CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

ingelo Praktikant

12. januar 2007 - 16:41 Der er 5 kommentarer og
1 løsning

hijack this, netbank

jeg er blevet kasserer i en forening, der bruger netbank, men er blevet rådet til at spørge Eksperten om jeg har noget liggende, der ikke skal være der.
Jeg vedlægger log-filen.

På forhånd mange tak

Logfile of HijackThis v1.99.1
Scan saved at 16:29:02, on 12-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Programmer\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Inge Andersen\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142627531296
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Synes godt om

ejvindh Ekspert

12. januar 2007 - 18:04 #1

Der er ikke noget at se i loggen, men prøv lige at lave en log med WinPFind3:

Hent Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry: Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: Non-Microsoft

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere bider.

Synes godt om

ingelo Praktikant

12. januar 2007 - 18:39 #2

okay det prøver jeg så

Synes godt om

ingelo Praktikant

12. januar 2007 - 19:38 #3

WindFind3

WinPFind3 logfile created on: 12-01-2007 18:36:59
WinPFind3U by OldTimer - Version 1.0.9 Folder = C:\Spyware\winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

515052 Kb Total Physical Memory | 174828 Kb Available Physical Memory | 33,94% Memory free
1257600 Kb Paging File | 866752 Kb Available in Paging File | 68,92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %ProgramFiles% = C:\Programmer
Drive C: | 35342968 Kb Total Space | 25831828 Kb Free Space | 73,09% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 02-06-2005 15:54:34 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 71304 bytes | Modified Date = 30-03-2006 16:02:52 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 255624 bytes | Modified Date = 30-03-2006 16:02:54 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 235144 bytes | Modified Date = 30-03-2006 16:02:56 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 17-10-2006 23:27:56 | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3818 | Size = 118784 bytes | Modified Date = 20-04-2004 19:43:18 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 04-11-2004 18:28:24 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16-02-2005 22:11:42 | Attr = ]
ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.012 | Size = 438272 bytes | Modified Date = 20-04-2004 11:01:20 | Attr = ]
ibmprc.exe -> %SystemDrive%\IBMTOOLS\utils\ibmprc.exe -> IBM Corp. [Ver = 1, 0, 0, 3 | Size = 90112 bytes | Modified Date = 19-03-2004 21:12:10 | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3818 | Size = 155648 bytes | Modified Date = 20-04-2004 19:47:22 | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 241775 bytes | Modified Date = 10-11-2005 12:03:52 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10-11-2005 12:03:52 | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 10.00.2 | Size = 158832 bytes | Modified Date = 07-07-2005 13:55:58 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01-09-2006 14:57:48 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-03-2004 22:21:10 | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 02-11-2006 17:17:14 | Attr = ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 11-12-2006 15:35:02 | Attr = ]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 02-11-2004 16:59:50 | Attr = ]
winpfind3u.exe -> %SystemDrive%\Spyware\winpfind3u\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.9.0 | Size = 306176 bytes | Modified Date = 06-01-2007 14:14:24 | Attr = ]
ytbsdk.exe -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\YTBSDK.exe -> Symantec Corporation [Ver = 2006.0.0.13 | Size = 214704 bytes | Modified Date = 28-06-2006 11:34:34 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 02-06-2005 15:54:34 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 255624 bytes | Modified Date = 30-03-2006 16:02:54 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 87688 bytes | Modified Date = 30-03-2006 16:02:54 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 235144 bytes | Modified Date = 30-03-2006 16:02:56 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 27-08-2004 02:53:50 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-03-2004 22:21:10 | Attr = ]
(navapsvc) Norton AntiVirus Auto Protect [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 10.00.2 | Size = 158832 bytes | Modified Date = 07-07-2005 13:55:58 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File not found
(PsaSrv) IBM PSA Access Driver Control [Win32_Own | On_Demand | Stopped] -> %System32%\PSASRV.EXE -> [Ver = | Size = 96824 bytes | Modified Date = 01-10-2003 00:11:36 | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = | Size = 194272 bytes | Modified Date = 25-01-2005 21:48:50 | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 1, 131 | Size = 66784 bytes | Modified Date = 25-06-2003 03:23:10 | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 02-11-2006 17:17:14 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005 10:17:22 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 02-11-2004 16:59:50 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Installationstjeneste til Intel(r) 82801-lyddriver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 18-08-2001 05:20:04 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18-08-2001 06:51:56 | Attr = ]
(amdagp) Filterdriver til AMD AGP-bus [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 04-08-2004 08:07:44 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18-08-2001 06:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18-08-2001 06:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 27-08-2004 02:48:14 | Attr = ]
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.43.0.0 built by: WinDDK | Size = 113664 bytes | Modified Date = 29-03-2004 22:55:22 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 05-10-2001 01:34:58 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18-08-2001 06:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 27-08-2004 02:49:40 | Attr = ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 27-08-2004 02:49:40 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 09-10-2001 16:00:00 | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 04-03-2003 20:56:26 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 14-12-2004 19:35:42 | Attr = R ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 14-12-2004 19:35:42 | Attr = R ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 14-12-2004 19:35:42 | Attr = R ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3818 | Size = 711005 bytes | Modified Date = 20-04-2004 20:09:44 | Attr = ]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %System32%\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 24-09-2004 02:39:58 | Attr = ]
(ikhfile) File Security Kernel Anti-Spyware Driver [File_System | System | Running] -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Modified Date = 10-07-2006 17:38:38 | Attr = ]
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Modified Date = 24-08-2006 12:40:36 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18-08-2001 06:52:12 | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060614.035\NAVENG.SYS -> Symantec Corporation [Ver = 20061.1.0.14 | Size = 77864 bytes | Modified Date = 01-06-2006 09:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060614.035\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.1.0.14 | Size = 799208 bytes | Modified Date = 01-06-2006 09:00:00 | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 04-08-2004 07:29:56 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(portio) TPM Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\NscTpmDD.sys -> National Semiconductor Corp. [Ver = 1.18.0.5 | Size = 14695 bytes | Modified Date = 27-04-2004 21:11:30 | Attr = ]
(psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\PSADD.SYS -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 13312 bytes | Modified Date = 25-10-2004 13:41:52 | Attr = ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 09-10-2001 16:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.12a | Size = 20576 bytes | Modified Date = 29-07-2004 19:55:34 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18-08-2001 06:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18-08-2001 06:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18-08-2001 06:52:18 | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\savrt.sys -> Symantec Corporation [Ver = | Size = 305288 bytes | Modified Date = 01-04-2005 23:38:42 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\savrtpel.sys -> Symantec Corporation [Ver = | Size = 37000 bytes | Modified Date = 25-01-2005 21:48:52 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 26-03-2002 05:02:14 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP-busfilter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 04-08-2004 08:07:44 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5240 | Size = 259648 bytes | Modified Date = 01-09-2004 21:17:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18-08-2001 07:07:44 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18-08-2001 07:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18-08-2001 07:07:36 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.7.1 | Size = 123248 bytes | Modified Date = 31-01-2006 14:35:34 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 05-04-2005 10:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 05-04-2005 10:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18-08-2001 07:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18-08-2001 07:07:42 | Attr = ]
(U81xbus) LGE U8XXX driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\U81xbus.sys -> MCCI [Ver = V4.20 | Size = 52352 bytes | Modified Date = 22-11-2004 11:23:00 | Attr = R ]
(U81xmdfl) LGE U8XXX USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\U81xmdfl.sys -> MCCI [Ver = V4.20 | Size = 6064 bytes | Modified Date = 22-11-2004 11:23:00 | Attr = R ]
(U81xmdm) LGE U8XXX USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\U81xmdm.sys -> MCCI [Ver = V4.20 | Size = 84480 bytes | Modified Date = 22-11-2004 11:23:00 | Attr = R ]
(U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\U81xmgmt.sys -> MCCI [Ver = V4.20 | Size = 77472 bytes | Modified Date = 22-11-2004 11:23:00 | Attr = R ]
(U81xobex) LGE U8XXX USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\U81xobex.sys -> MCCI [Ver = V4.20 | Size = 75456 bytes | Modified Date = 22-11-2004 11:23:00 | Attr = R ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 18-08-2001 06:52:22 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 71304 bytes | Modified Date = 30-03-2006 16:02:52 | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3818 | Size = 118784 bytes | Modified Date = 20-04-2004 19:43:18 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16-02-2005 22:11:42 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.012 | Size = 438272 bytes | Modified Date = 20-04-2004 11:01:20 | Attr = ]
IBMPRC -> %SystemDrive%\IBMTOOLS\utils\ibmprc.exe -> IBM Corp. [Ver = 1, 0, 0, 3 | Size = 90112 bytes | Modified Date = 19-03-2004 21:12:10 | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3818 | Size = 155648 bytes | Modified Date = 20-04-2004 19:47:22 | Attr = ]
Mouse Suite 98 Daemon -> ICO.EXE -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01-09-2006 14:57:48 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10-11-2005 12:03:52 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 06-04-2006 13:47:36 | Attr = ]
UC_SMB -> -> File not found
UC_Start -> %ProgramFiles%\IBM\Updater\ucstartup.exe -> [Ver = | Size = 36864 bytes | Modified Date = 01-10-2003 00:39:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.012 | Size = 438272 bytes | Modified Date = 20-04-2004 11:01:20 | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 11-12-2006 15:35:02 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 17-10-2006 23:27:56 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14-12-2004 04:44:06 | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 04-11-2004 18:28:24 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 7, 7, 1 | Size = 439872 bytes | Modified Date = 07-07-2006 11:52:12 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 7, 7, 1 | Size = 439872 bytes | Modified Date = 07-07-2006 11:52:12 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14-12-2004 01:56:50 | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 01-08-2006 15:27:06 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10-11-2005 12:22:12 | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 01-08-2006 15:23:12 | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 10-12-2003 18:02:38 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 10-12-2003 18:02:38 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 7, 7, 1 | Size = 439872 bytes | Modified Date = 07-07-2006 11:52:12 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 10-12-2003 18:02:38 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 7, 7, 1 | Size = 439872 bytes | Modified Date = 07-07-2006 11:52:12 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8195 - Reg Data - Value does not exist ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10-11-2005 12:22:12 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10-11-2005 12:22:12 | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Opslag] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel -> -> File not found
Send Image to Photo Library -> %UserAppData%\MGI\PhotoSuite4\Temp\MGI00000.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{792F0537-F929-4eb7-AC1D-FB6334C71550} [HKLM] -> %ProgramFiles%\LG PC Suite\LG Phone Manager\Phone.dll [LG Phone] -> LG Electornics [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 25-08-2004 17:16:00 | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 09-10-2001 16:00:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 10-12-2003 18:02:38 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3818 | Size = 225280 bytes | Modified Date = 20-04-2004 19:46:58 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 10.00.13 | Size = 103528 bytes | Modified Date = 10-12-2003 18:02:38 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 02:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{D3B07498-EE09-46E7-B381-3DE6DD4FC9D0} -> (Intel(R) PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142627531296 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.1 - CodeBase = http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> PopCapLoader Object - CodeBase = http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab ->

[Files - Created Wihin 30 days]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 231 bytes | Created Date = 29-12-2006 22:05:48 | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 972 bytes | Created Date = 29-12-2006 22:05:48 | Attr = ]
ikhfile.sys -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 29-12-2006 22:03:12 | Attr = ]
ikhlayer.sys -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 29-12-2006 22:03:11 | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527486976 bytes | Modified Date = 12-01-2007 16:11:58 | Attr = HS]
SSCOpts.dat -> %CommonProgramFiles%\Symantec Shared\Security Center\SSCOpts.dat -> [Ver = | Size = 1076 bytes | Modified Date = 12-01-2007 16:15:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12-01-2007 16:12:00 | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 14-12-2006 01:07:12 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 12-01-2007 16:13:18 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , Thawte Consulting , -> %SystemDrive%\Firefox Setup 1.5.0.1.exe -> Mozilla [Ver = 3, 12, 0, 0 | Size = 5183840 bytes | Modified Date = 01-04-2006 22:17:20 | Attr = ]
PECompact2 , Thawte Consulting , -> %SystemDrive%\GoogleEarth.exe -> InstallShield Software Corporation [Ver = 10.01.244 | Size = 11817800 bytes | Modified Date = 21-04-2006 20:33:28 | Attr = ]
UPX! , -> %SystemDrive%\vlc-0.8.5-win32.exe -> [Ver = | Size = 8282187 bytes | Modified Date = 09-10-2006 20:47:02 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 02-03-2006 16:18:34 | Attr = ]
UPX! , -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\1030\OWCFUN11.CHM -> [Ver = | Size = 599630 bytes | Modified Date = 18-08-2003 15:46:24 | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\Decomposers\Dec2EXE.dll -> Symantec Corporation [Ver = 3.02.11.13 | Size = 98304 bytes | Modified Date = 04-11-2003 17:33:44 | Attr = ]
WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20031104.016\VIRSCAN9.DAT -> [Ver = | Size = 880336 bytes | Modified Date = 04-11-2003 05:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060601.019\TCDEFS.DAT -> [Ver = | Size = 47087 bytes | Modified Date = 01-06-2006 09:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060601.019\VIRSCAN8.DAT -> [Ver = | Size = 1542955 bytes | Modified Date = 01-06-2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060601.019\VIRSCAN9.DAT -> [Ver = | Size = 3297889 bytes | Modified Date = 01-06-2006 09:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060614.035\TCDEFS.DAT -> [Ver = | Size = 47313 bytes | Modified Date = 14-06-2006 09:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060614.035\VIRSCAN8.DAT -> [Ver = | Size = 1550491 bytes | Modified Date = 14-06-2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060614.035\VIRSCAN9.DAT -> [Ver = | Size = 3338273 bytes | Modified Date = 14-06-2006 09:00:00 | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 46701 bytes | Modified Date = 16-05-2006 09:00:00 | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1536273 bytes | Modified Date = 16-05-2006 09:00:00 | Attr = ]
FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 3264238 bytes | Modified Date = 16-05-2006 09:00:00 | Attr = ]
CNNIC , -> %SystemRoot%\1280 x 1024 IBM EMEA Map.bmp -> [Ver = | Size = 1311800 bytes | Modified Date = 13-11-2002 03:45:24 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41123 bytes | Modified Date = 09-10-2001 16:00:00 | Attr = ]
PTech , -> %System32%\IbmEgath.dll -> IBM Corporation [Ver = 3, 0, 0, 11 | Size = 176128 bytes | Modified Date = 19-03-2004 21:03:56 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 09-10-2001 16:00:00 | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04-08-2004 07:41:38 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04-08-2004 07:41:38 | Attr = ]

< End of report >

Synes godt om

ejvindh Ekspert

12. januar 2007 - 19:59 #4

Du kan roligt installere netbank ;-)

Synes godt om

ingelo Praktikant

12. januar 2007 - 20:29 #5

takker

Synes godt om

ejvindh Ekspert

12. januar 2007 - 20:40 #6

Du er velkommen :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus	9	30/10/202312:12	15/12/202310:17
Jeg får en fejl på Enhedssikkerhed Af pouls i Virus	8	04/06/202321:28	05/06/202316:28

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS