Søg
Avatar billede staal Praktikant
13. januar 2007 - 08:00 Der er 27 kommentarer og
1 løsning

Angreb hijack log file check - please

Logfile of HijackThis v1.99.1
Scan saved at 07:58:31, on 13-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\programmer\daemon tools\daemon.exe
C:\programmer\macrogaming\sweetim\sweetim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
C:\programmer\xp tools\xptools.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\Programmer\PowerISO\PowerISO.exe
C:\Programmer\PowerISO\dvdburn.exe
C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmer\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] c:\programmer\daemon tools\daemon.exe
O4 - HKLM\..\Run: [gcasServ] c:\programmer\microsoft antispyware\gcasserv.exe
O4 - HKLM\..\Run: [UpdReg] c:\windows\updreg.exe
O4 - HKLM\..\Run: [TrojanScanner] c:\programmer\trojan remover\trjscan.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] c:\programmer\canon\easy-printtoolbox\bjpsmain.exe
O4 - HKLM\..\Run: [nod32kui] c:\programmer\eset\nod32kui.exe
O4 - HKLM\..\Run: [SweetIM] c:\programmer\macrogaming\sweetim\sweetim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
O4 - HKCU\..\Run: [XPTools] c:\programmer\xp tools\xptools.exe
O4 - HKCU\..\Run: [SweetIM] c:\programmer\macrogaming\sweetim\sweetim.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
Avatar billede staal Praktikant
13. januar 2007 - 09:00 #1
Jeg har kørt SPyBot, AVG, AdAware, men synes ikke at det er nok - der må være noget mere
Avatar billede ejvindh Ekspert
13. januar 2007 - 23:19 #2
Der er ikke noget hårdt skidt i loggen. Dog vil jeg anbefale dig at afinstallere SweetIM, der har en lidt flosset privacy-politik, og fixe disse linier i HJT-loggen:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Har du nogle problemer, der tyder på infektion?
Avatar billede staal Praktikant
14. januar 2007 - 19:48 #3
.....
C:\windows\system32\drivers\WINclock.exe\trojan horseIRC/backdoor.cloner
.....
C:\windows\system32\drivers\smnt.exe\trojan horse HideWindow
.....
Hvorledes fjerner jeg disse - asap
Avatar billede ejvindh Ekspert
14. januar 2007 - 20:02 #4
Jeg kan se, at du får hjælp af Fromsej herinde:
http://www.eksperten.dk/spm/756034

Jeg tror det er bedre, at der ikke er 2, der arbejder på samme log. Jeg vil gerne hjælpe dig færdig, men så synes jeg du skal lukke det andet spørgsmål :-)
Avatar billede staal Praktikant
15. januar 2007 - 08:21 #5
Process.exe    C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\Smitfraud\SmitfraudFix    Tool.Prockill    Renamed.
restart.exe    C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\Smitfraud\SmitfraudFix    Tool.ShutDown.11    Renamed.
FND17.NFI    C:\Programmer\ESET\cache    Trojan.Slime    Deleted.
spsexec.exe    C:\WINDOWS\system32\drivers    Program.PsExec.131    Renamed.
.............
SUPERAntiSpyware Scan Log
Generated 01/14/2007 at 11:44 PM

Application Version : 3.3.1020

Core Rules Database Version : 3164
Trace Rules Database Version: 1176

Scan type      : Complete Scan
Total Scan Time : 01:11:38

Memory items scanned      : 439
Memory threats detected  : 0
Registry items scanned    : 7788
Registry threats detected : 0
File items scanned        : 41325
File threats detected    : 126

Adware.Tracking Cookie
    C:\Documents and Settings\Ejer\Cookies\ejer@stat.postdanmark[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1069384766[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@maxxx-videos[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@partypoker[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adfair[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.cdfreaks[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@a[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@bannere.fyens[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@drivecleaner[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.newgrounds[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1066681172[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1071802871[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@banner.cdpoker[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@focalex[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.arto[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@e2.emediate[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@nissan-nordics[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@m1.webstats4u[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.primeinteractive[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@danish.partypoker[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@3d-sexgames[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cgi-bin[3].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cgi-bin[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@image.masterstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@smileycentral[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@4stats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ad[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@counter.sexsuche[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@justelite.blogspot[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@clicktorrent[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.cartoonnetwork[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.mininova[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.image2share[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@i[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[7].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ad1.emediate[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@counter.plugin[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adinterax[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1069146164[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ats[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@intaclick[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adopt.euroclick[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@hmt.connexpromotions[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1065155531[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@1066635320[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@elitebits[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@indexstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@st[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.screensavers[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.sex-sex-sex[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.maxxx-videos[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@sexdebut[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@kanoodle[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@revsci[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@sexyfunpics[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@sextv1[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@pphlogger[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cgi-bin[5].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.3d-sexgames[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@nextag[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@interclick[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.xxxloading[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@sexnoveller[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@nissan[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.jouwstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats.ilsemedia[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mediavantage[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@tdstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.uploadtemple[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@tripod[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.cracksearchengine[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@nextstat[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@sexdruid[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@toplist[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mb[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mb[4].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[4].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[6].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@nissan-models[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@publishers.clickbooth[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@track.adform[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.antivermins[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mb[3].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mb[5].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@popularscreensavers[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.webstat[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www2.mystats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.sexfarmer[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@please[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@webpower[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.sexnoveller[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.belstat[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cs.sexcounter[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.belstat[3].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.theporntoplist[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.nabosex[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[3].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ultra-xxx[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.xxxmsncam[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@server.cpmstar[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.tgsex[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@webstats4u[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cgi-bin[4].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.sextvad[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ilead.itrack[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adsense[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cracks[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@toplist[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@tracker[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@ads.arto[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@adtech[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@cs.sexcounter[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@hosting.free-toplist[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@ilead.itrack[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@image.masterstats[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@kanoodle[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@m1.webstats4u[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@revsci[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@sextv1[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@tribalfusion[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@www.xxxstations[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@xxxcounter[1].txt
.........
Logfile of HijackThis v1.99.1
Scan saved at 08:19:55, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\programmer\quicktime\qttask.exe
C:\programmer\daemon tools\daemon.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmer\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] c:\programmer\daemon tools\daemon.exe
O4 - HKLM\..\Run: [gcasServ] c:\programmer\microsoft antispyware\gcasserv.exe
O4 - HKLM\..\Run: [UpdReg] c:\windows\updreg.exe
O4 - HKLM\..\Run: [TrojanScanner] c:\programmer\trojan remover\trjscan.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] c:\programmer\canon\easy-printtoolbox\bjpsmain.exe
O4 - HKLM\..\Run: [nod32kui] c:\programmer\eset\nod32kui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
O4 - HKCU\..\Run: [XPTools] c:\programmer\xp tools\xptools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
Avatar billede ejvindh Ekspert
15. januar 2007 - 09:22 #6
OK, der fandt heller ikke det helt store. Lad os lige prøve at lave et par ekstra checks:

-- Hent Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: Non-Microsoft

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere bider.

-- Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.young-andersen.dk/gamer/gamer.zip
Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.
Avatar billede staal Praktikant
15. januar 2007 - 10:17 #7
WinPFind3 logfile created on: 15-01-2007 09:50:03
WinPFind3U by OldTimer - Version 1.0.10    Folder = C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1048048 Kb Total Physical Memory | 463408 Kb Available Physical Memory | 44,22% Memory free
1734032 Kb Paging File | 1239740 Kb Available in Paging File | 71,49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 78140128 Kb Total Space | 8093544 Kb Free Space | 10,36% Space Free
Drive D: | 40146400 Kb Total Space | 2049940 Kb Free Space | 5,11% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 22-12-2006 08:32:34 | Attr =    ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 22-12-2006 08:32:42 | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-12-2006 08:32:48 | Attr =    ]
cdlabelprint.exe -> %ProgramFiles%\Canon\CD-LabelPrint\CDLabelPrint.exe -> Media Navigation,Inc/Monolith Corp. [Ver = 1.0.2.0 | Size = 2272256 bytes | Modified Date = 30-04-2004 02:02:00 | Attr =    ]
clcapsvc.exe -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ->  [Ver = 4.00.1718 | Size = 221281 bytes | Modified Date = 23-05-2005 17:09:54 | Attr =    ]
clmlserver.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
clmlservice.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 737381 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
clsched.exe -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ->  [Ver = 4.00.1718 | Size = 110687 bytes | Modified Date = 23-05-2005 17:09:56 | Attr =    ]
crazy browser.exe -> %ProgramFiles%\Crazy Browser\Crazy Browser.exe -> www.CrazyBrowser.com [Ver = 3.0.0.0 | Size = 429568 bytes | Modified Date = 12-02-2006 03:23:32 | Attr =    ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13-12-1999 02:01:00 | Attr =    ]
daemon.exe -> %ProgramFiles%\daemon tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12-11-2006 11:48:48 | Attr =    ]
easy cd cover creator.exe -> %ProgramFiles%\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe ->  [Ver = 1, 0, 0, 1 | Size = 1048576 bytes | Modified Date = 14-11-2005 15:29:02 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\nmbgmonitor.exe -> Nero AG [Ver = 1, 2, 0, 23 | Size = 94208 bytes | Modified Date = 22-08-2006 09:52:02 | Attr =    ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
qttask.exe -> %ProgramFiles%\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 20-12-2005 07:44:24 | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 3, 0, 1020 | Size = 1294336 bytes | Modified Date = 18-10-2006 11:36:02 | Attr =    ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.478 | Size = 960000 bytes | Modified Date = 11-01-2006 01:56:36 | Attr =    ]
utorrent.exe -> %UserDesktop%\DVD tools\utorrent.exe ->  [Ver =  | Size = 174163 bytes | Modified Date = 05-07-2006 11:22:12 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 12-01-2007 16:20:26 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 22-12-2006 08:32:34 | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-12-2006 08:32:48 | Attr =    ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 22-12-2006 08:32:42 | Attr =    ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ->  [Ver = 4.00.1718 | Size = 221281 bytes | Modified Date = 23-05-2005 17:09:54 | Attr =    ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ->  [Ver = 4.00.1718 | Size = 110687 bytes | Modified Date = 23-05-2005 17:09:56 | Attr =    ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13-12-1999 02:01:00 | Attr =    ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 26-08-2004 16:53:50 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04-04-2005 00:41:10 | Attr =    ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 2, 10, 0 | Size = 208896 bytes | Modified Date = 08-08-2006 21:15:50 | Attr =    ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> NetGroup - Politecnico di Torino [Ver = 3, 1, 0, 23 | Size = 86016 bytes | Modified Date = 14-05-2004 12:02:46 | Attr =    ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 20-12-2005 07:44:24 | Attr =    ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 05-06-2006 12:59:18 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AMON) AMON [Kernel | Auto | Running] -> %System32%\drivers\amon.sys -> Eset  [Ver = 2, 51, 30  | Size = 502368 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) | Size = 16877 bytes | Modified Date = 17-07-2002 14:53:02 | Attr =    ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> %System32%\drivers\atksgt.sys ->  [Ver =  | Size = 271360 bytes | Modified Date = 27-11-2006 22:17:10 | Attr =    ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr =    ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,398 | Size = 28416 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr =    ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Cap7134) ProVideo Capture [Kernel | On_Demand | Running] -> %System32%\drivers\cap7134.sys -> Philips Semiconductors [Ver = 2, 3, 1, 2 | Size = 334944 bytes | Modified Date = 24-03-2004 18:35:12 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(CO_Mon) CO_Mon [Kernel | On_Demand | Stopped] -> %System32%\drivers\CO_Mon.sys ->  [Ver =  | Size = 28672 bytes | Modified Date = 04-12-2006 13:17:50 | Attr =    ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctlsb16) Creative SB16/AWE32/AWE64-driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctlsb16.sys -> Copyright (C) Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Modified Date = 17-08-2001 20:19:20 | Attr =    ]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 130192 bytes | Modified Date = 22-09-2003 01:48:06 | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 26-08-2004 16:49:40 | Attr =    ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 26-08-2004 16:49:40 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(ezplay) VSO Software ezplay [Kernel | On_Demand | Stopped] -> %System32%\drivers\ezplay.sys -> VSO Software [Ver = 8, 0, 0, 1 | Size = 94080 bytes | Modified Date = 23-11-2006 10:13:54 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HWFProt) Hywave File Protector HWFProt [Kernel | Boot | Running] -> %System32%\drivers\HWFProt.sys -> HyWave Corporation [Ver = 2003 | Size = 44480 bytes | Modified Date = 11-05-2003 23:20:34 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 5, 0, 2 | Size = 50048 bytes | Modified Date = 13-12-2005 14:18:50 | Attr =    ]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042Kbd.SYS -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 13568 bytes | Modified Date = 10-05-2006 08:56:08 | Attr =    ]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042mou.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 56064 bytes | Modified Date = 10-05-2006 08:56:18 | Attr =    ]
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LBeepKE) LBeepKE [Kernel | Auto | Running] -> %System32%\drivers\LBeepKE.sys -> Logitech, Inc. [Ver = 3.0.107.00 | Size = 3712 bytes | Modified Date = 29-06-2006 23:53:44 | Attr =    ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 14095 bytes | Modified Date = 03-03-2004 09:50:00 | Attr =    ]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 37887 bytes | Modified Date = 03-03-2004 09:50:00 | Attr =    ]
(lirsgt) lirsgt [Kernel | Auto | Running] -> %System32%\drivers\lirsgt.sys ->  [Ver =  | Size = 18048 bytes | Modified Date = 27-11-2006 22:17:08 | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 71680 bytes | Modified Date = 10-05-2006 08:56:50 | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 23:41:38 | Attr =    ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.80.5.0 | Size = 8704 bytes | Modified Date = 29-05-2006 07:26:36 | Attr =    ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 29-05-2006 07:26:36 | Attr =    ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.80.5.0 | Size = 127488 bytes | Modified Date = 29-05-2006 07:26:38 | Attr =    ]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\npf.sys -> NetGroup - Politecnico di Torino [Ver = 3, 1, 0, 23 | Size = 32896 bytes | Modified Date = 14-05-2004 10:37:10 | Attr =    ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 3650368 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 178672 bytes | Modified Date = 22-09-2003 01:47:38 | Attr =    ]
(P17) Sound Blaster Live! 24-bit [Kernel | On_Demand | Running] -> %System32%\drivers\P17.sys -> Creative Technology Ltd. [Ver = 5.12.01.314 | Size = 840960 bytes | Modified Date = 04-06-2004 09:27:46 | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 07-01-2007 19:09:52 | Attr =    ]
(pctvvbi) pctvvbi [Kernel | On_Demand | Stopped] -> %System32%\drivers\pctvvbi.sys -> Pinnacle Systems [Ver = 2.0.0.4 | Size = 6400 bytes | Modified Date = 11-11-2002 18:52:54 | Attr =    ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 205 | Size = 10368 bytes | Modified Date = 01-04-2006 08:53:04 | Attr =    ]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\PfModNT.sys -> Creative Technology Ltd. [Ver = 3.0.0.3 | Size = 15840 bytes | Modified Date = 05-03-2003 12:19:28 | Attr =    ]
(PhTVTune) ProVideo WDM TVTuner [Kernel | On_Demand | Running] -> %System32%\drivers\PhTvTune.sys -> Philips Semiconductors [Ver = 2, 3, 1, 2 | Size = 24288 bytes | Modified Date = 24-03-2004 20:21:30 | Attr =    ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RecAgent) RecAgent [Kernel | Boot | Running] -> %System32%\drivers\RecAgent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(rtl8139) NT-driver til Realtek RTL8139(A/B/C) PCI Fast Ethernet-netværkskort [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03-08-2004 23:31:34 | Attr =    ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1024 | Size = 29184 bytes | Modified Date = 19-09-2006 16:06:52 | Attr =    ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 30988 bytes | Modified Date = 09-09-2006 10:31:40 | Attr =    ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 10-08-2006 19:05:54 | Attr =    ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology (StarForce) [Ver = 1.41 | Size = 51200 bytes | Modified Date = 01-03-2006 18:51:16 | Attr =    ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology (StarForce) [Ver = 2.4 | Size = 6656 bytes | Modified Date = 14-02-2006 15:48:38 | Attr =    ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 03-12-2004 11:20:42 | Attr =    ]
(sfsync03) StarForce Protection Synchronization Driver (version 3.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync03.sys -> Protection Technology [Ver = 3.9 | Size = 35328 bytes | Modified Date = 06-12-2005 16:11:20 | Attr =    ]
(sfsync04) StarForce Protection Synchronization Driver (version 4.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync04.sys -> Protection Technology (StarForce) [Ver = 4.4 | Size = 49664 bytes | Modified Date = 21-02-2006 13:48:06 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP-busfilter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 04-08-2004 00:07:44 | Attr =    ]
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Modified Date = 03-08-2004 23:41:44 | Attr =    ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Modified Date = 03-08-2004 23:41:46 | Attr =    ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Modified Date = 03-08-2004 23:41:46 | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 639224 bytes | Modified Date = 23-11-2006 09:17:48 | Attr =    ]
(STAC97NA) SigmaTel 3D Environmental Audio [Kernel | On_Demand | Stopped] -> %System32%\drivers\stac97na.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 296179 bytes | Modified Date = 20-09-2002 17:42:32 | Attr =    ]
(STAC97NH) STAC97NH [Kernel | On_Demand | Stopped] -> %System32%\drivers\stac97nh.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 231983 bytes | Modified Date = 20-09-2002 17:43:18 | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(vaxscsi) vaxscsi [Kernel | On_Demand | Stopped] -> %System32%\drivers\vaxscsi.sys -> Alcohol Soft Co., Ltd. [Ver = 4.03.0.0 built by: WinDDK | Size = 223128 bytes | Modified Date = 20-03-2006 11:13:00 | Attr =    ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
Avatar billede staal Praktikant
15. januar 2007 - 10:17 #8
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools -> %ProgramFiles%\daemon tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12-11-2006 11:48:48 | Attr =    ]
Easy-PrintToolBox -> %ProgramFiles%\Canon\easy-printtoolbox\BJPSMAIN.EXE -> CANON INC. [Ver = 1, 1, 0, 0 | Size = 409600 bytes | Modified Date = 14-01-2004 02:10:02 | Attr =    ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset  [Ver = 2, 51, 30  | Size = 921600 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
QuickTime Task -> %ProgramFiles%\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
TrojanScanner -> %ProgramFiles%\trojan remover\Trjscan.exe -> Simply Super Software [Ver = 6.5.1.1167 | Size = 309248 bytes | Modified Date = 28-07-2006 12:58:18 | Attr =    ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11-05-2000 01:00:00 | Attr =    ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\nmbgmonitor.exe -> Nero AG [Ver = 1, 2, 0, 23 | Size = 94208 bytes | Modified Date = 22-08-2006 09:52:02 | Attr =    ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 3, 0, 1020 | Size = 1294336 bytes | Modified Date = 18-10-2006 11:36:02 | Attr =    ]
XP Tools -> %ProgramFiles%\XP Tools\xptools.exe -> XPTools [Ver = 5.9.0.0 | Size = 2113536 bytes | Modified Date = 02-05-2006 16:57:12 | Attr =    ]
XPTools -> %ProgramFiles%\XP Tools\xptools.exe -> XPTools [Ver = 5.9.0.0 | Size = 2113536 bytes | Modified Date = 02-05-2006 16:57:12 | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1006 | Size = 77824 bytes | Modified Date = 28-09-2006 12:22:36 | Attr =    ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{588599f4-de26-4c28-ba14-f4eb17e33481} [HKLM] -> Reg Data - Key not found [emptins] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL ->  -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ ->  ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://www.verdensnavle.dk/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant ->  ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.verdensnavle.dk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  ->
online_musicmatch.com [https] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31-05-2005 01:04:00 | Attr =    ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 09-12-2005 15:22:26 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.276 | Size = 847608 bytes | Modified Date = 19-05-2006 09:31:40 | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{09FE188B-6E85-479e-9411-51FB2220DF80} -> 8195 - Reg Data - Key not found ->
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> 8201 - S&end to OneNote ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Value does not exist ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> 8199 - Reg Data - Value does not exist ->
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -> 8200 - Opret Foretrukken på mobil enhed... ->
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8202 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{936E5D60-596C-11D3-BB96-00600816DF55} -> 8197 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8198 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Opret Foretrukken på mobil enhed] -> File not found
{936E5D60-596C-11D3-BB96-00600816DF55} -> Reg Data - Value does not exist [ButtonText: iFinger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel ->  -> File not found
E&xport to Microsoft Excel ->  -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30-01-2001 12:56:24 | Attr =    ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover Shell Extension] -> File not found
{68f32140-2ca3-11d0-acc1-444553540000} [HKLM] -> %ProgramFiles%\ACD Systems\PicaView\PicaView.dll [PicaView] -> ACD Systems, Ltd. [Ver = 2, 0, 0, 78 | Size = 495616 bytes | Modified Date = 15-02-2001 17:40:12 | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagIt Shell Extension] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter Menu Shell Extension] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 10, 0 | Size = 73728 bytes | Modified Date = 08-08-2006 21:16:14 | Attr =    ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-2006 12:40:48 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{68f32140-2ca3-11d0-acc1-444553540000} [HKLM] -> %ProgramFiles%\ACD Systems\PicaView\PicaView.dll [PicaView] -> ACD Systems, Ltd. [Ver = 2, 0, 0, 78 | Size = 495616 bytes | Modified Date = 15-02-2001 17:40:12 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-2006 12:40:48 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 10, 0 | Size = 73728 bytes | Modified Date = 08-08-2006 21:16:14 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Crazy Browser 1.0.5 ->  ->
SIMBAR Enabled ->  ->
SIMBAR={EC988DE7-4F13-4457-9E18-56FF23C1A658} ->  ->
SV1 ->  ->
www.lifetranslator.biz ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} ->    (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{68978A0E-E2B5-4335-A6F0-5B03EE75A323} ->    (1394-netværkskort) ->
{98E66EA9-2654-40EA-8F7A-644BF4AD8355} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 01-11-2006 15:21:20 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB ->
{029FDBA6-3547-11D7-AA4C-0050BF051A00} -> Rawflow ICD Client - CodeBase = http://downol.dr.dk/download/netradio/Rawflow.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab ->
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -> Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab ->
{33564D57-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{8EC18CE2-D7B4-11D2-88C8-006008A717FD} -> NCSView Class - CodeBase = http://www.kortal.dk/ecwplugins/ncs.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D8575CE3-3432-4540-88A9-85A1325D3375} -> e-Safekey - CodeBase = https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab ->
{FF1CD9A3-00CD-45C1-8182-4EEC229A182D} -> Plaxo Auto-Import Utility - CodeBase = https://www.plaxo.com/activex/plx_upldr-2k-xp.cab ->

[Files - Created Wihin 30 days]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI ->  [Ver =  | Size = 3819008 bytes | Created Date = 14-01-2007 21:48:20 | Attr =    ]
ROLLBACK.DB -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB ->  [Ver =  | Size = 315392 bytes | Created Date = 07-01-2007 10:29:33 | Attr =    ]
NeroAti.dll -> %CommonProgramFiles%\Ahead\RemoteControl\NeroAti.dll -> Nero AG [Ver = 1, 2, 0, 23 | Size = 8704 bytes | Created Date = 07-01-2007 10:28:57 | Attr =    ]
1030.mst -> %CommonProgramFiles%\Ahead\NTP\Nero 7\1030.mst ->  [Ver =  | Size = 47104 bytes | Created Date = 07-01-2007 10:30:58 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Created Date = 03-01-2007 18:35:33 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 07-01-2007 12:03:24 | Attr =    ]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.2.40.500 | Size = 129784 bytes | Created Date = 24-12-2006 12:53:20 | Attr =    ]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.2.40.500 | Size = 1309432 bytes | Created Date = 24-12-2006 12:53:20 | Attr =    ]
thxcfg.ini -> %System32%\thxcfg.ini ->  [Ver =  | Size = 32 bytes | Created Date = 07-01-2007 08:36:18 | Attr =    ]
394839.reg -> %System32%\drivers\394839.reg ->  [Ver =  | Size = 177 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 22-12-2006 08:32:49 | Attr =    ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Created Date = 22-12-2006 08:32:48 | Attr =    ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2432 bytes | Created Date = 24-12-2006 12:53:21 | Attr =    ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2560 bytes | Created Date = 24-12-2006 12:53:21 | Attr =    ]
mmsetup_10004040_ENU_MMD.exe -> %System32%\drivers\mmsetup_10004040_ENU_MMD.exe ->  [Ver =  | Size = 30743920 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
NortonPID.hlp -> %System32%\drivers\NortonPID.hlp ->  [Ver =  | Size = 6324 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
ntinstall.ini -> %System32%\drivers\ntinstall.ini ->  [Ver =  | Size = 87 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
OS32.ini -> %System32%\drivers\OS32.ini ->  [Ver =  | Size = 24262 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
RAP-ALBUMS.jpg -> %System32%\drivers\RAP-ALBUMS.jpg ->  [Ver =  | Size = 88856 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
ret.bat -> %System32%\drivers\ret.bat ->  [Ver =  | Size = 1139 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
smnt.exe -> %System32%\drivers\smnt.exe ->  [Ver =  | Size = 22016 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
smnt.scr -> %System32%\drivers\smnt.scr ->  [Ver =  | Size = 5381 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
spsexec.#xe -> %System32%\drivers\spsexec.#xe -> Sysinternals [Ver = 1.3 | Size = 122880 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
SYNFUL.nfo -> %System32%\drivers\SYNFUL.nfo ->  [Ver =  | Size = 2632 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
WINClock.exe -> %System32%\drivers\WINClock.exe ->  [Ver =  | Size = 452608 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
WinOS.hlp -> %System32%\drivers\WinOS.hlp ->  [Ver =  | Size = 31885 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1073270784 bytes | Modified Date = 15-01-2007 08:16:04 | Attr =  HS]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI ->  [Ver =  | Size = 3819008 bytes | Modified Date = 14-01-2007 21:48:22 | Attr =    ]
AdobeFnt.lst -> %CommonProgramFiles%\Adobe\TypeSpt\AdobeFnt.lst ->  [Ver =  | Size = 75604 bytes | Modified Date = 31-12-2006 23:50:18 | Attr =    ]
ROLLBACK.DB -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB ->  [Ver =  | Size = 315392 bytes | Modified Date = 07-01-2007 10:30:46 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 15-01-2007 08:16:08 | Attr =  S]
DVDFabGold.INI -> %SystemRoot%\DVDFabGold.INI ->  [Ver =  | Size = 591 bytes | Modified Date = 05-01-2007 22:57:52 | Attr =    ]
dvdSanta.INI -> %SystemRoot%\dvdSanta.INI ->  [Ver =  | Size = 26 bytes | Modified Date = 12-01-2007 21:29:12 | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 03-01-2007 18:37:10 | Attr =    ]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Modified Date = 12-01-2007 14:28:54 | Attr =    ]
Kyor.ini -> %SystemRoot%\Kyor.ini ->  [Ver =  | Size = 90 bytes | Modified Date = 11-01-2007 07:51:26 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 15-01-2007 08:44:04 | Attr =    ]
SBWIN.INI -> %SystemRoot%\SBWIN.INI ->  [Ver =  | Size = 72 bytes | Modified Date = 12-01-2007 12:54:24 | Attr =    ]
TheJukeBoxer.ini -> %SystemRoot%\TheJukeBoxer.ini ->  [Ver =  | Size = 336 bytes | Modified Date = 24-12-2006 12:18:14 | Attr =    ]
xptools.ini -> %SystemRoot%\xptools.ini ->  [Ver =  | Size = 79 bytes | Modified Date = 13-01-2007 15:25:54 | Attr =    ]
BASSMOD.dll -> %System32%\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 07-01-2007 19:11:08 | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 279744 bytes | Modified Date = 19-12-2006 21:51:22 | Attr =    ]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 50257 bytes | Modified Date = 15-01-2007 08:16:42 | Attr =    ]
Sweeper.cfg -> %System32%\Sweeper.cfg ->  [Ver =  | Size = 0 bytes | Modified Date = 15-01-2007 08:15:56 | Attr =    ]
thxcfg.ini -> %System32%\thxcfg.ini ->  [Ver =  | Size = 32 bytes | Modified Date = 07-01-2007 08:36:20 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 14-01-2007 22:11:38 | Attr =    ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,398 | Size = 28416 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
ntinstall.ini -> %System32%\drivers\ntinstall.ini ->  [Ver =  | Size = 87 bytes | Modified Date = 18-12-2006 04:15:12 | Attr =    ]
OS32.ini -> %System32%\drivers\OS32.ini ->  [Ver =  | Size = 24262 bytes | Modified Date = 18-12-2006 04:13:44 | Attr =    ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 07-01-2007 19:09:52 | Attr =    ]
WinOS.hlp -> %System32%\drivers\WinOS.hlp ->  [Ver =  | Size = 31885 bytes | Modified Date = 18-12-2006 04:14:02 | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %SystemDrive%\deviance.exe ->  [Ver =  | Size = 152576 bytes | Modified Date = 09-11-2005 17:13:38 | Attr =    ]
PEC2 ,  -> %SystemDrive%\dxnt.cab ->  [Ver =  | Size = 13265040 bytes | Modified Date = 09-07-2004 14:17:16 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\ACD Systems\EN\ipwssl5.dll -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.852 | Size = 321672 bytes | Modified Date = 26-08-2002 13:05:42 | Attr = R  ]
FSG! ,  -> %CommonProgramFiles%\ACD Systems\Video\rmme3260.dll -> RealNetworks, Inc. [Ver = 6.0.11.394 | Size = 537600 bytes | Modified Date = 06-06-2003 16:31:50 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip ->  [Ver =  | Size = 3290841 bytes | Modified Date = 10-11-2005 13:38:40 | Attr =    ]
USERTRUST ,  -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 12-10-2006 02:41:58 | Attr =    ]
WSUD ,  -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR\1033\l1033.dlm ->  [Ver =  | Size = 9680237 bytes | Modified Date = 26-08-2001 13:50:30 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\Wise Installation Wizard\WIS26a03535d10f44349724ce6d2f9a0549_8_017.MSI ->  [Ver =  | Size = 1701376 bytes | Modified Date = 07-11-2006 13:41:20 | Attr =    ]
UPX! , UPX0 ,  -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Modified Date = 12-12-2003 01:52:36 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 5, 0 | Size = 284672 bytes | Modified Date = 01-09-2004 15:49:56 | Attr =    ]
aspack ,  -> %System32%\context.dll -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41123 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 18-01-2006 20:47:36 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 07-11-2006 15:41:06 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 07-11-2006 15:41:06 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\qtalt.ax -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30-04-2004 19:46:24 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\rmalt.ax -> Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Modified Date = 26-03-2004 14:32:36 | Attr =    ]
aspack ,  -> %System32%\Shreder.dll ->  [Ver = 1, 0, 0, 1 | Size = 89088 bytes | Modified Date = 11-10-2003 18:24:44 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30-04-2004 04:46:24 | Attr =    ]
aspack ,  -> %System32%\trjscan.trb -> Simply Super Software [Ver = 6.5.1.1167 | Size = 309248 bytes | Modified Date = 28-07-2006 12:58:18 | Attr =    ]
aspack ,  -> %System32%\trupd.trb -> Simply Super Software [Ver = 1.3.2.1063 | Size = 345088 bytes | Modified Date = 17-06-2006 00:46:58 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\UninstXviDDec.exe ->  [Ver =  | Size = 22782 bytes | Modified Date = 31-03-2006 08:19:08 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
aspack ,  -> %System32%\xtsupermenuHook.dll ->  [Ver =  | Size = 216064 bytes | Modified Date = 12-11-2004 15:29:44 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
UPX! , WSUD , UPX0 ,  -> %System32%\drivers\mmsetup_10004040_ENU_MMD.exe ->  [Ver =  | Size = 30743920 bytes | Modified Date = 06-12-2006 21:36:20 | Attr =    ]
PTech ,  -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 23:41:38 | Attr =    ]

< End of report >
Avatar billede staal Praktikant
15. januar 2007 - 11:08 #9
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-15 11:07:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT    sptd.sys                                                                                                ZwCreateKey
SSDT    sptd.sys                                                                                                ZwEnumerateKey
SSDT    sptd.sys                                                                                                ZwEnumerateValueKey
SSDT    sptd.sys                                                                                                ZwOpenKey
SSDT    \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                ZwOpenProcess
SSDT    sptd.sys                                                                                                ZwQueryKey
SSDT    sptd.sys                                                                                                ZwQueryValueKey
SSDT    sptd.sys                                                                                                ZwSetValueKey
SSDT    \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                ZwTerminateProcess

Code    82BDCCBE                                                                                                IoWriteTransferCount

---- Kernel code sections - GMER 1.0.12 ----

.text  USBPORT.SYS!DllUnload                                                                                    F6B0962C 5 Bytes  JMP 87075780

---- User code sections - GMER 1.0.12 ----

.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] kernel32.dll!LoadLibraryExW    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] kernel32.dll!CreateProcessW    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] kernel32.dll!CreateProcessA    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] kernel32.dll!FreeLibrary + 15  7C80ABF3 4 Bytes  [ 45, 54, 7F, E2 ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] GDI32.dll!Escape                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] USER32.dll!SetWindowsHookExW    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Easy CD & DVD Cover Creator\Easy CD Cover Creator.exe[168] USER32.dll!SetWindowsHookExA    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\ESET\nod32krn.exe[256] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[272] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\nvsvc32.exe[280] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] kernel32.dll!CreateProcessW                                      7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] kernel32.dll!CreateProcessA                                      7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] user32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] user32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\PROGRA~1\SPYWAR~1\swdoctor.exe[332] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] kernel32.dll!LoadLibraryExW                                7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] kernel32.dll!CreateProcessW                                7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] kernel32.dll!CreateProcessA                                7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] user32.dll!SetWindowsHookExW                                77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] user32.dll!SetWindowsHookExA                                77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\Spyware Doctor\sdhelp.exe[364] GDI32.dll!Escape                                            77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] kernel32.dll!LoadLibraryExW                      7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] kernel32.dll!CreateProcessW                      7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] kernel32.dll!CreateProcessA                      7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] kernel32.dll!FreeLibrary + 15                    7C80ABF3 4 Bytes  [ 45, 54, 7F, E2 ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] USER32.dll!SetWindowsHookExW                    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] USER32.dll!SetWindowsHookExA                    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\gmer.exe[540] GDI32.dll!Escape                                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] kernel32.dll!LoadLibraryExW                                          7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] kernel32.dll!CreateProcessW                                          7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] kernel32.dll!CreateProcessA                                          7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\wdfmgr.exe[664] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] GDI32.dll!Escape                                                      77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!LoadLibraryExW                                          7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!CreateProcessW                                          7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!CreateProcessA                                          7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] USER32.dll!SetWindowsHookExW                                          77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\csrss.exe[720] USER32.dll!SetWindowsHookExA                                          77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\winlogon.exe[752] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\services.exe[796] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[956] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1016] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] kernel32.dll!CreateProcessW                                      7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] kernel32.dll!CreateProcessA                                      7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\MsPMSPSv.exe[1120] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1168] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\svchost.exe[1288] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\spoolsv.exe[1444] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] kernel32.dll!LoadLibraryExW                  7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] kernel32.dll!CreateProcessW                  7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] kernel32.dll!CreateProcessA                  7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] GDI32.dll!Escape                              77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] USER32.dll!SetWindowsHookExW                  77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1696] USER32.dll!SetWindowsHookExA                  77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] kernel32.dll!LoadLibraryExW                                                7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] kernel32.dll!CreateProcessW                                                7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] kernel32.dll!CreateProcessA                                                7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] GDI32.dll!Escape                                                          77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] USER32.dll!SetWindowsHookExW                                              77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\explorer.exe[1812] USER32.dll!SetWindowsHookExA                                              77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] USER32.dll!SetWindowsHookExW                                    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] USER32.dll!SetWindowsHookExA                                    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\QuickTime\qttask.exe[1828] GDI32.dll!Escape                                                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] kernel32.dll!LoadLibraryExW                              7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] kernel32.dll!CreateProcessW                              7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] kernel32.dll!CreateProcessA                              7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] USER32.dll!SetWindowsHookExW                            77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] USER32.dll!SetWindowsHookExA                            77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1872] GDI32.dll!Escape                                        77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] kernel32.dll!LoadLibraryExW                                  7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] kernel32.dll!CreateProcessW                                  7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] kernel32.dll!CreateProcessA                                  7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] USER32.dll!SetWindowsHookExW                                77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] USER32.dll!SetWindowsHookExA                                77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\DAEMON Tools\daemon.exe[1924] GDI32.dll!Escape                                            77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] kernel32.dll!LoadLibraryExW            7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] kernel32.dll!CreateProcessW            7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] kernel32.dll!CreateProcessA            7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] GDI32.dll!Escape                        77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] USER32.dll!SetWindowsHookExW            77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[1944] USER32.dll!SetWindowsHookExA            77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] kernel32.dll!CreateProcessW                                      7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] kernel32.dll!CreateProcessA                                      7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\CTSVCCDA.EXE[1956] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] kernel32.dll!LoadLibraryExW    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] kernel32.dll!CreateProcessW    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] kernel32.dll!CreateProcessA    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] USER32.dll!SetWindowsHookExW    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] USER32.dll!SetWindowsHookExA    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[1972] GDI32.dll!Escape                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] kernel32.dll!LoadLibraryExW    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] kernel32.dll!CreateProcessW    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] kernel32.dll!CreateProcessA    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] USER32.dll!SetWindowsHookExW  77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] USER32.dll!SetWindowsHookExA  77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[2020] GDI32.dll!Escape              77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] kernel32.dll!LoadLibraryExW          7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] kernel32.dll!CreateProcessW          7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] kernel32.dll!CreateProcessA          7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] GDI32.dll!Escape                      77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] USER32.dll!SetWindowsHookExW          77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] USER32.dll!SetWindowsHookExA          77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] kernel32.dll!LoadLibraryExW              7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] kernel32.dll!CreateProcessW              7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] kernel32.dll!CreateProcessA              7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] GDI32.dll!Escape                        77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] USER32.dll!SetWindowsHookExW            77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2064] USER32.dll!SetWindowsHookExA            77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] kernel32.dll!LoadLibraryExW      7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] kernel32.dll!CreateProcessW      7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] kernel32.dll!CreateProcessA      7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] user32.dll!SetWindowsHookExW      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] user32.dll!SetWindowsHookExA      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe[2088] GDI32.dll!Escape                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] USER32.dll!SetWindowsHookExW                                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] USER32.dll!SetWindowsHookExA                                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\ctfmon.exe[2160] GDI32.dll!Escape                                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] kernel32.dll!LoadLibraryExW                  7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] kernel32.dll!CreateProcessW                  7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] kernel32.dll!CreateProcessA                  7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] USER32.dll!SetWindowsHookExW                  77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] USER32.dll!SetWindowsHookExA                  77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe[2168] GDI32.dll!Escape                              77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] kernel32.dll!LoadLibraryExW                                7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] kernel32.dll!CreateProcessW                                7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] kernel32.dll!CreateProcessA                                7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] kernel32.dll!SetUnhandledExceptionFilter                  7C84479D 5 Bytes  JMP 004E12D0 C:\Programmer\MSN Messenger\msnmsgr.exe
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] GDI32.dll!Escape                                          77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] USER32.dll!SetWindowsHookExW                              77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\MSN Messenger\msnmsgr.exe[2192] USER32.dll!SetWindowsHookExA                              77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] kernel32.dll!LoadLibraryExW                    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] kernel32.dll!CreateProcessW                    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] kernel32.dll!CreateProcessA                    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] USER32.dll!SetWindowsHookExW                  77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] USER32.dll!SetWindowsHookExA                  77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe[2244] GDI32.dll!Escape                              77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] kernel32.dll!LoadLibraryExW    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] kernel32.dll!CreateProcessW    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] kernel32.dll!CreateProcessA    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] kernel32.dll!FreeLibrary + 15  7C80ABF3 4 Bytes  [ 45, 54, 7F, E2 ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] user32.dll!SetWindowsHookExW  77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] user32.dll!SetWindowsHookExA  77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Documents and Settings\Ejer\Skrivebord\WinPFind3u\WinPFind3U.exe[2256] GDI32.dll!Escape              77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] kernel32.dll!LoadLibraryExW                    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] kernel32.dll!CreateProcessW                    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] kernel32.dll!CreateProcessA                    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] kernel32.dll!FreeLibrary + 15                  7C80ABF3 4 Bytes  [ 45, 54, 7F, E2 ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] user32.dll!SetWindowsHookExW                    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] user32.dll!SetWindowsHookExA                    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\Canon\CD-LabelPrint\CDLabelPrint.exe[2280] GDI32.dll!Escape                                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] kernel32.dll!LoadLibraryExW                    7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] kernel32.dll!CreateProcessW                    7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] kernel32.dll!CreateProcessA                    7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] USER32.dll!SetWindowsHookExW                    77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] USER32.dll!SetWindowsHookExA                    77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe[2368] GDI32.dll!Escape                                77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] kernel32.dll!LoadLibraryExW                                            7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] kernel32.dll!CreateProcessW                                            7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] kernel32.dll!CreateProcessA                                            7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] USER32.dll!SetWindowsHookExW                                          77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] USER32.dll!SetWindowsHookExA                                          77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\alg.exe[2800] GDI32.dll!Escape                                                      77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] kernel32.dll!LoadLibraryExW                          7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] kernel32.dll!CreateProcessW                          7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] kernel32.dll!CreateProcessA                          7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] GDI32.dll!Escape                                    77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] USER32.dll!SetWindowsHookExW                        77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\Programmer\Crazy Browser\Crazy Browser.exe[2964] USER32.dll!SetWindowsHookExA                        77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  [ FF, 25, 1E, 00, 08, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  [ FF, 25, 1E, 00, 16, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  [ FF, 25, 1E, 00, 12, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] USER32.dll!SetWindowsHookExW                                      77D4E4AF 6 Bytes  [ FF, 25, 1E, 00, 0F, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] USER32.dll!SetWindowsHookExA                                      77D511E9 6 Bytes  [ FF, 25, 1E, 00, 0B, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] GDI32.dll!Escape                                                  77F26926 6 Bytes  [ FF, 25, 1E, 00, 05, 5F ]
.text  C:\WINDOWS\system32\WgaTray.exe[3032] WININET.dll!InternetErrorDlg                                      7721C31D 5 Bytes  JMP 0101211B C:\WINDOWS\system32\WgaTray.exe

---- Devices - GMER 1.0.12 ----

Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                                                                    873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                                                                      873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                                      873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                                                                      873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION                                                          873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                                                            873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                                                                  873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                                                                    873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                                                              873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION                                                  873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION                                                    873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL                                                          873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL                                                        873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                                                            873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                                                                  873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                                                              873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                                                                    873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                                                            873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                                                              873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                                                                873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                                                                  873611D8
Device  \FileSystem\Ntfs \Ntfs IRP_MJ_PNP                                                                        873611D8
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE                                                              86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE                                                              86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_READ                                                                86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE                                                              86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION                                                  86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION                                                    86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA                                                            86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA                                                              86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS                                                      86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION                                            86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION                                              86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL                                                  86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL                                                86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL                                                      86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN                                                            86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL                                                        86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP                                                            86DF2440
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP                                                                86DF2440
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE                                                                85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE                                                                85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ                                                                  85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE                                                                85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION                                                    85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION                                                      85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION                                              85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL                                                    85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL                                                  85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL                                                        85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL                                                          85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP                                                              85F6D708
Device  \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP                                                                  85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE                                                                85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE                                                                  85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_READ                                                                  85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE                                                                  85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION                                                      85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION                                                        85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION                                              85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL                                                      85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL                                                    85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL                                                        85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL                                                          85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP                                                                85F6D708
Device  \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP                                                                    85F6D708
Device  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                                  [F7DAC85A] avgtdi.sys
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP                                                              870DF980
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE                                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE                                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE                                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS                                          873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL                                          873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL                                873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN                                                873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER                                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL                                          873D21D8
Device  \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS                                            873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL                                            873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN                                                  873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL                                            873D21D8
Device  \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE                                                        873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ                                                        873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE                                                        873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS                                                873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL                                              873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER                                                        873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL                                              873D21D8
Device  \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP                                                          873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ                                                        873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS                                              873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL                                              873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN                                                    873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER                                                      873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL                                              873D21D8
Device  \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP                                                        873D21D8
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP                                                              870DF980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE                                                          8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE                                                            8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL                                                  8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER                                                            8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL                                                  8708B980
Device  \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP                                                              8708B980
Device  \Driver\00000048 \Device\00000060 IRP_MJ_POWER                                                          [F7745C7E] sptd.sys
Device  \Driver\00000048 \Device\00000060 IRP_MJ_SYSTEM_CONTROL                                                  [F775F2A2] sptd.sys
Device  \Driver\00000048 \Device\00000060 IRP_MJ_PNP                                                            [F7760228] sptd.sys
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBPDO-3 IRP_MJ_PNP                                                              870DF980
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                [F7DAC85A] avgtdi.sys
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS                                              873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN                                                  873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP                                                        873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS                                              873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN                                                  873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP                                                        873631D8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE                                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS                                                        870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN                                                            870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP                                                                  870D17A0
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS                                              873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN                                                  873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP                                                    873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER                                                      873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL                                            873631D8
Device  \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP                                                        873631D8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE                                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS                                                        870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN                                                            870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP                                                                  870D17A0
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE                                                        873621D8
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE                                                          873621D8
Device  \Driver\atapi \Device
Avatar billede ejvindh Ekspert
15. januar 2007 - 12:16 #10
Din Gmer-log er desværre også blevet skåret over. Prøv lige at lægge resten herind.
Avatar billede staal Praktikant
15. januar 2007 - 12:23 #11
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE                                                          873621D8
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL                                                873621D8
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                        [F786F95C] sfsync03.sys
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER                                                          873621D8
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL                                                873621D8
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP                                                            873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL                                        873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL                              [F786F95C] sfsync03.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL                                        873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP                                                  873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE                                              873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL                                      873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL                              [F786F95C] sfsync03.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL                                      873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP                                                  873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE                                              873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL                                      873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL                              [F786F95C] sfsync03.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER                                                873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL                                      873621D8
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP                                                  873621D8
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE                                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS                                                        870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN                                                            870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP                                                                  870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE                                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS                                                        870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                              870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN                                                            870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER                                                                870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL                                                      870D17A0
Device  \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP                                                                  870D17A0
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE                                                    86C96498
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE                                                    86C96498
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL                                            86C96498
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL                                  86C96498
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP                                                  86C96498
Device  \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP                                                      86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE                                                          86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE                                                            86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL                                                  86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL                                          86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP                                                          86C96498
Device  \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP                                                              86C96498
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_CREATE                                                          86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_CLOSE                                                            86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_READ                                                            86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_WRITE                                                            86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_DEVICE_CONTROL                                                  86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          [F786F95C] sfsync03.sys
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_POWER                                                            86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_SYSTEM_CONTROL                                                  86CDB980
Device  \Driver\USBSTOR \Device\00000088 IRP_MJ_PNP                                                              86CDB980
Device  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                [F7DAC85A] avgtdi.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL                                              [F7DAC85A] avgtdi.sys
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP                                                              870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP                                                              870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CREATE                                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CLOSE                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_POWER                                                            870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL                                                  870DF980
Device  \Driver\usbohci \Device\USBFDO-2 IRP_MJ_PNP                                                              870DF980
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL                                        [F7DAC85A] avgtdi.sys
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ                                            86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL                            86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA                                      86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP                                            86DE6670
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE                                                          8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE                                                            8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL                                                  8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                          8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER                                                            8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL                                                  8708B980
Device  \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP                                                              8708B980
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE                                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE                                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ                                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE                                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION                                      86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA                                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA                                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL                                    86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL                                  86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN                                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP                                              86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT                                      86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER                                                86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE                                        86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA                                          86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA                                            86DE6670
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP                                                  86DE6670
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE                                                          873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_READ                                                            873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE                                                            873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS                                                    873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL                                                  873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL                                          873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN                                                        873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP                                                          873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER                                                            873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL                                                  873631D8
Device  \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP                                                              873631D8
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_CREATE                                                          86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_CLOSE                                                            86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_READ                                                            86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_WRITE                                                            86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_DEVICE_CONTROL                                                  86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_INTERNAL_DEVICE_CONTROL                                          [F786F95C] sfsync03.sys
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_POWER                                                            86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_SYSTEM_CONTROL                                                  86CDB980
Device  \Driver\USBSTOR \Device\0000008a IRP_MJ_PNP                                                              86CDB980
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_CREATE                  86C96498
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_CLOSE                    86C96498
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_DEVICE_CONTROL          86C96498
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_INTERNAL_DEVICE_CONTROL  86C96498
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_CLEANUP                  86C96498
Device  \Driver\NetBT \Device\NetBT_Tcpip_{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} IRP_MJ_PNP                      86C96498
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_CREATE                                                    870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_CLOSE                                                    870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_DEVICE_CONTROL                                            870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                  [F786F95C] sfsync03.sys
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_POWER                                                    870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_SYSTEM_CONTROL                                            870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1 IRP_MJ_PNP                                                      870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_CREATE                              870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_CLOSE                                870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL                      870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL              [F786F95C] sfsync03.sys
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_POWER                                870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL                      870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target1Lun0 IRP_MJ_PNP                                  870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_CREATE                              870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_CLOSE                                870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL                      870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL              [F786F95C] sfsync03.sys
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_POWER                                870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL                      870463E0
Device  \Driver\ajku9yvb \Device\Scsi\ajku9yvb1Port2Path0Target0Lun0 IRP_MJ_PNP                                  870463E0
Device  \FileSystem\Fastfat \Fat IRP_MJ_CREATE                                                                  86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_CLOSE                                                                    86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_READ                                                                    86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_WRITE                                                                    86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION                                                        86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION                                                          86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA                                                                86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_SET_EA                                                                  86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS                                                            86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION                                                86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION                                                  86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL                                                        86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL                                                      86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL                                                          86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN                                                                86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL                                                            86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP                                                                  86DF2440
Device  \FileSystem\Fastfat \Fat IRP_MJ_PNP                                                                      86DF2440
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE                                                                    86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE                                                                      86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_READ                                                                      86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION                                                          86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION                                                            86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION                                                  86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL                                                          86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL                                                        86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL                                                            86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN                                                                  86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL                                                              86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP                                                                    86CAF980
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_PNP                                                                        86CAF980

---- Files - GMER 1.0.12 ----

ADS    C:\vigtige.pst:CiAB0001.000                                                                             
ADS    C:\vigtige.pst:CiAB0001.001                                                                             
ADS    C:\vigtige.pst:CiAB0001.002                                                                             
ADS    C:\vigtige.pst:CiAB0002.000                                                                             
ADS    C:\vigtige.pst:CiAB0002.001                                                                             
ADS    C:\vigtige.pst:CiAB0002.002                                                                             
ADS    C:\vigtige.pst:CiAD0001.000                                                                             
ADS    C:\vigtige.pst:CiAD0001.001                                                                             
ADS    C:\vigtige.pst:CiAD0001.002                                                                             
ADS    C:\vigtige.pst:CiPT0000.000                                                                             
ADS    C:\vigtige.pst:CiPT0000.001                                                                             
ADS    ...                                                                                                     

---- EOF - GMER 1.0.12 ----
Avatar billede staal Praktikant
15. januar 2007 - 12:24 #12
Så er alt med
Avatar billede ejvindh Ekspert
15. januar 2007 - 12:36 #13
Der var ikke noget væsentligt i disse logs. WinPFind3 finder ganske vist de filer, som du også selv har fundet, men det ser ikke ud til at de er aktive. Men for en god ordens skyld, så gør lige følgende:

Kør WinPFind3U fra WinPFind3U-mappen igen. Kopier indholdet mellem de bølgede linier ind i det hvide felt til højre (højreklik på feltet og vælg "sæt ind"/"paste"):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Kill Explorer]
[Files - Created Wihin 30 days]
NY -> smnt.exe -> %System32%\drivers\smnt.exe
NY -> smnt.scr -> %System32%\drivers\smnt.scr
NY -> spsexec.#xe -> %System32%\drivers\spsexec.#xe
NY -> WINClock.exe -> %System32%\drivers\WINClock.exe
[Start Explorer]
[Reboot]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Klik herefter på "Run Fix", og følg instruksionerne, der gives. Din computer vil nu genstarte. Efter genstart skal du køre WinPFindU.exe igen, klikke på "Scan" og lægge en frisk log herind. I mappen, hvor du har installeret WinPFindU ligger der en log, hvis navn består af en masse numre - den skal du også kopiere herind.

Hvordan kører computeren ellers. Oplever du nogle problemer, der tyder på infektion? Hvordan fandt du de 2 filer, og finder den pågældende skanner dem stadig, efter at du har fixet med WinPFind3?
Avatar billede staal Praktikant
15. januar 2007 - 13:16 #14
Et program kaldet ADC.exe kører ikke mere som den skal - det er Active Desktop Calender - som jeg bruger meget
Det var SpyWare Doctor der kom med popups på de 2 filer
er ved at scanne, men skal snart til møder resten af eftermiddagen
.
Explorer killed successfully
[Files - Created Wihin 30 days]
File %System32%\drivers\smnt.exe not found!
File %System32%\drivers\smnt.scr not found!
File %System32%\drivers\spsexec.#xe not found!
File %System32%\drivers\WINClock.exe not found!
< End of log >
Created on 01-15-2007 12:52:07
Avatar billede staal Praktikant
15. januar 2007 - 13:32 #15
WinPFind3 logfile created on: 15-01-2007 13:17:25
WinPFind3U by OldTimer - Version 1.0.10    Folder = C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1048048 Kb Total Physical Memory | 572812 Kb Available Physical Memory | 54,66% Memory free
1734032 Kb Paging File | 1309092 Kb Available in Paging File | 75,49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 78140128 Kb Total Space | 7232136 Kb Free Space | 9,26% Space Free
Drive D: | 40146400 Kb Total Space | 992672 Kb Free Space | 2,47% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 22-12-2006 08:32:34 | Attr =    ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 22-12-2006 08:32:42 | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-12-2006 08:32:48 | Attr =    ]
clcapsvc.exe -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ->  [Ver = 4.00.1718 | Size = 221281 bytes | Modified Date = 23-05-2005 17:09:54 | Attr =    ]
clmlserver.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
clmlservice.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 737381 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
clsched.exe -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ->  [Ver = 4.00.1718 | Size = 110687 bytes | Modified Date = 23-05-2005 17:09:56 | Attr =    ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13-12-1999 02:01:00 | Attr =    ]
daemon.exe -> %ProgramFiles%\daemon tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12-11-2006 11:48:48 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\nmbgmonitor.exe -> Nero AG [Ver = 1, 2, 0, 23 | Size = 94208 bytes | Modified Date = 22-08-2006 09:52:02 | Attr =    ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
qttask.exe -> %ProgramFiles%\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 20-12-2005 07:44:24 | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 3, 0, 1020 | Size = 1294336 bytes | Modified Date = 18-10-2006 11:36:02 | Attr =    ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.478 | Size = 960000 bytes | Modified Date = 11-01-2006 01:56:36 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\Sikkerhed\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 12-01-2007 16:20:26 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 22-12-2006 08:32:34 | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-12-2006 08:32:48 | Attr =    ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 22-12-2006 08:32:42 | Attr =    ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ->  [Ver = 4.00.1718 | Size = 221281 bytes | Modified Date = 23-05-2005 17:09:54 | Attr =    ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ->  [Ver = 4.00.1718 | Size = 110687 bytes | Modified Date = 23-05-2005 17:09:56 | Attr =    ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13-12-1999 02:01:00 | Attr =    ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 23-05-2005 17:10:20 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 26-08-2004 16:53:50 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04-04-2005 00:41:10 | Attr =    ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 2, 10, 0 | Size = 208896 bytes | Modified Date = 08-08-2006 21:15:50 | Attr =    ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset  [Ver = 2, 51, 30  | Size = 507904 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> NetGroup - Politecnico di Torino [Ver = 3, 1, 0, 23 | Size = 86016 bytes | Modified Date = 14-05-2004 12:02:46 | Attr =    ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 20-12-2005 07:44:24 | Attr =    ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 05-06-2006 12:59:18 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AMON) AMON [Kernel | Auto | Running] -> %System32%\drivers\amon.sys -> Eset  [Ver = 2, 51, 30  | Size = 502368 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) | Size = 16877 bytes | Modified Date = 17-07-2002 14:53:02 | Attr =    ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> %System32%\drivers\atksgt.sys ->  [Ver =  | Size = 271360 bytes | Modified Date = 27-11-2006 22:17:10 | Attr =    ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr =    ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,398 | Size = 28416 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr =    ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
(Cap7134) ProVideo Capture [Kernel | On_Demand | Running] -> %System32%\drivers\cap7134.sys -> Philips Semiconductors [Ver = 2, 3, 1, 2 | Size = 334944 bytes | Modified Date = 24-03-2004 18:35:12 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(CO_Mon) CO_Mon [Kernel | On_Demand | Stopped] -> %System32%\drivers\CO_Mon.sys ->  [Ver =  | Size = 28672 bytes | Modified Date = 04-12-2006 13:17:50 | Attr =    ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctlsb16) Creative SB16/AWE32/AWE64-driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctlsb16.sys -> Copyright (C) Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Modified Date = 17-08-2001 20:19:20 | Attr =    ]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 130192 bytes | Modified Date = 22-09-2003 01:48:06 | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 26-08-2004 16:49:40 | Attr =    ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 26-08-2004 16:49:40 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(ezplay) VSO Software ezplay [Kernel | On_Demand | Stopped] -> %System32%\drivers\ezplay.sys -> VSO Software [Ver = 8, 0, 0, 1 | Size = 94080 bytes | Modified Date = 23-11-2006 10:13:54 | Attr =    ]
(gmer) gmer [Kernel | On_Demand | Stopped] -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HWFProt) Hywave File Protector HWFProt [Kernel | Boot | Running] -> %System32%\drivers\HWFProt.sys -> HyWave Corporation [Ver = 2003 | Size = 44480 bytes | Modified Date = 11-05-2003 23:20:34 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 5, 0, 2 | Size = 50048 bytes | Modified Date = 13-12-2005 14:18:50 | Attr =    ]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042Kbd.SYS -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 13568 bytes | Modified Date = 10-05-2006 08:56:08 | Attr =    ]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042mou.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 56064 bytes | Modified Date = 10-05-2006 08:56:18 | Attr =    ]
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LBeepKE) LBeepKE [Kernel | Auto | Running] -> %System32%\drivers\LBeepKE.sys -> Logitech, Inc. [Ver = 3.0.107.00 | Size = 3712 bytes | Modified Date = 29-06-2006 23:53:44 | Attr =    ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 14095 bytes | Modified Date = 03-03-2004 09:50:00 | Attr =    ]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 37887 bytes | Modified Date = 03-03-2004 09:50:00 | Attr =    ]
(lirsgt) lirsgt [Kernel | Auto | Running] -> %System32%\drivers\lirsgt.sys ->  [Ver =  | Size = 18048 bytes | Modified Date = 27-11-2006 22:17:08 | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 07-11-2003 10:50:00 | Attr =    ]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 71680 bytes | Modified Date = 10-05-2006 08:56:50 | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 23:41:38 | Attr =    ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.80.5.0 | Size = 8704 bytes | Modified Date = 29-05-2006 07:26:36 | Attr =    ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 29-05-2006 07:26:36 | Attr =    ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.80.5.0 | Size = 127488 bytes | Modified Date = 29-05-2006 07:26:38 | Attr =    ]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\npf.sys -> NetGroup - Politecnico di Torino [Ver = 3, 1, 0, 23 | Size = 32896 bytes | Modified Date = 14-05-2004 10:37:10 | Attr =    ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 3650368 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 178672 bytes | Modified Date = 22-09-2003 01:47:38 | Attr =    ]
(P17) Sound Blaster Live! 24-bit [Kernel | On_Demand | Running] -> %System32%\drivers\P17.sys -> Creative Technology Ltd. [Ver = 5.12.01.314 | Size = 840960 bytes | Modified Date = 04-06-2004 09:27:46 | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 07-01-2007 19:09:52 | Attr =    ]
(pctvvbi) pctvvbi [Kernel | On_Demand | Stopped] -> %System32%\drivers\pctvvbi.sys -> Pinnacle Systems [Ver = 2.0.0.4 | Size = 6400 bytes | Modified Date = 11-11-2002 18:52:54 | Attr =    ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 205 | Size = 10368 bytes | Modified Date = 01-04-2006 08:53:04 | Attr =    ]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\PfModNT.sys -> Creative Technology Ltd. [Ver = 3.0.0.3 | Size = 15840 bytes | Modified Date = 05-03-2003 12:19:28 | Attr =    ]
(PhTVTune) ProVideo WDM TVTuner [Kernel | On_Demand | Running] -> %System32%\drivers\PhTvTune.sys -> Philips Semiconductors [Ver = 2, 3, 1, 2 | Size = 24288 bytes | Modified Date = 24-03-2004 20:21:30 | Attr =    ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RecAgent) RecAgent [Kernel | Boot | Running] -> %System32%\drivers\RecAgent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Modified Date = 03-08-2004 23:41:40 | Attr =    ]
(rtl8139) NT-driver til Realtek RTL8139(A/B/C) PCI Fast Ethernet-netværkskort [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03-08-2004 23:31:34 | Attr =    ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1024 | Size = 29184 bytes | Modified Date = 19-09-2006 16:06:52 | Attr =    ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 30988 bytes | Modified Date = 09-09-2006 10:31:40 | Attr =    ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 10-08-2006 19:05:54 | Attr =    ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology (StarForce) [Ver = 1.41 | Size = 51200 bytes | Modified Date = 01-03-2006 18:51:16 | Attr =    ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology (StarForce) [Ver = 2.4 | Size = 6656 bytes | Modified Date = 14-02-2006 15:48:38 | Attr =    ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 03-12-2004 11:20:42 | Attr =    ]
(sfsync03) StarForce Protection Synchronization Driver (version 3.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync03.sys -> Protection Technology [Ver = 3.9 | Size = 35328 bytes | Modified Date = 06-12-2005 16:11:20 | Attr =    ]
(sfsync04) StarForce Protection Synchronization Driver (version 4.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync04.sys -> Protection Technology (StarForce) [Ver = 4.4 | Size = 49664 bytes | Modified Date = 21-02-2006 13:48:06 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP-busfilter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 04-08-2004 00:07:44 | Attr =    ]
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Modified Date = 03-08-2004 23:41:44 | Attr =    ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Modified Date = 03-08-2004 23:41:46 | Attr =    ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Modified Date = 03-08-2004 23:41:46 | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 639224 bytes | Modified Date = 23-11-2006 09:17:48 | Attr =    ]
(STAC97NA) SigmaTel 3D Environmental Audio [Kernel | On_Demand | Stopped] -> %System32%\drivers\stac97na.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 296179 bytes | Modified Date = 20-09-2002 17:42:32 | Attr =    ]
(STAC97NH) STAC97NH [Kernel | On_Demand | Stopped] -> %System32%\drivers\stac97nh.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 231983 bytes | Modified Date = 20-09-2002 17:43:18 | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(vaxscsi) vaxscsi [Kernel | On_Demand | Stopped] -> %System32%\drivers\vaxscsi.sys -> Alcohol Soft Co., Ltd. [Ver = 4.03.0.0 built by: WinDDK | Size = 223128 bytes | Modified Date = 20-03-2006 11:13:00 | Attr =    ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools -> %ProgramFiles%\daemon tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12-11-2006 11:48:48 | Attr =    ]
Easy-PrintToolBox -> %ProgramFiles%\Canon\easy-printtoolbox\BJPSMAIN.EXE -> CANON INC. [Ver = 1, 1, 0, 0 | Size = 409600 bytes | Modified Date = 14-01-2004 02:10:02 | Attr =    ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset  [Ver = 2, 51, 30  | Size = 921600 bytes | Modified Date = 19-09-2006 05:17:32 | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
QuickTime Task -> %ProgramFiles%\quicktime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
TrojanScanner -> %ProgramFiles%\trojan remover\Trjscan.exe -> Simply Super Software [Ver = 6.5.1.1167 | Size = 309248 bytes | Modified Date = 28-07-2006 12:58:18 | Attr =    ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11-05-2000 01:00:00 | Attr =    ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\nmbgmonitor.exe -> Nero AG [Ver = 1, 2, 0, 23 | Size = 94208 bytes | Modified Date = 22-08-2006 09:52:02 | Attr =    ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 3, 0, 1020 | Size = 1294336 bytes | Modified Date = 18-10-2006 11:36:02 | Attr =    ]
XP Tools -> %ProgramFiles%\XP Tools\xptools.exe -> XPTools [Ver = 5.9.0.0 | Size = 2113536 bytes | Modified Date = 02-05-2006 16:57:12 | Attr =    ]
XPTools -> %ProgramFiles%\XP Tools\xptools.exe -> XPTools [Ver = 5.9.0.0 | Size = 2113536 bytes | Modified Date = 02-05-2006 16:57:12 | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1006 | Size = 77824 bytes | Modified Date = 28-09-2006 12:22:36 | Attr =    ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{588599f4-de26-4c28-ba14-f4eb17e33481} [HKLM] -> Reg Data - Key not found [emptins] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL ->  -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ ->  ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ ->  ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
Avatar billede staal Praktikant
15. januar 2007 - 13:33 #16
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://www.verdensnavle.dk/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant ->  ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.verdensnavle.dk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  ->
online_musicmatch.com [https] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31-05-2005 01:04:00 | Attr =    ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 09-12-2005 15:22:26 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.276 | Size = 847608 bytes | Modified Date = 19-05-2006 09:31:40 | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{09FE188B-6E85-479e-9411-51FB2220DF80} -> 8195 - Reg Data - Key not found ->
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> 8201 - S&end to OneNote ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Value does not exist ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> 8199 - Reg Data - Value does not exist ->
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -> 8200 - Opret Foretrukken på mobil enhed... ->
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> 8202 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{936E5D60-596C-11D3-BB96-00600816DF55} -> 8197 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8198 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 12-10-2006 02:25:44 | Attr =    ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Opret Foretrukken på mobil enhed] -> File not found
{936E5D60-596C-11D3-BB96-00600816DF55} -> Reg Data - Value does not exist [ButtonText: iFinger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel ->  -> File not found
E&xport to Microsoft Excel ->  -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30-01-2001 12:56:24 | Attr =    ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover Shell Extension] -> File not found
{68f32140-2ca3-11d0-acc1-444553540000} [HKLM] -> %ProgramFiles%\ACD Systems\PicaView\PicaView.dll [PicaView] -> ACD Systems, Ltd. [Ver = 2, 0, 0, 78 | Size = 495616 bytes | Modified Date = 15-02-2001 17:40:12 | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagIt Shell Extension] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter Menu Shell Extension] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 10, 0 | Size = 73728 bytes | Modified Date = 08-08-2006 21:16:14 | Attr =    ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-2006 12:40:48 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{68f32140-2ca3-11d0-acc1-444553540000} [HKLM] -> %ProgramFiles%\ACD Systems\PicaView\PicaView.dll [PicaView] -> ACD Systems, Ltd. [Ver = 2, 0, 0, 78 | Size = 495616 bytes | Modified Date = 15-02-2001 17:40:12 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-2006 12:40:48 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.2.0 | Size = 118784 bytes | Modified Date = 20-06-2006 08:10:00 | Attr =    ]
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] ->  [Ver =  | Size = 466944 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09-03-2006 14:29:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 10, 0 | Size = 73728 bytes | Modified Date = 08-08-2006 21:16:14 | Attr =    ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 22-12-2006 08:32:44 | Attr =    ]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] ->  [Ver =  | Size = 57344 bytes | Modified Date = 19-09-2006 05:17:34 | Attr =    ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 4, 0, 0 | Size = 204800 bytes | Modified Date = 09-09-2006 10:14:46 | Attr =    ]
{52B87208-9CCF-42C9-B88E-069281105805} [HKLM] -> Reg Data - Key not found [Trojan Remover] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> %ProgramFiles%\TrojanHunter 4.6\contmenu.dll [TrojanHunter] ->  [Ver =  | Size = 314368 bytes | Modified Date = 22-08-2004 20:51:54 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 125440 bytes | Modified Date = 07-10-2005 15:05:32 | Attr =    ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-02-2006 10:00:00 | Attr =    ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> %System32%\context.dll [XPTools] -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 12:07:16 | Attr =    ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Crazy Browser 1.0.5 ->  ->
SIMBAR Enabled ->  ->
SIMBAR={EC988DE7-4F13-4457-9E18-56FF23C1A658} ->  ->
SV1 ->  ->
www.lifetranslator.biz ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{67E3F54F-4BC0-44DA-92B0-4C4FDC11109A} ->    (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{68978A0E-E2B5-4335-A6F0-5B03EE75A323} ->    (1394-netværkskort) ->
{98E66EA9-2654-40EA-8F7A-644BF4AD8355} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 01-11-2006 15:21:20 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB ->
{029FDBA6-3547-11D7-AA4C-0050BF051A00} -> Rawflow ICD Client - CodeBase = http://downol.dr.dk/download/netradio/Rawflow.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab ->
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -> Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab ->
{33564D57-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{8EC18CE2-D7B4-11D2-88C8-006008A717FD} -> NCSView Class - CodeBase = http://www.kortal.dk/ecwplugins/ncs.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D8575CE3-3432-4540-88A9-85A1325D3375} -> e-Safekey - CodeBase = https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab ->
{FF1CD9A3-00CD-45C1-8182-4EEC229A182D} -> Plaxo Auto-Import Utility - CodeBase = https://www.plaxo.com/activex/plx_upldr-2k-xp.cab ->

[Files - Created Wihin 30 days]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI ->  [Ver =  | Size = 3819008 bytes | Created Date = 14-01-2007 21:48:20 | Attr =    ]
ROLLBACK.DB -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB ->  [Ver =  | Size = 315392 bytes | Created Date = 07-01-2007 10:29:33 | Attr =    ]
NeroAti.dll -> %CommonProgramFiles%\Ahead\RemoteControl\NeroAti.dll -> Nero AG [Ver = 1, 2, 0, 23 | Size = 8704 bytes | Created Date = 07-01-2007 10:28:57 | Attr =    ]
1030.mst -> %CommonProgramFiles%\Ahead\NTP\Nero 7\1030.mst ->  [Ver =  | Size = 47104 bytes | Created Date = 07-01-2007 10:30:58 | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 15-01-2007 09:50:51 | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 15-01-2007 09:50:50 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 15-01-2007 09:50:54 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 15-01-2007 09:50:51 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Created Date = 03-01-2007 18:35:33 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 07-01-2007 12:03:24 | Attr =    ]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.2.40.500 | Size = 129784 bytes | Created Date = 24-12-2006 12:53:20 | Attr =    ]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.2.40.500 | Size = 1309432 bytes | Created Date = 24-12-2006 12:53:20 | Attr =    ]
thxcfg.ini -> %System32%\thxcfg.ini ->  [Ver =  | Size = 32 bytes | Created Date = 07-01-2007 08:36:18 | Attr =    ]
394839.reg -> %System32%\drivers\394839.reg ->  [Ver =  | Size = 177 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 22-12-2006 08:32:49 | Attr =    ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Created Date = 22-12-2006 08:32:48 | Attr =    ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2432 bytes | Created Date = 24-12-2006 12:53:21 | Attr =    ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2560 bytes | Created Date = 24-12-2006 12:53:21 | Attr =    ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 15-01-2007 09:50:51 | Attr =    ]
mmsetup_10004040_ENU_MMD.exe -> %System32%\drivers\mmsetup_10004040_ENU_MMD.exe ->  [Ver =  | Size = 30743920 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
NortonPID.hlp -> %System32%\drivers\NortonPID.hlp ->  [Ver =  | Size = 6324 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
ntinstall.ini -> %System32%\drivers\ntinstall.ini ->  [Ver =  | Size = 87 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
OS32.ini -> %System32%\drivers\OS32.ini ->  [Ver =  | Size = 24262 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
RAP-ALBUMS.jpg -> %System32%\drivers\RAP-ALBUMS.jpg ->  [Ver =  | Size = 88856 bytes | Created Date = 03-01-2007 18:30:46 | Attr =    ]
ret.bat -> %System32%\drivers\ret.bat ->  [Ver =  | Size = 1139 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
smnt.exe -> %System32%\drivers\smnt.exe ->  [Ver =  | Size = 22016 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
smnt.scr -> %System32%\drivers\smnt.scr ->  [Ver =  | Size = 5381 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
spsexec.#xe -> %System32%\drivers\spsexec.#xe -> Sysinternals [Ver = 1.3 | Size = 122880 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
SYNFUL.nfo -> %System32%\drivers\SYNFUL.nfo ->  [Ver =  | Size = 2632 bytes | Created Date = 03-01-2007 18:30:47 | Attr =    ]
WINClock.exe -> %System32%\drivers\WINClock.exe ->  [Ver =  | Size = 452608 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]
WinOS.hlp -> %System32%\drivers\WinOS.hlp ->  [Ver =  | Size = 31885 bytes | Created Date = 02-01-1601 23:00:00 | Attr =    ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1073270784 bytes | Modified Date = 15-01-2007 12:57:34 | Attr =  HS]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_3_0_1020.MSI ->  [Ver =  | Size = 3819008 bytes | Modified Date = 14-01-2007 21:48:22 | Attr =    ]
AdobeFnt.lst -> %CommonProgramFiles%\Adobe\TypeSpt\AdobeFnt.lst ->  [Ver =  | Size = 75604 bytes | Modified Date = 31-12-2006 23:50:18 | Attr =    ]
ROLLBACK.DB -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB ->  [Ver =  | Size = 315392 bytes | Modified Date = 07-01-2007 10:30:46 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 15-01-2007 12:57:40 | Attr =  S]
DVDFabGold.INI -> %SystemRoot%\DVDFabGold.INI ->  [Ver =  | Size = 591 bytes | Modified Date = 05-01-2007 22:57:52 | Attr =    ]
dvdSanta.INI -> %SystemRoot%\dvdSanta.INI ->  [Ver =  | Size = 26 bytes | Modified Date = 12-01-2007 21:29:12 | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 15-01-2007 12:21:10 | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 03-01-2007 18:37:10 | Attr =    ]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Modified Date = 12-01-2007 14:28:54 | Attr =    ]
Kyor.ini -> %SystemRoot%\Kyor.ini ->  [Ver =  | Size = 90 bytes | Modified Date = 11-01-2007 07:51:26 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 15-01-2007 10:51:00 | Attr =    ]
SBWIN.INI -> %SystemRoot%\SBWIN.INI ->  [Ver =  | Size = 72 bytes | Modified Date = 12-01-2007 12:54:24 | Attr =    ]
TheJukeBoxer.ini -> %SystemRoot%\TheJukeBoxer.ini ->  [Ver =  | Size = 336 bytes | Modified Date = 24-12-2006 12:18:14 | Attr =    ]
xptools.ini -> %SystemRoot%\xptools.ini ->  [Ver =  | Size = 79 bytes | Modified Date = 13-01-2007 15:25:54 | Attr =    ]
BASSMOD.dll -> %System32%\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 07-01-2007 19:11:08 | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 279744 bytes | Modified Date = 19-12-2006 21:51:22 | Attr =    ]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 50257 bytes | Modified Date = 15-01-2007 12:58:46 | Attr =    ]
Sweeper.cfg -> %System32%\Sweeper.cfg ->  [Ver =  | Size = 0 bytes | Modified Date = 15-01-2007 12:57:26 | Attr =    ]
thxcfg.ini -> %System32%\thxcfg.ini ->  [Ver =  | Size = 32 bytes | Modified Date = 07-01-2007 08:36:20 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 14-01-2007 22:11:38 | Attr =    ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,398 | Size = 28416 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 15-01-2007 09:50:52 | Attr =    ]
ntinstall.ini -> %System32%\drivers\ntinstall.ini ->  [Ver =  | Size = 87 bytes | Modified Date = 18-12-2006 04:15:12 | Attr =    ]
OS32.ini -> %System32%\drivers\OS32.ini ->  [Ver =  | Size = 24262 bytes | Modified Date = 18-12-2006 04:13:44 | Attr =    ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 07-01-2007 19:09:52 | Attr =    ]
WinOS.hlp -> %System32%\drivers\WinOS.hlp ->  [Ver =  | Size = 31885 bytes | Modified Date = 18-12-2006 04:14:02 | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %SystemDrive%\deviance.exe ->  [Ver =  | Size = 152576 bytes | Modified Date = 09-11-2005 17:13:38 | Attr =    ]
PEC2 ,  -> %SystemDrive%\dxnt.cab ->  [Ver =  | Size = 13265040 bytes | Modified Date = 09-07-2004 14:17:16 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\ACD Systems\EN\ipwssl5.dll -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.852 | Size = 321672 bytes | Modified Date = 26-08-2002 13:05:42 | Attr = R  ]
FSG! ,  -> %CommonProgramFiles%\ACD Systems\Video\rmme3260.dll -> RealNetworks, Inc. [Ver = 6.0.11.394 | Size = 537600 bytes | Modified Date = 06-06-2003 16:31:50 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip ->  [Ver =  | Size = 3290841 bytes | Modified Date = 10-11-2005 13:38:40 | Attr =    ]
USERTRUST ,  -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 12-10-2006 02:41:58 | Attr =    ]
WSUD ,  -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR\1033\l1033.dlm ->  [Ver =  | Size = 9680237 bytes | Modified Date = 26-08-2001 13:50:30 | Attr =    ]
Thawte Consulting ,  -> %CommonProgramFiles%\Wise Installation Wizard\WIS26a03535d10f44349724ce6d2f9a0549_8_017.MSI ->  [Ver =  | Size = 1701376 bytes | Modified Date = 07-11-2006 13:41:20 | Attr =    ]
UPX! , UPX0 ,  -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Modified Date = 12-12-2003 01:52:36 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 5, 0 | Size = 284672 bytes | Modified Date = 01-09-2004 15:49:56 | Attr =    ]
aspack ,  -> %System32%\context.dll -> SuperLogix [Ver = 1.6.0.0 | Size = 613376 bytes | Modified Date = 15-11-2004 06:14:46 | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41123 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 18-01-2006 20:47:36 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 07-11-2006 15:41:06 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 25-08-2006 04:47:00 | Attr =    ]
Thawte Consulting ,  -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 07-11-2006 15:41:06 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\qtalt.ax -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30-04-2004 19:46:24 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\rmalt.ax -> Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Modified Date = 26-03-2004 14:32:36 | Attr =    ]
aspack ,  -> %System32%\Shreder.dll ->  [Ver = 1, 0, 0, 1 | Size = 89088 bytes | Modified Date = 11-10-2003 18:24:44 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30-04-2004 04:46:24 | Attr =    ]
aspack ,  -> %System32%\trjscan.trb -> Simply Super Software [Ver = 6.5.1.1167 | Size = 309248 bytes | Modified Date = 28-07-2006 12:58:18 | Attr =    ]
aspack ,  -> %System32%\trupd.trb -> Simply Super Software [Ver = 1.3.2.1063 | Size = 345088 bytes | Modified Date = 17-06-2006 00:46:58 | Attr =    ]
UPX! , UPX0 ,  -> %System32%\UninstXviDDec.exe ->  [Ver =  | Size = 22782 bytes | Modified Date = 31-03-2006 08:19:08 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
aspack ,  -> %System32%\xtsupermenuHook.dll ->  [Ver =  | Size = 216064 bytes | Modified Date = 12-11-2004 15:29:44 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 09-10-2001 14:00:00 | Attr =    ]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 22-12-2006 08:32:50 | Attr =    ]
UPX! , WSUD , UPX0 ,  -> %System32%\drivers\mmsetup_10004040_ENU_MMD.exe ->  [Ver =  | Size = 30743920 bytes | Modified Date = 06-12-2006 21:36:20 | Attr =    ]
PTech ,  -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 23:41:38 | Attr =    ]

< End of report >
Avatar billede ejvindh Ekspert
15. januar 2007 - 13:46 #17
Nå, winpfind3 kunne ikke fixe dem. Prøv lige at checke filerne på jotti:

Gå ind på følgende hjemmeside:
http://virusscan.jotti.org/

Klik på Gennemse, og klik dig så frem til c:\windows\system32\drivers\smnt.exe

Klik så Submit. Så kommer der en lille log over forskellige scanninger frem. Den må du gerne klippe ind i næste svar.

Gentag herefter samme procedure, hvor du uploader denne fil:
c:\windows\system32\drivers\WINClock.exe
Avatar billede staal Praktikant
15. januar 2007 - 13:59 #18
Scan taken on 15 Jan 2007 12:57:53 (GMT) 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
Avatar billede staal Praktikant
15. januar 2007 - 14:00 #19
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Avatar billede ejvindh Ekspert
15. januar 2007 - 14:03 #20
Nå, det var ikke til meget hjælp. Prøv så ved virustotal:

Prøv at gå ind på følgende hjemmeside:
http://www.virustotal.com/en/indexx.html

Klik på Gennemse, og klik dig så frem til c:\windows\system32\drivers\smnt.exe

Klik så Send. Så vil siden efter lidt tid begynde at scanne filen. Under scanningen vil der øverst på siden stå "STATUS: SCANNING". Når scanningen er færdig, vil der stå "STATUS: FINISHED". Kopier resultatet af scanningen herind i tråden (du kan markere teksten med musen, højreklikke på det markerede, og vælge "kopier"; herefter kan du paste indholdet herind).

Gentag herefter samme procedure, hvor du uploader denne fil:
c:\windows\system32\drivers\WINClock.exe
Avatar billede staal Praktikant
15. januar 2007 - 14:08 #21
gør jeg lige lidt senere - jeg skal til møde nu
tusind tak indtil videre - kigger på det lidt senere
Avatar billede staal Praktikant
15. januar 2007 - 18:35 #22
STATUS: SCANNINGFile "WINClock.exe" received on 01.15.2007 at 18:34:34 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007  no virus found
Authentium 4.93.8 01.15.2007  no virus found
Avast 4.7.936.0 01.15.2007  no virus found
AVG 386 01.15.2007  no virus found
BitDefender 7.2 01.15.2007  no virus found
CAT-QuickHeal 9.00 01.15.2007 no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Avatar billede staal Praktikant
15. januar 2007 - 18:40 #23
STATUS: FINISHEDComplete scanning result of "smnt.exe", received in VirusTotal at 01.15.2007, 18:36:15 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007  no virus found
Authentium 4.93.8 01.15.2007  no virus found
Avast 4.7.936.0 01.15.2007  no virus found
AVG 386 01.15.2007  no virus found
BitDefender 7.2 01.15.2007  no virus found
CAT-QuickHeal 9.00 01.15.2007  no virus found
ClamAV devel-20060426 01.15.2007  no virus found
DrWeb 4.33 01.15.2007  no virus found
eSafe 7.0.14.0 01.15.2007  no virus found
eTrust-InoculateIT 23.73.113 01.13.2007  no virus found
eTrust-Vet 30.3.3329 01.15.2007  no virus found
Ewido 4.0 01.15.2007  no virus found
Fortinet 2.82.0.0 01.15.2007  no virus found
F-Prot 3.16f 01.15.2007  no virus found
F-Prot4 4.2.1.29 01.12.2007  no virus found
Ikarus T3.1.0.27 01.09.2007  no virus found
Kaspersky 4.0.2.24 01.15.2007  no virus found
McAfee 4938 01.12.2007  no virus found
Microsoft 1.1904 01.15.2007  no virus found
NOD32v2 1980 01.15.2007  no virus found
Norman 5.80.02 01.15.2007  no virus found
Panda 9.0.0.4 01.14.2007  no virus found
Prevx1 V2 01.15.2007  no virus found
Sophos 4.13.0 01.13.2007  no virus found
Sunbelt 2.2.907.0 01.12.2007  no virus found
TheHacker 6.0.3.148 01.14.2007  no virus found
UNA 1.83 01.12.2007  no virus found
VBA32 3.11.2 01.15.2007  no virus found
VirusBuster 4.3.19:9 01.15.2007 no virus found
Avatar billede staal Praktikant
15. januar 2007 - 18:48 #24
STATUS: FINISHEDComplete scanning result of "WINClock.exe", received in VirusTotal at 01.15.2007, 18:42:50 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007  no virus found
Authentium 4.93.8 01.15.2007  no virus found
Avast 4.7.936.0 01.15.2007  no virus found
AVG 386 01.15.2007  no virus found
BitDefender 7.2 01.15.2007  no virus found
CAT-QuickHeal 9.00 01.15.2007  no virus found
ClamAV devel-20060426 01.15.2007  no virus found
DrWeb 4.33 01.15.2007  no virus found
eSafe 7.0.14.0 01.15.2007  no virus found
eTrust-InoculateIT 23.73.113 01.13.2007  no virus found
eTrust-Vet 30.3.3329 01.15.2007  no virus found
Ewido 4.0 01.15.2007  no virus found
Fortinet 2.82.0.0 01.15.2007  no virus found
F-Prot 3.16f 01.15.2007  no virus found
F-Prot4 4.2.1.29 01.12.2007  no virus found
Ikarus T3.1.0.27 01.09.2007  no virus found
Kaspersky 4.0.2.24 01.15.2007  no virus found
McAfee 4938 01.12.2007  no virus found
Microsoft 1.1904 01.15.2007  no virus found
NOD32v2 1980 01.15.2007  no virus found
Norman 5.80.02 01.15.2007  no virus found
Panda 9.0.0.4 01.14.2007  no virus found
Prevx1 V2 01.15.2007  no virus found
Sophos 4.13.0 01.13.2007  no virus found
Sunbelt 2.2.907.0 01.12.2007  no virus found
TheHacker 6.0.3.148 01.14.2007  no virus found
UNA 1.83 01.12.2007  no virus found
VBA32 3.11.2 01.15.2007  no virus found
VirusBuster 4.3.19:9 01.15.2007 no virus found
Avatar billede staal Praktikant
15. januar 2007 - 18:52 #25
STATUS: FINISHEDComplete scanning result of "smnt.scr", received in VirusTotal at 01.15.2007, 18:50:07 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007  no virus found
Authentium 4.93.8 01.15.2007  no virus found
Avast 4.7.936.0 01.15.2007  no virus found
AVG 386 01.15.2007  no virus found
BitDefender 7.2 01.15.2007  no virus found
CAT-QuickHeal 9.00 01.15.2007  no virus found
ClamAV devel-20060426 01.15.2007  no virus found
DrWeb 4.33 01.15.2007  no virus found
eSafe 7.0.14.0 01.15.2007  no virus found
eTrust-InoculateIT 23.73.113 01.13.2007  no virus found
eTrust-Vet 30.3.3329 01.15.2007  no virus found
Ewido 4.0 01.15.2007  no virus found
Fortinet 2.82.0.0 01.15.2007  no virus found
F-Prot 3.16f 01.15.2007  no virus found
F-Prot4 4.2.1.29 01.12.2007  no virus found
Ikarus T3.1.0.27 01.09.2007  no virus found
Kaspersky 4.0.2.24 01.15.2007  no virus found
McAfee 4938 01.12.2007  no virus found
Microsoft 1.1904 01.15.2007  no virus found
NOD32v2 1980 01.15.2007  no virus found
Norman 5.80.02 01.15.2007  no virus found
Panda 9.0.0.4 01.14.2007  no virus found
Prevx1 V2 01.15.2007  no virus found
Sophos 4.13.0 01.13.2007  no virus found
Sunbelt 2.2.907.0 01.12.2007  no virus found
TheHacker 6.0.3.148 01.14.2007  no virus found
UNA 1.83 01.12.2007  no virus found
VBA32 3.11.2 01.15.2007  no virus found
VirusBuster 4.3.19:9 01.15.2007 no virus found
Avatar billede ejvindh Ekspert
15. januar 2007 - 20:38 #26
De frikender godt nok alle filerne. Derfor vil jeg egentlig anbefale at du lader dem ligge, og betragter dem som en falsk positiv fra Spywaredoktor's side. Har du nogle problemer i øvrigt med computeren?

Hvis du alligevel gerne vil have dem fjernet kan jeg godt gøre det. Så skal du bare sige til. Men jeg vil ikke anbefale det, medmindre du har problemer med computeren.
Avatar billede staal Praktikant
15. januar 2007 - 21:07 #27
Okay - tusind tak for tålmodig hjælp og jeg ser tiden an og om de dukker op igen
Avatar billede ejvindh Ekspert
15. januar 2007 - 22:46 #28
Du er velkommen. Og du vender bare tilbage, hvis der bliver noget.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »