok. Det lå i system restore, hvor det er ret uskadeligt.

Vil du godt opdatere Malwarebytes, (to gange) køre en hurtig skan, og kopiere loggen herind.

Du må også godt fortælle lidt mere om "IE oftet "ikke svarer""

Synes godt om

Computer Hjælp (Gratis) Mester

27. december 2010 - 21:00 #56

Du får (også) lige denne mht. IE ->

PS: IE er fin nok, hvis man 'behandler' den ordentlig. Her er lidt tips:

IE - Funktioner - Administerer Tilføjelsesprogrammer ->
Værktøjslinier og udvidelser:
Deaktiver de fleste elementer der.

IE - Funktioner - Administerer Tilføjelsesprogrammer ->
Søgemaskiner:
Hvis der står noget med Bing, Yahoo, Live, Msn, ...
så [Fjern] dem
Nederst "Find flere Søgemaskiner" og find Google og sæt den til [Standard].

IE - Funktioner - Administerer Tilføjelsesprogrammer ->
Acceleratorer:
Fjern alle elementer der (hvis nogle ?)

---

IE - Funktioner - Internet Indstillinger ->
Fanen Advanceret:
[ ] Genbrug vinduer ved start af genveje
[X] Tøm mappen Temporary Internet Files, når browser lukkes

---

Afinstall diverse IE Toolbar som du alligevel ikke bruger direkte:
[LiveToolbar]
[MSNToolbar]
[YahooToolbar]
[ASKToolbar]
[DeamonToolbar]
[...]
[...]

---

Synes godt om

kiwankow Nybegynder

28. december 2010 - 10:43 #57

der er noget windows live search som ikke kan fjernes..!! og kan heller ikke rigtig gøre google til standard søgemaskine..!!

Synes godt om

kiwankow Nybegynder

28. december 2010 - 10:52 #58

det er ikke muligt at opdatere malwarebytes mere end en gang.

Når IE ikke svarer bliver ikonet i toppen af brovseren til et almindeligt standard ikon istedet for det blå e, så står den der lidt og nogle gange kommer den igen efter lidt tid. nærmest som om computeren arbejder med for meget på en gang..

Synes godt om

f-arn Guru

28. december 2010 - 11:00 #59

Hvis jeg skal hjæpe skal jeg vide hvad der foregår - Dvs - du skal ikke køre andet end hvad jeg anviser.

Synes godt om

kiwankow Nybegynder

28. december 2010 - 13:42 #60

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28-12-2010 10:55:37
mbam-log-2010-12-28 (10-55-37).txt

Skanningstype: Hurtig skanning
Objekter skannet: 148768
Tid gået: 6 minut(ter), 23 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

Synes godt om

f-arn Guru

30. december 2010 - 05:32 #61

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmet foretage en oprydning. (Både Renser og Register)

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

Synes godt om

kiwankow Nybegynder

30. december 2010 - 08:25 #62

har jeg allerede gjort :-) men nu er det gjort igen..

Synes godt om

f-arn Guru

30. december 2010 - 09:05 #63

Klik Start -> Kør -> Skriv: sfc /scannow - bemærk mellemrummet efter sfc -> Klik OK
Der kommer en bjælke så længe scanningen kører, og når den er færdig, forsvinder den igen, og du får ikke andre meldinger.
Indsæt din Windows CD, hvis den be'r om det.
Genstart computeren.

Synes godt om

kiwankow Nybegynder

30. december 2010 - 20:11 #64

så er det gjort

Synes godt om

f-arn Guru

31. december 2010 - 04:25 #65

Prøv at køre med den et par dage, se om det hjalp.

Synes godt om

f-arn Guru

07. januar 2011 - 11:59 #66

Hjalp det ?

Synes godt om

kiwankow Nybegynder

26. januar 2011 - 12:43 #67

Hej igen. computeren er stadig meget sløv og IE går i stå somme tider. Men hvad endnu værre er at jeg ikke kan installere AVG igen..!!

Får fejlmelding om alvorlig intern fejl. Dette kan evt skyldes at du kører i fejlsikret tilstand eller at windows installer ikke er installeret korrekt.

Synes godt om

f-arn Guru

27. januar 2011 - 00:45 #68

Prøv at køre en chkdsk c:/r
http://support.microsoft.com/kb/315265/da

Synes godt om

Computer Hjælp (Gratis) Mester

03. februar 2011 - 08:39 #69

(Er du stadig igang ?)

Synes godt om

kiwankow Nybegynder

06. februar 2011 - 10:14 #70

jep stadig i gang :-)

Synes godt om

kiwankow Nybegynder

09. marts 2011 - 12:02 #71

Har nu droppet computeren og sat den til salg :-) så kom med nogle svar..!!

Synes godt om

Computer Hjælp (Gratis) Mester

10. marts 2011 - 21:00 #72

Ping ?

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS