split87 Nybegynder

25. september 2006 - 00:49 Der er 96 kommentarer og
1 løsning

hjælp lige nu.. er inficeret >hijackthis log

hej, jeg har en underlig mappe ved navn "%SystemDrive%" liggende på mit skrivebord -den er kommet af sig selv og ved ikke hvad det er.. min antivirus fandt også pludselig en backdoor virus af en art.. Har lige kørt en Ewido skanning..
Tjek venligst min log!

Logfile of HijackThis v1.99.1
Scan saved at 00:38:24, on 25-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthis v1.99.1\HijackThis.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Programmer\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Synes godt om

-bartfreak Nybegynder

25. september 2006 - 00:57 #1

ved ikke om der er snavs i din log..

Men se dette.->> http://en.wikipedia.org/wiki/Environment_variable#.25SystemDrive.25

Synes godt om

split87 Nybegynder

25. september 2006 - 01:07 #2

okay, men det ved jeg ikke hvad jeg skal få ud af.. vil bare gerne ha tjekket min log og evt finde ud af hvorfor den mappe er kommet og hvordan man får den væk uden skade...

Synes godt om

split87 Nybegynder

25. september 2006 - 01:14 #3

anyone?? hijackthis log...

Synes godt om

-bartfreak Nybegynder

25. september 2006 - 08:13 #4

http://no.mcafee.com/virusInfo/default.asp?id=description&virus_k=138739

Synes godt om

ejvindh Ekspert

25. september 2006 - 08:52 #5

Loggen er ren.

Synes godt om

-bartfreak Nybegynder

25. september 2006 - 09:23 #6

.O)

Synes godt om

split87 Nybegynder

25. september 2006 - 21:44 #7

okay men min pc er stadig inficeret.. har lige fundet ud af at jeg har en "SSUPDATE.EXE".. nogen der har haft oplevelser med denne virus må gerne skrive...

Synes godt om

forevernewbie Nybegynder

25. september 2006 - 23:15 #8

Den skal væk. Kør de to scannere nævnt her http://www.eksperten.dk/artikler/954

Synes godt om

split87 Nybegynder

26. september 2006 - 00:00 #9

lyder godt.. jeg prøver scannerne

Synes godt om

split87 Nybegynder

26. september 2006 - 00:02 #10

skal jeg følge den vejledning der er på den side med de scannere du har henvist til?

Synes godt om

fromsej Praktikant

26. september 2006 - 00:06 #11

Det ville da være en god idé.*S*
Ham der har skrevet artiklen har lagt en del arbejde i vejledningen.

Synes godt om

split87 Nybegynder

26. september 2006 - 00:10 #12

jeg havde allerede SAS installeret og skannet med den nogen gange uden fejlsikret tilstand inden jeg fik din vejledning håber ikke det har gjort nogen skade..

Synes godt om

forevernewbie Nybegynder

26. september 2006 - 00:42 #13

Det har det ikke. Nu kunne jeg ikke se SAS i din log, men den har også en legal fil der hedder SSUPDATE.EXE.

Den grimme kan du se her http://www.bleepingcomputer.com/startups/SSUpdate.exe-4703.html

Synes godt om

split87 Nybegynder

26. september 2006 - 15:35 #14

Her kommer de forskellige logs fra scanningerne. Dr. Web fandt ingenting.

SUPERAntiSpyware Scan Log
Generated 09/26/2006 at 10:25 AM

Core Rules Database Version : 3091
Trace Rules Database Version: 1120

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Ejer\Cookies\ejer@revsci[2].txt

og

Logfile of HijackThis v1.99.1
Scan saved at 15:31:33, on 26-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthis v1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Programmer\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Synes godt om

split87 Nybegynder

26. september 2006 - 17:40 #15

Det virker ikke helt som om den er clean er jeg bange for.. mappen der kom af sig selv på skrivebordet %SystemDrive% ligger der stadig, min messenger går hurtigt i stå og svarer ikke og når jeg går ind i C:\Programmer\Document and settings\User(min bruger) får jeg en popup med flg. indhold indtil jeg går ud af mappen igen:
[VINDUE TOP] Log På Microsoft Passport Network
[VINDUE INDHOLD] Logonnavn _____________
Adgangskode____________
osvosv..
jeg har lukket vinduet hver gang men det popper op igen efter et par sekunder hvis man ikke forlader mappen eller en af dens undermapper...

Lidt hjælp til hvad der er galt??

Synes godt om

forevernewbie Nybegynder

27. september 2006 - 01:09 #16

Tøm lige dine tempfiler, evt med dette lille program http://www.atribune.org/content/view/19/2/ Tøm det hele.

De ads du nævner i dit nye spørgsmål er fra MSN. Prøv lige at gendanne din hostsfil med dette program http://www.greyknight17.com/spy/Hoster.exe Klik restore original hosts.

Kan du ikke slette den mappe på skrivebordet ?

Synes godt om

split87 Nybegynder

27. september 2006 - 16:04 #17

Okay, har tømt alt på nær Java Cache og Prefetch -skal de også tømmes?
Hosts er gendannet. Man skulle ikke markere noget i programmet vel?
Mappen kunne godt slettes...men jeg kan tilsyneladende ikke gå ind i noget fra Skrivebordet eller Startmenuen i øjeblikket, ved ikke om det var en reaktion på at jeg slettede %SystemDrive% mappen... :S

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 00:08 #18

Det er ikke tømningen af tempfiler, eller gendannelsen af hostsfilen der giver det problem. Om sletningen af mappen kan gøre det ved jeg ikke. Jeg formoder du allerde har slettet den i papirkurven. Jeg er lidt blank nu, må jeg indrømme :(

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 00:11 #19

Du må prøve at systemgendanne til før du slettese mappen

Synes godt om

split87 Nybegynder

28. september 2006 - 14:17 #20

det viste sig at være at enkeltstående tilfælde, der var ikke noget galt med skrivebord og startmenu efter genstart, og nej jeg har stadig mappen liggende i Papirkurven endnu(just in case)..
men hvad med Java Cache og Prefetch, skal de også tømmes?

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 17:57 #21

Du kan lige fixe dit lydkorts "sladrehank" med HijackThis. Ikke noget alvorligt.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Tøm bare Java cachen og Prefetch for at få ryddet op, men generelt lad Prefetch være fremover. Den har nyttevirkning, og tømmer sig selv når den bliver for fyldt. Java cachen kan du roligt tømme en gang imellem.

Så skulle alt være ok, efter hvad jeg kan bedømme

Synes godt om

split87 Nybegynder

28. september 2006 - 18:07 #22

det er ikke nødvendigt at slå den i fejlsikret vel?

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 18:38 #23

Det er ikke nøvendigt

Synes godt om

split87 Nybegynder

28. september 2006 - 18:41 #24

Så er det gjort..
Men der er stadig noget der virker ret betænkeligt, ved ikke om du læste det jeg skrev i det nye Spørgsmål med en popup jeg får i nogle bestemte mapper ex. i C:\Documents and Settings\Anders(User) og i alle de andre brugermapper på nær i \All Users og \Administrator. En popup der kalder sig Microsoft Passport Network hvor man kan skrive et login og et password...hvad er det? Næppe noget der skal starte sig selv på den måde...når man lukker det popper det op igen efter et par sek så længe man bliver i en af de nævnte mapper.

Lige en ny hijack log herunder hvis det er.
Logfile of HijackThis v1.99.1
Scan saved at 18:29:40, on 28-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthis v1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Programmer\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Synes godt om

split87 Nybegynder

28. september 2006 - 18:45 #25

forresten kører msmsgs.exe i baggrunden selvom Msn Messenger er afinstalleret. Er det fra Windows Messenger? Og kan man fjerne den?

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 19:24 #26

Jeg kan ikke forklare hvorfor MSN er gået agurk på din maskine. Det ser ihvertfald ikke ud til at det er afinstalleret, da det stadigvæk starter op. Prøv lige om du kan køre afinstalleringen igen. Hent og kør også dette script som fjerner den gamle Messenger http://www.dougknox.com/xp/tips/xp_messenger_remove.htm

Kør HijackThis, og fix denne:

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background

Gå så i Start/Søg og søg på ordet messenger. Slet mapperne MSN messenger og messenger.

Synes godt om

split87 Nybegynder

28. september 2006 - 19:28 #27

det gør jeg lige.. vidste du noget om det med den popup jeg snakkede om i Kommentaren kl.18:41?

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 19:42 #28

Jeg kan ikke forklare hvorfor den loginboks kommer op hele tiden, men det er dette der kommer op https://accountservices.passport.net/ppnetworkhome.srf?lc=1030

Altså ikke noget snavs

Synes godt om

split87 Nybegynder

28. september 2006 - 19:57 #29

nej okay jeg tænkte bare at det var noget snavs der foregav at være det rigtige. Fatter nemlig ikke hvorfor den skulle lave det popup-nummer der..
Men nu har jeg slettet alle mapperne..

Synes godt om

split87 Nybegynder

28. september 2006 - 20:06 #30

hmm stadig popup efter mappesletningen..

Synes godt om

split87 Nybegynder

28. september 2006 - 20:48 #31

det virker som om at pc'en er blevet mere rolig nu faktisk..mht cpu'en.
jeg kan vel godt installere en nydownloadet messenger version nu uden problemer tror du ikke?

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 20:59 #32

Jo, det burde du kunne

Synes godt om

split87 Nybegynder

28. september 2006 - 21:24 #33

Tusind tak for hjælpen! Lækkert at du gad tage dig tid til at se på det. Jeg skriver lige igen hvis jeg opdager noget der er gået galt, her: http://www.eksperten.dk/spm/734858 Og hvis der ikke er -så får du bare de 100p oven i hatten indenfor en uges tid..bare lige smid et tomt svar der inde.

Synes godt om

split87 Nybegynder

28. september 2006 - 22:13 #34

nå pokkers.. live messenger fungerer ikke ordentligt.. jeg kunne logge på osv.. men efter kort tid fryser den når man vil gøre noget -skrive besked til folk osv.. :(

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 23:43 #35

Det lyder mærkeligt, det der. Prøv at afinstallere livemessenger igen, og ryd lidt op i registreringsdatabasen. Hvis du ikke har en regcleaner, så kan bruge den her http://www.tweaknow.com/RegCleaner.html Du kan fjerne det som er "safe to delete"

Synes godt om

forevernewbie Nybegynder

28. september 2006 - 23:52 #36

Scan i "Expert mode"

Synes godt om

split87 Nybegynder

30. september 2006 - 16:58 #37

Min SuperAntiSpyware har lige fundet 992 threats og scanner stadig.. "Trojan.Downloader-VSToolbar.process". "Trojan.Downloader-VSToolbar"(273stk), "Trojan.Downloader-LongJump"(717stk), Adware.Tracking Cookie(1stk).
nu er der faktisk næsten 1200threats..ikke skidegodt. jeg prøver lige at cleane systemet med de forskellige scannere og prøver regclean bagefter

Synes godt om

split87 Nybegynder

30. september 2006 - 17:12 #38

de er spredt ud i alle mulige forskellige mapper på c-drevet.. over 2000 threats nu..

Synes godt om

forevernewbie Nybegynder

30. september 2006 - 17:44 #39

Det lyder helt vildt det der. Kom lige med en HijackThis log

Synes godt om

forevernewbie Nybegynder

30. september 2006 - 17:44 #40

Vent med at lade scanneren fjerne noget

Synes godt om

split87 Nybegynder

30. september 2006 - 17:59 #41

over 5000 nu.. helt vanvittigt

Logfile of HijackThis v1.99.1
Scan saved at 17:59:03, on 30-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthis v1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [HPHUPD08] C:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Programmer\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Synes godt om

forevernewbie Nybegynder

30. september 2006 - 18:11 #42

Din log er ren. SAS må finde det der i en anden scanner, ellers kan jeg ikke forklare det. Prøv at se hvor SAS finder alt det der

Synes godt om

split87 Nybegynder

30. september 2006 - 18:19 #43

det er bl.a. alle mulige almindelige mapper.. skoleprogrammer osv.. der er 5748 ialt
.dll- .exe- .cpl-filer osv

Synes godt om

split87 Nybegynder

30. september 2006 - 18:34 #44

nå jeg er ikke hjemme resten af aftenen så besvarer nok først engang i morgen.. skal jeg lukke pc'en eller lade den stå tændt tror du? kan evt slå modem'et fra

Synes godt om

forevernewbie Nybegynder

30. september 2006 - 18:57 #45

Jeg kan ikke forklare på stående fod, hvorfor SAS finder alt det. Der er ikke noget at se i loggen, og hvis dine andre scannere ikke finder noget, skulle der jo ikke være noget problem

Synes godt om

forevernewbie Nybegynder

30. september 2006 - 20:09 #46

Der en fejl i SAS i øjeblikket. Andre oplever også multiinfektioner.

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30409

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30429

Fejlen bliver formentligt rettet hurtigt

Synes godt om

perhaps Nybegynder

01. oktober 2006 - 01:35 #47

Din SuperAntiSpyware er ødelagt af virus/trojaner. Du genetablerer den sådanne her: Afinstaller SAS, genstart computeren og geninstaller SAS og opdater den, så virker den igen.

Synes godt om

perhaps Nybegynder

01. oktober 2006 - 02:31 #48

Core og trace for SAS skal være 3096/1123

Synes godt om

fromsej Praktikant

01. oktober 2006 - 13:13 #49

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30453

Synes godt om

split87 Nybegynder

01. oktober 2006 - 15:15 #50

min Norton Internet Security ser ud til at være blevet ødelagt også.. den åbner ikke sig selv og programmet fryser ved opstart af det.. tør ikke sætte den til nettet før den er genoprettet.

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 15:35 #51

Som Fromsejs link fortæller, så er der noget rigtigt grimt på spil i øjeblikket. Det er formentligt ukendt, og noget som skjuler sig forbandet godt.

Gør lige dette:

(3) Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.gmer.net/gmer111beta.zip

Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v

Derefter:

Hent Blacklight her https://europe.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet (tag den øverste). Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu.

Synes godt om

split87 Nybegynder

01. oktober 2006 - 17:26 #52

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-01 17:19:15
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----

SSDT 86903D00 ZwAlertResumeThread
SSDT 867D6E60 ZwAlertThread
SSDT 86A8B960 ZwAllocateVirtualMemory
SSDT d347bus.sys ZwClose
SSDT 86921108 ZwConnectPort
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 8692DE60 ZwCreateMutant
SSDT d347bus.sys ZwCreatePagingFile
SSDT 869F75E8 ZwCreateThread
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT 869018B0 ZwFreeVirtualMemory
SSDT 868E07E0 ZwImpersonateAnonymousToken
SSDT 86903620 ZwImpersonateThread
SSDT 86AA4690 ZwMapViewOfSection
SSDT 86914A38 ZwOpenEvent
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\Programmer\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT 86901460 ZwOpenProcessToken
SSDT 86902190 ZwOpenThreadToken
SSDT d347bus.sys ZwQueryKey
SSDT 86A264A0 ZwQueryValueKey
SSDT 86912E98 ZwResumeThread
SSDT 86A804D8 ZwSetContextThread
SSDT 869138B0 ZwSetInformationProcess
SSDT 86903CC8 ZwSetInformationThread
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 86914A70 ZwSuspendProcess
SSDT 86913E98 ZwSuspendThread
SSDT \??\C:\Programmer\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
SSDT 86A80510 ZwTerminateThread
SSDT 867D6E98 ZwUnmapViewOfSection
SSDT 867D6E00 ZwWriteVirtualMemory

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FCE908
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86A21950
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8699E3F0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86ACF660
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8699E3F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_PNP 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CREATE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CREATE_NAMED_PIPE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CLOSE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_READ 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_WRITE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_QUERY_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SET_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_QUERY_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SET_EA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_FLUSH_BUFFERS 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_QUERY_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SET_VOLUME_INFORMATION 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_DIRECTORY_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_FILE_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SHUTDOWN 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_LOCK_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CLEANUP 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CREATE_MAILSLOT 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_QUERY_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SET_SECURITY 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_POWER 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SYSTEM_CONTROL 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_DEVICE_CHANGE 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_QUERY_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SET_QUOTA 869B01F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_PNP 869B01F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CREATE 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CREATE_NAMED_PIPE 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CLOSE 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_READ 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_WRITE 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_QUERY_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SET_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_QUERY_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SET_EA 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_FLUSH_BUFFERS 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_QUERY_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SET_VOLUME_INFORMATION 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_DIRECTORY_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_FILE_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SHUTDOWN 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_LOCK_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CLEANUP 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CREATE_MAILSLOT 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_QUERY_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SET_SECURITY 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_POWER 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SYSTEM_CONTROL 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_DEVICE_CHANGE 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_QUERY_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SET_QUOTA 8699E3F0
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_PNP 8699E3F0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86A48908
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86A24C20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86A24C20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86C560E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86C9A0E0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_CREATE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_CLOSE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_READ 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_WRITE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SET_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SET_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SHUTDOWN 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_CLEANUP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SET_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_POWER 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_SET_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 IRP_MJ_PNP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_CREATE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_CREATE_NAMED_PIPE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_CLOSE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_READ 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_WRITE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SET_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SET_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_FLUSH_BUFFERS 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_DIRECTORY_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SHUTDOWN 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_LOCK_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_CLEANUP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_CREATE_MAILSLOT 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SET_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_POWER 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_DEVICE_CHANGE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_QUERY_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_SET_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 IRP_MJ_PNP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_READ 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_CREATE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_CREATE_NAMED_PIPE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_CLOSE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_READ 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_WRITE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_QUERY_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SET_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_QUERY_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SET_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_FLUSH_BUFFERS 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_DIRECTORY_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SHUTDOWN 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_LOCK_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_CLEANUP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_CREATE_MAILSLOT 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_QUERY_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SET_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_POWER 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_DEVICE_CHANGE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_QUERY_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_SET_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target3Lun0 IRP_MJ_PNP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 86A57850
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 86A57850
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86A21950
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86A245E0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86A245E0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86A245E0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86A245E0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86A245E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86A09FB0

---- Modules - GMER 1.0.11 ----

Module _________ F75B2000

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 17:57 #53

Nåh, den blev lang pga Deamon Tools. Ingen tegn på rootkits der, og det er jo godt. Kom lige med loggen fra Blacklight

Synes godt om

split87 Nybegynder

01. oktober 2006 - 18:00 #54

Blacklight er igang med at scanne nu.. så loggen er på vej.

Synes godt om

split87 Nybegynder

01. oktober 2006 - 18:11 #55

10/01/06 17:49:55 [Info]: BlackLight Engine 1.0.47 initialized
10/01/06 17:49:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/01/06 17:49:56 [Note]: 7019 4
10/01/06 17:49:56 [Note]: 7005 0
10/01/06 17:50:02 [Note]: 7006 0
10/01/06 17:50:02 [Note]: 7011 2168
10/01/06 17:50:02 [Note]: 7026 0
10/01/06 17:50:02 [Note]: 7026 0
10/01/06 17:50:08 [Note]: FSRAW library version 1.7.1020
10/01/06 18:09:20 [Note]: 2000 1012
10/01/06 18:09:20 [Note]: 2000 1012
10/01/06 18:09:20 [Note]: 2000 1012
10/01/06 18:09:20 [Note]: 2000 1012

Synes godt om

split87 Nybegynder

01. oktober 2006 - 18:12 #56

hvor ser jeg Core og Trace for SAS??

Synes godt om

fromsej Praktikant

01. oktober 2006 - 18:29 #57

Dobbeltklik på den gule bille i Tray, det står på hovedsiden ovre til højre.

Synes godt om

split87 Nybegynder

01. oktober 2006 - 18:45 #58

OK..ser ikke godt ud så: Core:2847 Trace:1028 efter geninstallation.

Og lige noget andet, den sekundære pc jeg sidder på nettet med nu blev vidst angrebet i det jeg satte nettet til den før opstart.. den genstartede hver gang jeg kom ind men det lykkedes mig at slette nogle filer i Cookies bl.a. i fejlsikret, så den er stabil i øjeblikket...vil gerne være sikker på at denne pc ikke går ned da det er min eneste mulighed for internet for at redde den primære pc. Internat.exe er noget snavs ikke?? Min trial Panda Firewall blev disabled og nogle system-filer der skulle ændres ved geninstallation af denne blev nægtet adgang så jeg sidder tilsyneladende ubeskyttet lige nu :(
Denne log er ikke fra den pc vi har prøvet at fixe i denne tråd, men min sekundære:
Logfile of HijackThis v1.99.1
Scan saved at 18:34:31, on 01-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\starter.exe
E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
E:\Program Files\D-Tools\daemon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\Macromed\Flash\GetFlash.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Lager\Install files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

Synes godt om

split87 Nybegynder

01. oktober 2006 - 19:05 #59

I denne tråd: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30429 har brugeren Musse skrevet noget om at han havde restored sin pc 1 uge tilbage med noget kaldet Acronis.. Kan jeg gøre det samme og løse problemet på den måde?

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 19:21 #60

Mht SAS, så skal du afinstallere det helt, og slette mappen i programmer før du geninstaller det.

Log 2 er ren, men du har for meget sikkerhed kørende. Fjern E-Trust, og så skulle der være en chance for at Panda vil køre.

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 19:25 #61

For at kunne bruge Acronis til at gendanne, skal du have haft programmet installeret, og have haft lavet et image af din harddisk før problemet opstod, så det er ikke en løsning.

Synes godt om

split87 Nybegynder

01. oktober 2006 - 20:03 #62

okay men hvad er internat.exe så..? har jeg da aldrig set før.
Du fik ikke noget ud af blacklight og Rootkit vel..

Synes godt om

split87 Nybegynder

01. oktober 2006 - 20:11 #63

hvad er at foretrække pro-trial eller free-versionen af SAS? Har brugt pro indtil videre...

Synes godt om

split87 Nybegynder

01. oktober 2006 - 20:27 #64

e-trust?? den har været afinstalleret i lang tid.. og søgning finder ingen e-trust filer/mapper... ligger der en rest af den og laver ballade?

Synes godt om

split87 Nybegynder

01. oktober 2006 - 20:29 #65

Panda fungerede før jeg satte internettet til.. det var først da den lavede det der underlige med automatisk genstart af pc og det at Panda var sat ud af spil...

Synes godt om

split87 Nybegynder

01. oktober 2006 - 20:48 #66

Jeg gjorde som du sagde med SAS, slettede mappen osv.. Installerede free-versionen istedet denne gang efter genstart. MEN Core og Trace er stadig på de 2 sidstnævnte værdier :( Der er noget snavs der har rigtig godt fat i min pc...

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 21:56 #67

Internat.exe er helt ok.

Følg rådet om SAS her http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30453

Fix denne med HijackThis:

O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe

Gå i Start/Kør, skriv cmd og tast <enter>. I vinduet der åbner, skriver du sc delete vsmon og taster <enter>

Og så må vi jage videre efter den mystiske infektion:

Kom med en log fra WinpFind http://www.bleepingcomputer.com/files/winpfind.php

Udpak det til egen mappe, luk alle vinduer, og kør den grønne exefil. Klik Start scan. Scanningen kan godt tage et stykke tid, så vær lidt tålmodig. OBS, klik ikke i vinduet imens den scanner, da den så kan fryse. Når den er færdig, så Copy to clipboard, og paste indholdet her ind.

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 21:58 #68

E-Trust ligger i ca mappen. Slet den F:\PROGRA~1\ CA

Synes godt om

split87 Nybegynder

01. oktober 2006 - 22:03 #69

det råd der med SAS har jeg lidt svært ved eftersom min Norton Firewall jo ikke fungerer. Det er derfor jeg sidder på nettet på denne sekundære pc...

Synes godt om

split87 Nybegynder

01. oktober 2006 - 22:08 #70

Var det her "Gå i Start/Kør, skriv cmd og tast <enter>. I vinduet der åbner, skriver du sc delete vsmon og taster <enter>" ment til pc'en med e-trust eller den primære pc?

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 22:18 #71

Den med E-Trust. Den skulle gerne slette firewallservicen. Glem SAS indtil videre

Synes godt om

split87 Nybegynder

01. oktober 2006 - 22:22 #72

Fik følgende svar ud af det: 'sc' is not recognized as an internal or external command,
operable program or batch file.

Synes godt om

split87 Nybegynder

01. oktober 2006 - 22:39 #73

Ved hvad jeg kan gøre mht min Norton Internet Security 2007 -hvordan får jeg den op at køre igen?

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 23:04 #74

Fjern Norton helt her, og geninstaller det http://service1.symantec.com/support/inter/tsgeninfointl.nsf/dk_docid/20050411155241924

Mht servicen:

Gå i Start/Kør og Skriv: services.msc Find så denne tjeneste "TrueVector Internet Monitor". Dobbeltklik på den. Under "Tjenestestatus" klikker du "STOP", under "Starttype" vælger du "DEAKTIVERET".

Synes godt om

split87 Nybegynder

01. oktober 2006 - 23:12 #75

hehe der er gigantisk tordenvejr over os.. venter lige lidt med at starte den primære pc op.. til det lige driver over.

Hvilken pc var dette ment til? "Mht servicen:

Gå i Start/Kør og Skriv: services.msc Find så denne tjeneste "TrueVector Internet Monitor". Dobbeltklik på den. Under "Tjenestestatus" klikker du "STOP", under "Starttype" vælger du "DEAKTIVERET"."

Synes godt om

split87 Nybegynder

01. oktober 2006 - 23:37 #76

så er det vidst drevet over...
Hvilken pc var dette ment til? "Mht servicen:

Gå i Start/Kør og Skriv: services.msc Find så denne tjeneste "TrueVector Internet Monitor". Dobbeltklik på den. Under "Tjenestestatus" klikker du "STOP", under "Starttype" vælger du "DEAKTIVERET"."

Synes godt om

forevernewbie Nybegynder

01. oktober 2006 - 23:49 #77

Det er til den seneste HJT log du lagde ind.

Det bliver let lidt rodet når der er gang i to maskiner i samme tråd ;-)

Synes godt om

split87 Nybegynder

01. oktober 2006 - 23:56 #78

hehe ja det gør nemlig.. så lad os bare sige den der er inficeret="XP:" og den med e-trust="2000:" så kan jeg se hvilken du mener..

Synes godt om

split87 Nybegynder

02. oktober 2006 - 00:00 #79

Stop knappen var ikke aktiv, kunne ikke trykke på den. Men har sagt disabled under starttype og ok

Synes godt om

split87 Nybegynder

02. oktober 2006 - 00:33 #80

har sat WinPFind scanneren igang, geninstallerer Norton når den er færdig.. du sagde scanningen tog lang tid...snakker vi et kvarter eller flere timer??

Synes godt om

split87 Nybegynder

02. oktober 2006 - 00:37 #81

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 02-10-2006 00:30:52
WinPFind v1.5.0 Folder = C:\unzipped\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 21-12-1999 07:58:02 21312 C:\WINDOWS\choice.exe ()
UPX! 22-08-2004 18:04:56 69120 C:\WINDOWS\daemon.dll ()
PECompact2 05-01-2005 02:48:26 11832468 C:\WINDOWS\LPT$VPN.333 ()
qoologic 05-01-2005 02:48:26 11832468 C:\WINDOWS\LPT$VPN.333 ()
SAHAgent 05-01-2005 02:48:26 11832468 C:\WINDOWS\LPT$VPN.333 ()
UPX! 05-01-2005 02:48:26 162885 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 05-01-2005 02:48:26 11832468 C:\WINDOWS\VPTNFILE.333 ()
qoologic 05-01-2005 02:48:26 11832468 C:\WINDOWS\VPTNFILE.333 ()
SAHAgent 05-01-2005 02:48:26 11832468 C:\WINDOWS\VPTNFILE.333 ()
UPX! 05-01-2005 02:48:26 1036800 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 05-01-2005 02:48:26 1036800 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
WSUD 12-12-2003 04:40:30 14193152 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 18-03-2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26-05-2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
PEC2 24-09-2003 00:18:00 41123 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 16-09-2003 13:57:34 147968 C:\WINDOWS\SYSTEM32\fmod.dll (Firelight Firelight Technologies Pty, Ltd)
PTech 20-09-2006 17:35:52 571696 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 11-09-2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11-09-2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 27-08-2004 02:53:24 712704 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 27-08-2004 02:53:54 258048 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
WSUD 15-06-2005 17:20:00 5136384 C:\WINDOWS\SYSTEM32\nvoglnt.dll (NVIDIA Corporation)
qoologic 05-01-2005 01:49:00 7938418 C:\WINDOWS\SYSTEM32\pav.sig ()
aspack 05-01-2005 01:49:00 7938418 C:\WINDOWS\SYSTEM32\pav.sig ()
SAHAgent 05-01-2005 01:49:00 7938418 C:\WINDOWS\SYSTEM32\pav.sig ()
winsync 05-01-2005 01:49:00 7938418 C:\WINDOWS\SYSTEM32\pav.sig ()
Umonitor 27-08-2004 02:53:42 667648 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 24-09-2003 07:07:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 20-09-2006 17:35:42 280368 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 04-08-2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02-10-2006 00:09:56 S 2048 C:\WINDOWS\bootstat.dat ()
01-10-2006 20:55:48 H 54156 C:\WINDOWS\QTFont.qfn ()
23-09-2006 19:06:50 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
23-09-2006 19:06:50 RH 0 C:\WINDOWS\assembly\pubpol9.dat ()
21-08-2006 15:00:18 S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
18-09-2006 16:40:02 S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
20-09-2006 17:36:14 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat ()
02-10-2006 00:35:34 H 1024 C:\WINDOWS\system32\config\default.LOG ()
02-10-2006 00:15:00 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
02-10-2006 00:15:16 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
02-10-2006 00:30:34 H 1024 C:\WINDOWS\system32\config\software.LOG ()
02-10-2006 00:27:20 H 1024 C:\WINDOWS\system32\config\system.LOG ()
14-09-2006 08:45:38 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
27-08-2006 19:22:30 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
27-08-2006 19:22:30 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
27-08-2006 19:22:30 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
27-08-2006 19:22:30 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
27-08-2006 19:22:30 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
27-08-2006 19:22:30 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
21-08-2006 23:08:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\710f8076-9aca-4129-adae-5811690844c7 ()
21-08-2006 23:08:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
01-10-2006 21:00:02 H 232 C:\WINDOWS\Tasks\AFB1031091BAB510.job ()
01-10-2006 21:00:02 H 232 C:\WINDOWS\Tasks\BD223BF69501ABAE.job ()
02-10-2006 00:10:26 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
27-08-2004 02:53:54 69632 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
16-08-2005 20:16:10 208896 C:\WINDOWS\SYSTEM32\AKCPanel.cpl (Anark Corporation)
12-12-2003 04:40:30 14193152 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
27-08-2004 02:53:54 551936 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
27-08-2004 02:53:54 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
27-08-2004 02:53:54 136192 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
27-08-2004 02:53:54 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
27-08-2004 02:53:54 155648 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
18-11-2003 08:19:24 98304 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
27-08-2004 02:53:54 358912 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
27-08-2004 02:53:54 131584 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
27-08-2004 02:53:54 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
27-08-2004 02:53:54 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
02-01-2004 06:15:50 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems)
24-09-2003 00:28:00 188416 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
27-08-2004 02:53:54 620032 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
24-09-2003 01:05:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
27-08-2004 02:53:54 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
27-08-2004 02:53:54 258048 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
15-06-2005 17:20:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
27-08-2004 02:53:54 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
27-08-2004 02:53:54 115200 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
27-08-2004 02:53:56 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
24-09-2003 02:15:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
29-04-2004 01:51:28 32768 C:\WINDOWS\SYSTEM32\TIControlPanel.cpl (Texas Instruments Incorporated)
27-08-2004 02:53:56 93696 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
27-08-2004 02:53:56 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26-05-2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
24-09-2003 00:28:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
24-09-2003 01:05:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
24-09-2003 02:15:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
26-05-2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
12-12-2003 04:40:30 14193152 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

Checking for Downloaded Program Files...
{029FDBA6-3547-11D7-AA4C-0050BF051A00} - Rawflow ICD Client - CodeBase = http://downol.dr.dk/download/netradio/Rawflow.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0E5F0222-96B9-11D3-8997-00104BD12D94} - PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
{131EB16C-BD58-443F-8151-6DFBB0DA1778} - Anark Client 3.0 ActiveX Control - CodeBase = http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab
{358DFA15-D48C-4296-8D16-7405F918333B} - Fronter Open-Edit-Save Control (VersionControl) - CodeBase = http://fronter.com/fyn/links/Fronter_oes_prj.cab
{3D2CB570-D425-11D5-ABD0-00008369C46F} - CSMenu Class - CodeBase = https://netbank.bgbank.dk/html/activex/BG/Menu.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
{54B52E52-8000-4413-BD67-FC7FE24B59F2} - EARTPatchX Class - CodeBase = http://www.ea.com/downloads/rtpatch/EARTPX.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{92E7E45A-D8C8-480E-AF99-176E43997CAA} - Aurigma Image Uploader 3.5 Combo Control - CodeBase = http://www.pixdiscount.com/clients/ImageUploader3.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://www.pandasoftware.com/activescan/as5/asinst.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38138.9992476852
{A590956F-AE99-4419-BB39-3C721276C625} - Util Class - CodeBase = https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/msnmessengersetupdownloader.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8575CE3-3432-4540-88A9-85A1325D3375} - e-Safekey - CodeBase = https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
15-04-2005 19:15:10 976 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk ()
11-06-2006 08:38:12 1753 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk ()
02-01-2004 05:39:38 HS 84 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini ()
23-09-2006 19:07:56 1804 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk ()
23-09-2006 19:11:06 794 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Hurtig start.lnk ()
19-06-2006 23:02:08 668 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Launchy.lnk ()
31-05-2004 19:29:26 747 C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Photo Loader supervisory.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02-01-2004 05:33:18 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
23-09-2006 19:14:22 2497 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
13-09-2006 19:22:56 4412 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
02-01-2004 05:39:38 HS 84 C:\Documents and Settings\Anders\Menuen Start\Programmer\Start\desktop.ini ()
31-07-2005 18:02:28 646 C:\Documents and Settings\Anders\Menuen Start\Programmer\Start\SpywareGuard.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
02-01-2004 05:33:18 HS 62 C:\Documents and Settings\Anders\Application Data\desktop.ini ()
03-10-2004 14:14:48 0 C:\Documents and Settings\Anders\Application Data\dm.ini ()
20-09-2004 22:23:50 70848 C:\Documents and Settings\Anders\Application Data\GDIPFONTCACHEV1.DAT ()
28-09-2006 20:36:54 6168 C:\Documents and Settings\Anders\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log ()
28-09-2006 20:38:40 0 C:\Documents and Settings\Anders\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log ()
28-09-2006 20:38:42 353 C:\Documents and Settings\Anders\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log ()
28-09-2006 20:40:56 35403 C:\Documents and Settings\Anders\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log ()
28-09-2006 20:38:20 2442 C:\Documents and Settings\Anders\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log ()
28-09-2006 20:38:10 3073 C:\Documents and Settings\Anders\Application Data\PatchUpdate_InstantShareJPG.log ()
28-09-2006 20:37:58 3646 C:\Documents and Settings\Anders\Application Data\PatchUpdate_IZClosingDiscError.log ()
28-09-2006 20:35:22 86153 C:\Documents and Settings\Anders\Application Data\Update_HP_RedboxHprblog_HPSU.log ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.midtfyns-gym.dk/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CE000994-A58C-4441-8938-744CD72AB27F} - i-Nav IDN SearchHook = C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Programmer\SpywareGuard\dlprotect.dll ()
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\programmer\google\googletoolbar2.dll (Google Inc.)
\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar Helper = C:\Programmer\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
\{CE000992-A58C-4441-8938-744CD72AB27F} - i-Nav IDN Resolver = C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - Dagens &tip = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar = C:\Programmer\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\programmer\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\programmer\google\googletoolbar2.dll (Google Inc.)
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - = ()
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - = ()
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Hyperlinks = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\programmer\google\googletoolbar2.dll (Google Inc.)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar = C:\Programmer\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8199
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8195 =
\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - 8196 =
\\{CE000992-A58C-4441-8938-744CD72AB27F} - 8197 = i-Nav Hjælp
\\{CE000996-A58C-4441-8938-744CD72AB27F} - 8198 = i-Nav Indstillinger

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\WINDOWS\System32\msjava.dll ()
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{CE000992-A58C-4441-8938-744CD72AB27F} - ButtonText: i-Nav Hjælp = http://idn.verisign-grs.com/plug-in/support/index.jsp ()
\{CE000996-A58C-4441-8938-744CD72AB27F} - MenuText: i-Nav Indstillinger = ()

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Kontrolpanel-udvidelse til skærmpanorering = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Grænsefladeudvidelser til filkomprimering = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontekstmenu til kryptering = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal-ikon = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Proceslinje og menuen Start = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Brugerkonti = ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = c:\Programmer\RecordNow!\shlext.dll (Sonic Solutions)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\System32\ShellvRTF.dll (XSS)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Programmer\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programmer\WinRAR\rarext.dll ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} - TIShelEx Shell Extension = C:\PROGRA~1\FLLESF~1\TISHAR~1\TICONN~1\TIShlExt.dll (Texas Instruments Incorporated)
\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = ()
\\{62998FFD-B0A8-4019-8B86-CF0785539EC5} - IE Privacy Keeper Secure Delete Shell Extension = C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll (UnH Solutions)
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard = C:\Programmer\SpywareGuard\spywareguard.dll ()
\\{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = C:\Programmer\SmartFTP\smarthook.dll (SmartFTP)
\\{CE000992-A58C-4441-8938-744CD72AB27F} - i-Nav IDN Resolver = C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.)
\\{CE000994-A58C-4441-8938-744CD72AB27F} - i-Nav IDN SearchHook = C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll (VeriSign, Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Programmer\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmer\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\IEPKSecureDelete - {62998FFD-B0A8-4019-8B86-CF0785539EC5} = C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll (UnH Solutions)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmer\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\IEPKSecureDelete - {62998FFD-B0A8-4019-8B86-CF0785539EC5} = C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll (UnH Solutions)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPHmon05 - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
LogonStudio - C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
!ewido - C:\Programmer\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
AutoTBar - c:\Programmer\HP\Digital Imaging\bin\AUTOTBAR.EXE ()
QuickTime Task - C:\Programmer\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Programmer\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BackupNotify - c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe ()
Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe ()
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
msnmsgr - C:\Programmer\MSN Messenger\msnmsgr.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk - C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini ()
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Launchy.lnk - C:\Programmer\Launchy\Launchy.exe (TODO: <Company name>)
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Photo Loader supervisory.lnk - C:\Programmer\CASIO\Ploader\Plauto.exe (CASIO COMPUTER CO.,LTD.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Anders\Menuen Start\Programmer\Start\desktop.ini ()
C:\Documents and Settings\Anders\Menuen Start\Programmer\Start\SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
\\i-NavFourF -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Programmer\SpywareGuard\spywareguard.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Programmer\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{706DD8F6-6A84-4677-B6DC-30BBEA7B207C} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{F60A0AB0-42B8-4B82-B13D-101184C5ED4C} - (1394-netværkskort)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Synes godt om

forevernewbie Nybegynder

02. oktober 2006 - 01:16 #82

Der er ikke noget suspekt i Winpfind loggen.

I farten glemte jeg at du skal slette denne mappe, på 2000 maskinen:

C:\WINNT\system32\ ZONELABS

Det skal gøres i fejlsikret

Synes godt om

split87 Nybegynder

02. oktober 2006 - 15:09 #83

Gjorde som du sagde med ZoneLabs på "2000" i morges. Men da jeg så tændte for pc'en igen idag virkede internettet ikke.. der er forbindelse på modemet men den kan ikke vise nogen sider på nettet, som om der ikke var forbindelse. Så jeg sidder i øjeblikket på en offentlig pc og skriver... Hvordan fixer jeg dette?

Synes godt om

forevernewbie Nybegynder

02. oktober 2006 - 15:34 #84

Det var SAS der foråsagede problemet med de deaktiverede sikkerhedsprogrammer http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=30453

Mht til internetforbindelsen, så prøv at gå i start/kør og skriv cmd og tast <enter>

I vinduet skriver du ipconfig /renew (husk mellemrum) og taster enter, og genstarter.

Ellers bliver du nødt til at tjekke om der skulle ligge flere Zonealarm filer på harddisken http://nh2.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html

Lidt nede på siden

Synes godt om

split87 Nybegynder

02. oktober 2006 - 16:55 #85

super, cmd virkede. er på igen

Synes godt om

forevernewbie Nybegynder

02. oktober 2006 - 17:06 #86

Det var da godt. Så er vi vel i mål

Synes godt om

split87 Nybegynder

02. oktober 2006 - 19:22 #87

Nå tog vidst lige glæden på forskud.. efter 5min kan jeg ikke være på nettet igen, først efter jeg så på ny fornyer ipconfig..

Synes godt om

split87 Nybegynder

02. oktober 2006 - 19:23 #88

Og denne meddelelse får jeg når jeg enten prøver at installere eller afinstallere Panda..tror noget vira har fixet nogle filer eller noget...?

File error

The following error ocurred on the file 'C:\WINNT\system32\Drivers\cpoint.sys'
The following error ocurred on the file 'C:\WINNT\system32\TpUtil.dll'
The following error ocurred on the file 'C:\WINNT\system32\PavSHook.dll'
The following error ocurred on the file 'C:\WINNT\system32\pavipc.dll'
The following error ocurred on the file 'C:\WINNT\system32\SYSTOOLS.DLL'
The following error ocurred on the file 'C:\WINNT\system32\Drivers\PAVDRV50.SYS'

Access is denied.
(0x5)

|Abort|Retry|Ignore|

Synes godt om

split87 Nybegynder

02. oktober 2006 - 19:26 #89

Og da det eneste man kan fortsætte installationen med er |Ignore| kommer Firewall'en og Virus Protection ikke til at fungere, i Panda er security level: LOW! Og der står error ud for de to førnævnte..

Synes godt om

fromsej Praktikant

02. oktober 2006 - 20:19 #90

Hent Regsupreme.
http://www.macecraft.com/downloads/RegSupreme_setup.exe

Pil dit netkabel ud, genstart i fejlsikret, afinstaller Panda.

Start RegSupreme, du kan vælge sprog ved at klikke på Language på øverste bjælke.
Flyt prikken til Grundig.
Klik på Start, når den er færdig, klik på Vælg øverst til venstre, klik på alle.
Klik så på Orden nederst til højre, skriv et navn i Backupvinduet der kommer frem og klik OK.
Så kører det.
Kør scanningen to-tre gange.

Genstart normalt, geninstaller Panda, netstikket i, opdater Panda.

Synes godt om

split87 Nybegynder

02. oktober 2006 - 22:14 #91

mon ikke det var en god ide jeg lige kørte samme program på min inficerede xp pc også...

Synes godt om

fromsej Praktikant

02. oktober 2006 - 22:34 #92

Det skader i hvert fald ikke.

Synes godt om

split87 Nybegynder

02. oktober 2006 - 22:39 #93

det hjalp ikke på de file errors der... panda kan stadig ikke installeres ordentligt pga dem..

Synes godt om

split87 Nybegynder

03. oktober 2006 - 01:34 #94

Argh jeg kan heller ikke få Norton removal tool til at fungere, så geninstallation af Nortons Firewall m.m. på xp-pc'en virker heller ikke, hvis man skal følge vejledningen...http://service1.symantec.com/support/inter/tsgeninfointl.nsf/dk_docid/20050411155241924
Min Norton er ødelagt. Lige nu er jeg kun "beskyttet" af Windows Firewall, Ewido og SG.. >8(
Ved ikke hvad jeg skal gøre....?

Synes godt om

forevernewbie Nybegynder

05. oktober 2006 - 17:13 #95

Jeg må tilstå, at jeg ikke kan finde hoved eller hale i det mere. Kunne du ikke oprette nogle selvstændige spørgsmål for begge maskiner

Synes godt om

split87 Nybegynder

07. oktober 2006 - 17:53 #96

ok, ja jeg kan godt se det er forvirrende...for lige oprettet nogle nye

Synes godt om

split87 Nybegynder

07. oktober 2006 - 18:20 #97

Jeg har oprettet to nye tråde nu. Én til hver pc...

Synes godt om

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

I går 12:32	iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
08/0410:38	Indholdsfortegnelse ændrer sig, når jeg gemmer som PDF Af Jan K i Word
06/0419:53	installer mange programmer på en gang Af Overgaard1654 i Andet software
06/0417:48	Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
06/0413:13	Batch OCR Af KurtG i Billedbehandling

Notifikationer

hjælp lige nu.. er inficeret >hijackthis log

Log ind eller opret profil

Hov!