Søg
Avatar billede gert_hahn Novice
08. marts 2007 - 05:19 Der er 14 kommentarer og
1 løsning

IBIS HUNT toolbar skal gerne væk

Har fået ovennævnte ind på maskinen, jeg har investeret i xoftspy der påstår at kunne fjerne den. Ved scanning finder den også ibis, fjerner den godt nok også, men efter genstart er den der igen - damned.
Er det en sag for hijack this eller er der nogen her, der har et bud på, hvilke filer, jeg skal lede efter? Hverken ad-aware, spybot eller norton (ja, jeg er fra den gren...) finder noget...
Gert
Avatar billede ejvindh Ekspert
08. marts 2007 - 10:01 #1
Ja, det kunne godt være et job for Hijackthis. Men jeg foretrækker nu Winpfind3, der finder en hel del mere:

Hent Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: None

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.
Avatar billede gert_hahn Novice
09. marts 2007 - 05:15 #2
takker foreløbig - kigger på det her i week-enden.
Avatar billede gert_hahn Novice
11. marts 2007 - 19:30 #3
Her er så en logfil ved opstart.
Jeg ved simpelt hen ikke, hvad jeg skal kigge efter.
Xoftspy finder godt nok ibis og fjerner den, men  efter opstart er den der igen.
Øv.

WinPFind3 logfile created on: 09-03-2007 13:35:47
WinPFind3U by OldTimer - Version 1.0.20    Folder = J:\Dap downloads\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1047532 Kb Total Physical Memory | 527608 Kb Available Physical Memory | 50,37% Memory free
2522544 Kb Paging File | 1941820 Kb Available in Paging File | 76,98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 78148160 Kb Total Space | 7813544 Kb Free Space | 10,00% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
_dr_desktop.exe -> %LocalSettings%\Temp\_dr_desktop.exe ->  [Ver = 01.00.0000 | Size = 903632 bytes | Modified Date = 09-03-2007 13:06:40 | Attr =    ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 05-01-2007 23:04:10 | Attr =    ]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 350053 bytes | Modified Date = 05-03-2007 21:38:10 | Attr =    ]
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26-10-2005 17:17:24 | Attr = R  ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05-01-2007 09:19:28 | Attr =    ]
camtray.exe -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.2.1.0 | Size = 184320 bytes | Modified Date = 26-06-2003 02:02:00 | Attr =    ]
capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> Popwire AB [Ver = 1.2.0.70 | Size = 212992 bytes | Modified Date = 09-03-2006 02:00:28 | Attr =    ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10-01-2007 06:59:52 | Attr =    ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10-01-2007 06:59:32 | Attr =    ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10-01-2007 06:59:32 | Attr =    ]
ceekey.exe -> %ProgramFiles%\Toshiba\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 2, 1, 0, 7 | Size = 638976 bytes | Modified Date = 12-03-2004 10:35:48 | Attr =    ]
ceepwrsvc.exe -> %ProgramFiles%\Toshiba\Power Management\CeEPwrSvc.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 0 | Size = 36973 bytes | Modified Date = 08-01-2004 08:50:28 | Attr =    ]
cepmtray.exe -> %ProgramFiles%\Toshiba\Power Management\CePMTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 4 | Size = 139264 bytes | Modified Date = 12-02-2004 22:18:26 | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 02-12-2003 15:05:54 | Attr =    ]
cprmtkey.exe -> %ProgramFiles%\Toshiba\Toshiba Controls\CpRmtKey.EXE -> Dritek System Inc. [Ver = 1, 1, 0, 1 | Size = 94208 bytes | Modified Date = 08-12-2003 21:43:02 | Attr =    ]
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 10-12-2005 15:57:20 | Attr =    ]
dap.exe -> %ProgramFiles%\DAP\DAP.exe -> Speedbit Ltd. [Ver = 8, 1, 5, 6 | Size = 3364616 bytes | Modified Date = 15-01-2007 23:58:34 | Attr =    ]
dr_des~1.exe -> %ProgramFiles%\DR Desktop\dr_desktop.exe ->  [Ver = 01,00,0, 0000 | Size = 1890877 bytes | Modified Date = 17-06-2005 16:01:00 | Attr =    ]
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 10-08-2005 08:54:34 | Attr = R  ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 11-05-2005 22:12:54 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15-12-2006 03:23:28 | Attr =    ]
mailwasher.exe -> %ProgramFiles%\FireTrust\MailWasher Pro\MailWasher.exe -> Firetrust Ltd [Ver = 5.0.14.6034 | Size = 5183488 bytes | Modified Date = 07-05-2005 14:46:58 | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 77824 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08-05-2003 10:00:58 | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 09-09-2006 16:01:32 | Attr =    ]
snm.exe -> %ProgramFiles%\SpyNoMore\SNM.exe -> Illysoft LLC [Ver = 2.64.0.0 | Size = 1210584 bytes | Modified Date = 03-02-2007 13:54:24 | Attr =    ]
spfprc.exe -> %ProgramFiles%\SPYWAREfighter\spfprc.exe -> SpamFighter APS [Ver = 1.7.5.0 | Size = 405504 bytes | Modified Date = 12-12-2006 12:34:24 | Attr =    ]
spftray.exe -> %ProgramFiles%\SPYWAREfighter\spftray.exe -> SPAMfighter [Ver = 1, 7, 6, 0 | Size = 110592 bytes | Modified Date = 03-12-2006 14:19:46 | Attr =    ]
sweetim.exe -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 1, 1, 0, 162 | Size = 40960 bytes | Modified Date = 06-06-2006 09:07:48 | Attr = R  ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 22-01-2007 06:37:10 | Attr =    ]
tptray.exe -> %ProgramFiles%\Toshiba\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 2 | Size = 53248 bytes | Modified Date = 12-02-2004 10:18:02 | Attr =    ]
winpfind3u.exe -> J:\Dap downloads\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.20.0 | Size = 310784 bytes | Modified Date = 04-03-2007 13:21:48 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 05-01-2007 23:04:10 | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10-01-2007 06:59:32 | Attr =    ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10-01-2007 06:59:32 | Attr =    ]
(CeEPwrSvc) CeEPwrSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Power Management\CeEPwrSvc.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 0 | Size = 36973 bytes | Modified Date = 08-01-2004 08:50:28 | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 02-12-2003 15:05:54 | Attr =    ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10-01-2007 06:59:32 | Attr =    ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13-01-2007 04:40:58 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 26-08-2004 17:53:50 | Attr =    ]
(EpgSpooler) Pinnacle Systems tvtv Spooler [Win32_Own | Auto | Stopped] ->  -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03-04-2005 23:41:10 | Attr =    ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14-01-2007 08:11:06 | Attr =    ]
(LBTServ) Logitech Bluetooth Service [Win32_Own | Auto | Stopped] ->  -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.41 | Size = 2918008 bytes | Modified Date = 05-01-2007 23:04:10 | Attr =    ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 15-01-2007 17:14:38 | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15-01-2007 16:01:56 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 77824 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29-09-2004 11:14:36 | Attr =    ]
(SPYWAREfighterRP) SPYWAREfighterRP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\SPYWAREfighter\spfprc.exe -> SpamFighter APS [Ver = 1.7.5.0 | Size = 405504 bytes | Modified Date = 12-12-2006 12:34:24 | Attr =    ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 22-01-2007 06:37:10 | Attr =    ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05-01-2007 09:19:28 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511D | Size = 391424 bytes | Modified Date = 11-12-2003 21:54:14 | Attr =    ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5420 | Size = 541548 bytes | Modified Date = 19-12-2003 18:07:50 | Attr =    ]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 77000 bytes | Modified Date = 05-03-2007 16:24:48 | Attr =    ]
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.239 | Size = 96079 bytes | Modified Date = 11-10-2003 08:26:50 | Attr = R  ]
(AR5211) Atheros AR5001 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 2.4.2.14 | Size = 324608 bytes | Modified Date = 14-09-2003 18:16:16 | Attr =    ]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr =    ]
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %System32%\drivers\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 07-04-2005 16:18:34 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DCamUSBEMPIA) PCTV USB2 2821 Capture [Kernel | On_Demand | Stopped] -> %System32%\drivers\emDevice.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 100957 bytes | Modified Date = 06-04-2004 13:08:06 | Attr =    ]
(DFUBTUSB) WIDCOMM USB Bluetooth Driver in DFU State [Kernel | On_Demand | Stopped] -> %System32%\drivers\frmupgr.sys -> Broadcom Corporation. [Ver = 5.0.1.2500 | Size = 19372 bytes | Modified Date = 22-03-2006 16:45:02 | Attr =    ]
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 3, 0, 2, 1 | Size = 17284 bytes | Modified Date = 20-02-2004 09:04:04 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 26-08-2004 17:49:40 | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 26-08-2004 17:49:40 | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 25-04-2003 13:00:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(dtscsi) dtscsi [Kernel | On_Demand | Running] -> %System32%\drivers\dtscsi.sys ->  [Ver =  | Size = 223128 bytes | Modified Date = 19-04-2006 22:06:50 | Attr =    ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.1.0.69 | Size = 383800 bytes | Modified Date = 05-02-2007 10:00:00 | Attr =    ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 28-02-2007 21:56:08 | Attr =    ]
(emAudio) PCTV USB2 2821 Audio [Kernel | On_Demand | Stopped] -> %System32%\drivers\emAudio.sys -> Pinnacle Systems, Inc. [Ver = 1.1.0505.0 | Size = 19584 bytes | Modified Date = 05-05-2004 12:40:38 | Attr =    ]
(EPOWER) Compal E-POWER Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hkdrv.sys -> Compal Electronic Inc. [Ver = 0.0.0.4 | Size = 4224 bytes | Modified Date = 29-03-2004 09:36:34 | Attr =    ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.1.0.69 | Size = 102712 bytes | Modified Date = 05-02-2007 10:00:00 | Attr =    ]
(FiltUSBEMPIA) USB Device Lower Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\emFilter.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 5245 bytes | Modified Date = 06-04-2004 13:07:58 | Attr =    ]
(hotcore) hotcore [Kernel | Boot | Running] -> %System32%\drivers\hotcore.sys -> Paragon Software Group [Ver = 5.00.2195.1 | Size = 18208 bytes | Modified Date = 29-04-2005 00:47:48 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 08-03-2005 11:43:26 | Attr =    ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 08-03-2005 11:43:26 | Attr =    ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 08-03-2005 11:43:28 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070308.018\NAVENG.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 80472 bytes | Modified Date = 31-01-2007 10:00:00 | Attr =    ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070308.018\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 852600 bytes | Modified Date = 31-01-2007 10:00:00 | Attr =    ]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %System32%\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 29-01-2003 12:35:00 | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 1877952 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(pciSd) pciSd [Kernel | On_Demand | Stopped] -> %System32%\drivers\tossdpci.sys -> TOSHIBA [Ver = 1.00.07.30210 | Size = 15143 bytes | Modified Date = 11-02-2003 14:03:54 | Attr =    ]
(PD0620VID) Creative WebCam Instant [Kernel | On_Demand | Stopped] -> %System32%\drivers\P0620Vid.sys -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 91577 bytes | Modified Date = 29-07-2004 12:14:22 | Attr =    ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PL2501NW) Hi-Speed USB-USB Network Adapter [Kernel | On_Demand | Stopped] -> %System32%\drivers\PL2501NW.sys -> Prolific Technology Inc. (www.prolific.com.tw) [Ver = 2.0.0.42 | Size = 11520 bytes | Modified Date = 02-04-2003 09:56:28 | Attr =    ]
(PLUsbbc2) Hi-Speed USB Bridge Cable Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbbc2.sys -> Prolific Technology Inc. [Ver = 2.0.0.17 | Size = 7936 bytes | Modified Date = 04-03-2003 10:46:50 | Attr =    ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 25-04-2003 13:00:00 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation                            [Ver = 5.606.811.2003 built by: WinDDK | Size = 65280 bytes | Modified Date = 13-08-2003 14:27:22 | Attr =    ]
(rtl8139) NT-driver til Realtek RTL8139(A/B/C) PCI Fast Ethernet-netværkskort [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03-08-2004 22:31:34 | Attr =    ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 01-12-2006 19:00:20 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 16:51:08 | Attr =    ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1024 | Size = 29184 bytes | Modified Date = 01-12-2006 19:00:02 | Attr =    ]
(ScanUSBEMPIA) USB Still Image Capture Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\emScan.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 4493 bytes | Modified Date = 06-04-2004 13:07:54 | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 25-04-2003 13:00:00 | Attr =    ]
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ser2pl.sys -> Prolific Technology Inc. [Ver = 2.0.0.26 | Size = 42752 bytes | Modified Date = 28-06-2004 05:08:56 | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Modified Date = 23-04-2002 12:08:12 | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.2.1.3 | Size = 417592 bytes | Modified Date = 01-02-2007 02:21:02 | Attr =    ]
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys ->  [Ver =  | Size = 646392 bytes | Modified Date = 14-01-2007 17:24:40 | Attr =    ]
(SpyFighter) SpyFighter Guard Device [Kernel | On_Demand | Running] -> %ProgramFiles%\SPYWAREfighter\spyfighter.sys ->  [Ver =  | Size = 3584 bytes | Modified Date = 20-12-2005 18:19:06 | Attr =    ]
(SRTSP) SRTSP [File_System | System | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.1.4.1 | Size = 247608 bytes | Modified Date = 12-01-2007 03:22:14 | Attr =    ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.1.4.1 | Size = 276792 bytes | Modified Date = 12-01-2007 03:22:20 | Attr =    ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.1.4.1 | Size = 25400 bytes | Modified Date = 12-01-2007 03:22:18 | Attr =    ]
(SrvcEKIOMngr) SrvcEKIOMngr [Kernel | System | Running] -> %System32%\drivers\EKIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 19-12-2002 09:56:32 | Attr =    ]
(SrvcEPIOMngr) SrvcEPIOMngr [Kernel | System | Running] -> %System32%\drivers\EPIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 18-12-2002 18:56:32 | Attr =    ]
(SrvcSSIOMngr) SrvcSSIOMngr [Kernel | System | Running] -> %System32%\drivers\SSIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 19-12-2002 09:56:34 | Attr =    ]
(SrvcTPIOMngr) SrvcTPIOMngr [Kernel | System | Running] -> %System32%\drivers\TPIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 18-12-2002 18:56:32 | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 12984 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Modified Date = 22-01-2007 06:39:00 | Attr =    ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 145976 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 40120 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070302.001\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 16-01-2007 12:01:06 | Attr =    ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 4608 bytes | Modified Date = 20-01-2007 16:09:32 | Attr =    ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 35256 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 27576 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 191544 bytes | Modified Date = 09-01-2007 23:32:14 | Attr =    ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TOSHIBASoftModem) TOSHIBA Software Modem [Kernel | On_Demand | Running] -> %System32%\drivers\LTSM.sys -> LT [Ver =  3.1.118.11 05/12/2003 13:30:23 | Size = 817296 bytes | Modified Date = 12-05-2003 12:30:26 | Attr = R  ]
(toshidpt) TOSHIBA Bluetooth HID port driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Toshidpt.sys -> TOSHIBA Corporation. [Ver = Version 1.00.00 | Size = 2851 bytes | Modified Date = 16-10-2002 12:55:48 | Attr =    ]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(tosporte) Bluetooth Port Driver from Toshiba [Kernel | On_Demand | Running] -> %System32%\drivers\Tosporte.sys -> TOSHIBA Corporation [Ver = 1.02.00 | Size = 45598 bytes | Modified Date = 23-01-2004 14:37:30 | Attr =    ]
(Tosrfbd) Bluetooth RFBUS from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\TosRfbd.sys -> TOSHIBA CORPORATION [Ver = 01.03.09 | Size = 92416 bytes | Modified Date = 30-01-2004 15:09:22 | Attr =    ]
(Tosrfbnp) Bluetooth RFBNEP from TOSHIBA [Kernel | On_Demand | Stopped] -> %System32%\drivers\tosrfbnp.sys -> TOSHIBA Corporation [Ver = 1.00 | Size = 36579 bytes | Modified Date = 03-02-2004 17:39:00 | Attr =    ]
(Tosrfcom) Bluetooth RFCOMM from TOSHIBA [Kernel | System | Running] -> %System32%\drivers\tosrfcom.sys -> TOSHIBA Corporation [Ver = 1.02 | Size = 62639 bytes | Modified Date = 23-01-2004 13:10:00 | Attr =    ]
(tosrfec) Bluetooth ACPI from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\Tosrfec.sys -> TOSHIBA Corporation [Ver = 1.02.00 | Size = 8605 bytes | Modified Date = 04-02-2003 10:12:36 | Attr =    ]
(Tosrfhid) Bluetooth RFHID from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\TosRfhid.sys -> TOSHIBA Corporation. [Ver = Version 1.03.03 | Size = 48000 bytes | Modified Date = 03-02-2004 18:33:26 | Attr =    ]
(tosrfnds) Bluetooth Personal Area Network from TOSHIBA [Kernel | On_Demand | Stopped] -> %System32%\drivers\tosrfnds.sys -> TOSHIBA Corporation. [Ver = Version 1.00.03 | Size = 17572 bytes | Modified Date = 03-02-2004 17:39:32 | Attr =    ]
(Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Running] -> %System32%\drivers\tosrfusb.sys -> TOSHIBA CORPORATION [Ver = 01.03.05 | Size = 54016 bytes | Modified Date = 20-01-2004 17:31:26 | Attr =    ]
(tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tsdhd.sys -> TOSHIBA Corporation [Ver = 2, 0, 4, 30514 | Size = 25888 bytes | Modified Date = 13-05-2003 23:38:32 | Attr =    ]
(UimBus) Universal Image Mounter Controller [Kernel | System | Running] -> %System32%\drivers\UimBus.sys -> Windows (R) 2000 DDK provider [Ver = 2.0.0.1 | Size = 26672 bytes | Modified Date = 29-04-2005 01:05:58 | Attr =    ]
(Uim_IM) UIM Drive Backup Image Plugin [Kernel | System | Running] -> %System32%\drivers\Uim_IM.sys ->  [Ver =  | Size = 120995 bytes | Modified Date = 27-04-2005 10:03:24 | Attr =    ]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(w800bus) Sony Ericsson W800 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w800bus.sys -> MCCI [Ver = V4.34 | Size = 60768 bytes | Modified Date = 13-03-2006 18:52:16 | Attr = R  ]
(w800mdfl) Sony Ericsson W800 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\w800mdfl.sys -> MCCI [Ver = V4.34 | Size = 9264 bytes | Modified Date = 13-03-2006 18:52:22 | Attr = R  ]
(w800mdm) Sony Ericsson W800 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\w800mdm.sys -> MCCI [Ver = V4.34 | Size = 96224 bytes | Modified Date = 13-03-2006 18:52:24 | Attr = R  ]
(w800mgmt) Sony Ericsson W800 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\w800mgmt.sys -> MCCI [Ver = V4.34 | Size = 87792 bytes | Modified Date = 13-03-2006 18:52:30 | Attr = R  ]
(w800obex) Sony Ericsson W800 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\w800obex.sys -> MCCI [Ver = V4.34 | Size = 85664 bytes | Modified Date = 13-03-2006 18:52:32 | Attr = R  ]
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 20-02-2006 18:59:28 | Attr = R  ]
(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 20-02-2006 18:59:32 | Attr = R  ]
(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdm.sys -> MCCI [Ver = V4.34 | Size = 94064 bytes | Modified Date = 20-02-2006 18:59:34 | Attr = R  ]
(w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mgmt.sys -> MCCI [Ver = V4.34 | Size = 85408 bytes | Modified Date = 20-02-2006 18:59:34 | Attr = R  ]
(w810obex) Sony Ericsson W810 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810obex.sys -> MCCI [Ver = V4.34 | Size = 83344 bytes | Modified Date = 20-02-2006 18:59:36 | Attr = R  ]
(W8335XP) IEEE 802.11g Wireless Cardbus/PCI Adapter HW51 [Kernel | On_Demand | Stopped] -> %System32%\drivers\Mrv8000c.sys -> Marvell Semiconductor, Inc [Ver = 3.01.00.019 built by: WinDDK | Size = 253440 bytes | Modified Date = 17-09-2004 03:17:00 | Attr = R  ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.3.10.166 | Size = 151552 bytes | Modified Date = 18-06-2003 13:44:06 | Attr = R  ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10-01-2007 06:59:52 | Attr =    ]
CeEKEY -> %ProgramFiles%\Toshiba\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 2, 1, 0, 7 | Size = 638976 bytes | Modified Date = 12-03-2004 10:35:48 | Attr =    ]
CeEPOWER -> %ProgramFiles%\Toshiba\Power Management\CePMTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 4 | Size = 139264 bytes | Modified Date = 12-02-2004 22:18:26 | Attr =    ]
CpRmtKey -> %ProgramFiles%\Toshiba\Toshiba Controls\CpRmtKey.EXE -> Dritek System Inc. [Ver = 1, 1, 0, 1 | Size = 94208 bytes | Modified Date = 08-12-2003 21:43:02 | Attr =    ]
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.2.1.0 | Size = 184320 bytes | Modified Date = 26-06-2003 02:02:00 | Attr =    ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 10-12-2005 15:57:20 | Attr =    ]
DownloadAccelerator -> %ProgramFiles%\DAP\DAP.exe -> Speedbit Ltd. [Ver = 8, 1, 5, 6 | Size = 3364616 bytes | Modified Date = 15-01-2007 23:58:34 | Attr =    ]
EzButton -> %ProgramFiles%\EzButton\EzButton.EXE -> Dritek System Inc. [Ver = 1.210 | Size = 712704 bytes | Modified Date = 17-12-2003 16:21:40 | Attr =    ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 11-05-2005 22:12:54 | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12-01-2006 15:40:44 | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 2904064 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 782336 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08-05-2003 10:00:58 | Attr =    ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14-01-2007 08:11:10 | Attr =    ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe ->  [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 10-11-2003 17:06:08 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 09-09-2006 16:01:32 | Attr =    ]
SNM -> %ProgramFiles%\SpyNoMore\SNM.exe -> Illysoft LLC [Ver = 2.64.0.0 | Size = 1210584 bytes | Modified Date = 03-02-2007 13:54:24 | Attr =    ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26-10-2005 17:17:24 | Attr = R  ]
spywarefighterguard -> %ProgramFiles%\SPYWAREfighter\spftray.exe -> SPAMfighter [Ver = 1, 7, 6, 0 | Size = 110592 bytes | Modified Date = 03-12-2006 14:19:46 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15-12-2006 03:23:28 | Attr =    ]
SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 1, 1, 0, 162 | Size = 40960 bytes | Modified Date = 06-06-2006 09:07:48 | Attr = R  ]
TPNF -> %ProgramFiles%\Toshiba\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 2 | Size = 53248 bytes | Modified Date = 12-02-2004 10:18:02 | Attr =    ]
XoftSpySE -> %ProgramFiles%\XoftSpySE\XoftSpy.exe -> ParetoLogic [Ver = 4, 29, 0, 7 | Size = 719360 bytes | Modified Date = 24-01-2007 21:24:58 | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 350053 bytes | Modified Date = 05-03-2007 21:38:10 | Attr =    ]
dr_desktop -> %ProgramFiles%\DR Desktop\dr_desktop.exe ->  [Ver = 01,00,0, 0000 | Size = 1890877 bytes | Modified Date = 17-06-2005 16:01:00 | Attr =    ]
< Common Startup > -> C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
%AllUsersStartup%\Adobe Reader Hurtigstart.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23-09-2005 22:05:26 | Attr =    ]
< User Startup > -> C:\Documents and Settings\Gert\Menuen Start\Programmer\Start
%UserStartup%\MailWasherPro.lnk -> %ProgramFiles%\FireTrust\MailWasher Pro\MailWasher.exe -> Firetrust Ltd [Ver = 5.0.14.6034 | Size = 5183488 bytes | Modified Date = 07-05-2005 14:46:58 | Attr =    ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION [Ver = 3.01.4203.DA | Size = 376832 bytes | Modified Date = 03-02-2004 10:37:14 | Attr =    ]
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^CleanTemp 1.5.lnk -> %ProgramFiles%\CleanTemp 1.5\CleanTemp.exe -> Update Computer Services [Ver = 1.5.5.74 | Size = 295424 bytes | Modified Date = 27-04-2005 19:39:28 | Attr =    ]
C:^Documents and Settings^Gert^Menuen Start^Programmer^Start^ePad995.exe.lnk -> %SystemDrive%\ePad995\ePad995.exe -> Software995 [Ver = 1.2 | Size = 163840 bytes | Modified Date = 22-08-2005 14:10:24 | Attr =    ]
C:^Documents and Settings^Gert^Menuen Start^Programmer^Start^MailWasherPro.lnk -> %ProgramFiles%\FireTrust\MailWasher Pro\MailWasher.exe -> Firetrust Ltd [Ver = 5.0.14.6034 | Size = 5183488 bytes | Modified Date = 07-05-2005 14:46:58 | Attr =    ]
C:^Documents and Settings^Gert^Menuen Start^Programmer^Start^OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe ->  [Ver =  | Size = 393216 bytes | Modified Date = 28-09-2006 20:47:52 | Attr =    ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 27-05-2005 00:22:02 | Attr =    ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8465408 bytes | Modified Date = 19-12-2006 22:50:34 | Attr =    ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 284672 bytes | Modified Date = 26-08-2004 17:53:56 | Attr =    ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 25-04-2003 13:00:00 | Attr =    ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 17-10-2006 12:56:10 | Attr =    ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 15-07-2003 05:52:56 | Attr =    ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 15-07-2003 05:52:56 | Attr =    ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 12-01-2007 09:27:42 | Attr =    ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 12-01-2007 09:27:42 | Attr =    ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 136192 bytes | Modified Date = 26-08-2004 17:53:56 | Attr =    ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 17:53:54 | Attr =    ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8825 | Size = 114688 bytes | Modified Date = 09-08-2004 21:27:16 | Attr =    ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8465408 bytes | Modified Date = 19-12-2006 22:50:34 | Attr =    ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 17:53:50 | Attr =    ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 17:53:50 | Attr =    ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 17:53:50 | Attr =    ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 17:53:50 | Attr =    ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08-01-2007 18:08:42 | Attr =    ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} ->  ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} ->  ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} ->  ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5} [HKLM] -> Reg Data - Key not found [] -> File not found
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL ->  -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 01-12-2006 19:00:28 | Attr =    ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->  ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName =  ->
0 -> Source = http://media.dating.dk/Users/a4a22f85-fe76-412b-9799-0f33f816c3ba/Photos/26992/Image_632619924782538529.jpg ->
0 -> SubscribedURL = http://media.dating.dk/Users/a4a22f85-fe76-412b-9799-0f33f816c3ba/Photos/26992/Image_632619924782538529.jpg ->
1 -> [Key] ->
1 -> FriendlyName = Min aktuelle startside ->
1 -> Source = About:Home ->
1 -> SubscribedURL = About:Home ->
2 -> [Key] ->
2 -> FriendlyName =  ->
2 -> Source =  ->
2 -> SubscribedURL =  ->
< HOSTS File > (568152 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://ekstrabladet.dk/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Search Bar -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://ekstrabladet.dk/ ->
HKCU: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKCU: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: URLSearchHooks\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12-01-2007 08:04:50 | Attr = R  ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] ->  [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 26-08-2004 10:27:32 | Attr =    ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12-01-2007 08:05:00 | Attr = R  ]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04-08-2005 20:54:42 | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04-08-2005 20:54:42 | Attr =    ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> 8196 - Reg Data - Value does not exist ->
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -> 8197 - Opret Foretrukken på mobil enhed... ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{E6850551-1B82-47cd-BBF3-8E7D6099F9B3} -> 8199 - TvGuide.dk ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8200 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15-12-2006 03:23:26 | Attr =    ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Opret Foretrukken på mobil enhed] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Opslag] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E6850551-1B82-47cd-BBF3-8E7D6099F9B3} -> www.tvg [ButtonText: TvGuide] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm ->  [Ver =  | Size = 1748 bytes | Modified Date = 15-01-2007 23:58:36 | Attr =    ]
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm ->  [Ver =  | Size = 2020 bytes | Modified Date = 15-01-2007 23:58:36 | Attr =    ]
&MSN Search -> Reg Data - Value does not exist -> File not found
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm ->  [Ver =  | Size = 1041 bytes | Modified Date = 15-01-2007 23:58:36 | Attr =    ]
Easy-WebPrint Add To Pri
Avatar billede gert_hahn Novice
11. marts 2007 - 19:45 #4
del 2
Easy-WebPrint Add To Print List ->
%ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %System32%\mmfinfo.dll [Haali Column Provider] ->  [Ver =  | Size = 65536 bytes | Modified Date = 28-10-2006 20:01:02 | Attr =    ]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Infotip Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9073 | Size = 331776 bytes | Modified Date = 28-09-2006 23:23:58 | Attr =    ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{1CC513AE-A20D-4f42-BDAF-4BE42BCDB6EC} [HKLM] -> %System32%\UimExt.dll [UIM Drive Extension] ->  [Ver = 1, 0, 0, 1 | Size = 159744 bytes | Modified Date = 28-04-2005 23:37:04 | Attr =    ]
{1CC513EE-A20D-4f42-BDAF-4BE42BCDB6EC} [HKLM] -> %System32%\UimExt.dll [UIM File Extension] ->  [Ver = 1, 0, 0, 1 | Size = 159744 bytes | Modified Date = 28-04-2005 23:37:04 | Attr =    ]
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 454656 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 454656 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 454656 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] ->  [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 27-03-2006 17:34:06 | Attr =    ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{3B092F0C-7696-40E3-A80F-68D74DA84210} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Thumbnail Viewer] -> Sun Microsystems, Inc. [Ver = 8.0.0.9073 | Size = 331776 bytes | Modified Date = 28-09-2006 23:23:58 | Attr =    ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{63542C48-9552-494A-84F7-73AA6A7C99C1} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Property Sheet Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9073 | Size = 331776 bytes | Modified Date = 28-09-2006 23:23:58 | Attr =    ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 11:07:16 | Attr =    ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 25-04-2003 13:00:00 | Attr =    ]
{8FF43EAA-2BB1-4A53-8E18-D9221E56E593} [HKLM] -> %System32%\CePMTab.dll [CePMTab Property Sheet] -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 0 | Size = 41065 bytes | Modified Date = 08-01-2004 08:50:32 | Attr =    ]
{97090E2F-3062-4459-855B-014F0D3CDBB1} [HKLM] -> Reg Data - Key not found [Windows Deskbar] -> File not found
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [NeroCoverEd Live Icons] -> Nero AG [Ver = 2, 7, 3, 0 | Size = 1953792 bytes | Modified Date = 08-01-2007 14:13:08 | Attr =    ]
{9ED66769-A198-41FE-8615-601691C68846} [HKLM] -> %System32%\TPprop.dll [TouchPad Property Sheet] -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 0 | Size = 94208 bytes | Modified Date = 07-01-2004 18:12:46 | Attr =    ]
{A5110426-177D-4e08-AB3F-785F10B4439C} [HKLM] -> %ProgramFiles%\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll [Sony Ericsson File Manager] -> Sony Ericsson Mobile Communications AB [Ver = 1, 3, 11, 0 | Size = 397312 bytes | Modified Date = 14-03-2006 16:23:00 | Attr = R  ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 2904064 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 11:07:16 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] ->  [Ver =  | Size = 126464 bytes | Modified Date = 28-03-2006 23:23:10 | Attr =    ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Column Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9073 | Size = 331776 bytes | Modified Date = 28-09-2006 23:23:58 | Attr =    ]
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} [HKLM] -> Reg Data - Key not found [Haali Matroska Thumbnail Exctractor] -> File not found
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [Universal Plug and Play-enheder] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] ->  [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 27-03-2006 17:34:04 | Attr =    ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 2904064 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 3, 2 | Size = 73728 bytes | Modified Date = 15-01-2007 17:15:02 | Attr =    ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 23-01-2007 17:43:30 | Attr =    ]
{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Cover Designer] -> Nero AG [Ver = 2, 7, 3, 0 | Size = 1953792 bytes | Modified Date = 08-01-2007 14:13:08 | Attr =    ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 3 | Size = 53345 bytes | Modified Date = 15-01-2007 23:58:36 | Attr =    ]
{44CB577A-837C-4C36-9C8D-80A1639B9333} [HKLM] -> %ProgramFiles%\SPYWAREfighter\spfext.dll [SPYWAREfighter] -> Spamfighter [Ver = 1.6.0.0 | Size = 118784 bytes | Modified Date = 03-04-2006 11:10:20 | Attr =    ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.2.0.29 | Size = 173680 bytes | Modified Date = 14-01-2007 10:09:32 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 126464 bytes | Modified Date = 28-03-2006 23:23:10 | Attr =    ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 23-01-2007 17:43:30 | Attr =    ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 3 | Size = 53345 bytes | Modified Date = 15-01-2007 23:58:36 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 126464 bytes | Modified Date = 28-03-2006 23:23:10 | Attr =    ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 454656 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.5682 | Size = 2904064 bytes | Modified Date = 12-02-2004 21:04:00 | Attr = R  ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 3, 2 | Size = 73728 bytes | Modified Date = 15-01-2007 17:15:02 | Attr =    ]
{44CB577A-837C-4C36-9C8D-80A1639B9333} [HKLM] -> %ProgramFiles%\SPYWAREfighter\spfext.dll [SPYWAREfighter] -> Spamfighter [Ver = 1.6.0.0 | Size = 118784 bytes | Modified Date = 03-04-2006 11:10:20 | Attr =    ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.2.0.29 | Size = 173680 bytes | Modified Date = 14-01-2007 10:09:32 | Attr =    ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] ->  [Ver =  | Size = 126464 bytes | Modified Date = 28-03-2006 23:23:10 | Attr =    ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %System32%\mmfinfo.dll [Haali Column Provider] ->  [Ver =  | Size = 65536 bytes | Modified Date = 28-10-2006 20:01:02 | Attr =    ]
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 15-11-2005 11:07:16 | Attr =    ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.0\program\shlxthdl.dll [Reg Data - Value does not exist] -> Sun Microsystems, Inc. [Ver = 8.0.0.9073 | Size = 331776 bytes | Modified Date = 28-09-2006 23:23:58 | Attr =    ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 02:20:02 | Attr =    ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] ->  [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 27-03-2006 17:34:04 | Attr =    ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Avant Browser -> IEAK ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{122359FE-E308-4856-BB0E-AFE47C778AB1} ->    () ->
{33EE1930-05A4-4350-B3DC-6E533BB606CF} ->    (1394-netværkskort) ->
{793887A5-69E2-42A9-8009-E03DCEA0D9CC} ->    (Atheros AR5001X+ Wireless Network Adapter) ->
{8973FC12-5182-44DA-8838-BFF417BCEAED} ->    (1394-netværkskort) ->
{8DCE444F-60AD-4431-B3D4-858F6AD2A88C} ->    (IEEE 802.11g Wireless Cardbus/PCI Adapter) ->
{EE8E60C5-2D07-4775-9F18-698460CFF28D} ->    (Hi-Speed USB-USB Network Adapter) ->
{F637A3EC-7F4D-4063-B855-45D0F2C37702} ->    () ->
{FBE0769C-5A05-4FB6-A2E5-0807DB0002AC} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.0t | Size = 33280 bytes | Modified Date = 29-07-2005 15:06:02 | Attr =    ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{029FDBA6-3547-11D7-AA4C-0050BF051A00} -> Rawflow ICD Client - CodeBase = http://webnode1.xstream.dk/radiostationer/rawflow/205/Rawflow.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} ->  - CodeBase = https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab ->
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} ->  - CodeBase = http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc2.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120164787296 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{6A344D34-5231-452A-8A57-D064AC9B7862} -> Symantec Download Manager - CodeBase = https://webdl.symantec.com/activex/symdlmgr.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128885834902 ->
{76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} -> IASRunner Class - CodeBase = https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> ActiveDataInfo Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -> Util Class - CodeBase = https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D8575CE3-3432-4540-88A9-85A1325D3375} -> e-Safekey - CodeBase = https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab ->


[Files - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072746496 bytes | Created Date = 02-01-1601 23:00:00 | Attr =  HS]
140207.axe -> %UserDocuments%\140207.axe ->  [Ver =  | Size = 6144 bytes | Created Date = 14-02-2007 01:01:30 | Attr =    ]
cc_20070223_0159.reg -> %UserDocuments%\cc_20070223_0159.reg ->  [Ver =  | Size = 138382 bytes | Created Date = 23-02-2007 01:59:46 | Attr =    ]
heidis konfirkmation.odt -> %UserDocuments%\heidis konfirkmation.odt ->  [Ver =  | Size = 11127 bytes | Created Date = 07-03-2007 05:10:48 | Attr =    ]
heidis konfirkmation_1.odt -> %UserDocuments%\heidis konfirkmation_1.odt ->  [Ver =  | Size = 11175 bytes | Created Date = 07-03-2007 05:13:08 | Attr =    ]
heidis konfirkmation_bradley.odt -> %UserDocuments%\heidis konfirkmation_bradley.odt ->  [Ver =  | Size = 10850 bytes | Created Date = 07-03-2007 05:13:32 | Attr =    ]
heidis konfirkmation_forte.odt -> %UserDocuments%\heidis konfirkmation_forte.odt ->  [Ver =  | Size = 10935 bytes | Created Date = 07-03-2007 05:15:25 | Attr =    ]
heidis konfirkmation_gothic light.odt -> %UserDocuments%\heidis konfirkmation_gothic light.odt ->  [Ver =  | Size = 10688 bytes | Created Date = 07-03-2007 05:14:21 | Attr =    ]
NeroBurningRom_Eng.pdf -> %UserDocuments%\NeroBurningRom_Eng.pdf ->  [Ver =  | Size = 1054836 bytes | Created Date = 23-02-2007 01:21:26 | Attr =    ]
spyhunter supportlog 200207.odt -> %UserDocuments%\spyhunter supportlog 200207.odt ->  [Ver =  | Size = 25011 bytes | Created Date = 19-02-2007 05:51:04 | Attr =    ]
SpywareScanner98981p2s2.exe -> %UserDocuments%\SpywareScanner98981p2s2.exe ->  [Ver =  | Size = 3476776 bytes | Created Date = 23-02-2007 02:48:13 | Attr =    ]
Ad-Aware SE Personal.lnk -> %AllUsersDesktop%\Ad-Aware SE Personal.lnk ->  [Ver =  | Size = 862 bytes | Created Date = 14-02-2007 01:27:30 | Attr =    ]
Iomega Discovery.lnk -> %AllUsersDesktop%\Iomega Discovery.lnk ->  [Ver =  | Size = 555 bytes | Created Date = 10-02-2007 08:27:56 | Attr =    ]
MP Navigator 2.0.lnk -> %AllUsersDesktop%\MP Navigator 2.0.lnk ->  [Ver =  | Size = 1702 bytes | Created Date = 01-03-2007 22:18:26 | Attr =    ]
Nero Home.lnk -> %AllUsersDesktop%\Nero Home.lnk ->  [Ver =  | Size = 2314 bytes | Created Date = 13-02-2007 19:46:09 | Attr =    ]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk ->  [Ver =  | Size = 2368 bytes | Created Date = 13-02-2007 19:46:09 | Attr =    ]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk ->  [Ver =  | Size = 427 bytes | Created Date = 03-03-2007 10:36:15 | Attr =    ]
Sony Ericsson PC Suite.lnk -> %AllUsersDesktop%\Sony Ericsson PC Suite.lnk ->  [Ver =  | Size = 1979 bytes | Created Date = 11-02-2007 14:34:54 | Attr =    ]
SPYWAREfighter.lnk -> %AllUsersDesktop%\SPYWAREfighter.lnk ->  [Ver =  | Size = 2032 bytes | Created Date = 17-02-2007 08:59:21 | Attr =    ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1557 bytes | Created Date = 23-02-2007 01:04:50 | Attr =    ]
CleanUp40.exe -> %UserDesktop%\CleanUp40.exe ->  [Ver =  | Size = 318775 bytes | Created Date = 03-03-2007 13:07:55 | Attr =    ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe ->  [Ver =  | Size = 5808928 bytes | Created Date = 03-03-2007 13:07:34 | Attr =    ]
Genvej til bodeling.lnk -> %UserDesktop%\Genvej til bodeling.lnk ->  [Ver =  | Size = 672 bytes | Created Date = 07-03-2007 06:38:12 | Attr =    ]
http  www.virus.ca spyware removal-instructions Huntbar.pdf -> %UserDesktop%\http  www.virus.ca spyware removal-instructions Huntbar.pdf ->  [Ver =  | Size = 109714 bytes | Created Date = 06-03-2007 04:53:04 | Attr =    ]
https  www.selvhenter.dk sh csf registration static page 25.6.pdf -> %UserDesktop%\https  www.selvhenter.dk sh csf registration static page 25.6.pdf ->  [Ver =  | Size = 31079 bytes | Created Date = 18-02-2007 12:22:47 | Attr =    ]
licens xysoft.pdf -> %UserDesktop%\licens xysoft.pdf ->  [Ver =  | Size = 57139 bytes | Created Date = 16-02-2007 18:13:48 | Attr =    ]
router.url -> %UserDesktop%\router.url ->  [Ver =  | Size = 108 bytes | Created Date = 24-02-2007 09:35:15 | Attr =    ]
SpyNoMore.lnk -> %UserDesktop%\SpyNoMore.lnk ->  [Ver =  | Size = 673 bytes | Created Date = 03-03-2007 10:31:59 | Attr =    ]
TPSpeedStat1.0.exe -> %UserDesktop%\TPSpeedStat1.0.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 1482008 bytes | Created Date = 23-02-2007 02:24:46 | Attr =    ]
tptest4.usr -> %UserDesktop%\tptest4.usr ->  [Ver =  | Size = 25 bytes | Created Date = 23-02-2007 02:24:59 | Attr =    ]
vundo remove.pdf -> %UserDesktop%\vundo remove.pdf ->  [Ver =  | Size = 233082 bytes | Created Date = 28-02-2007 05:51:03 | Attr =    ]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk ->  [Ver =  | Size = 697 bytes | Created Date = 09-02-2007 16:58:08 | Attr =    ]
Adobe Reader Hurtigstart.lnk -> %AllUsersStartup%\Adobe Reader Hurtigstart.lnk ->  [Ver =  | Size = 1778 bytes | Created Date = 03-03-2007 12:28:01 | Attr =    ]
MailWasherPro.lnk -> %UserStartup%\MailWasherPro.lnk ->  [Ver =  | Size = 859 bytes | Created Date = 03-03-2007 16:08:58 | Attr =    ]
adeeg.ini2 -> %System32%\adeeg.ini2 ->  [Ver =  | Size = 453428 bytes | Created Date = 27-02-2007 23:49:25 | Attr =  HS]
cdeeg.bak1 -> %System32%\cdeeg.bak1 ->  [Ver =  | Size = 448396 bytes | Created Date = 28-02-2007 19:47:45 | Attr =  HS]
cdeeg.ini -> %System32%\cdeeg.ini ->  [Ver =  | Size = 449997 bytes | Created Date = 28-02-2007 19:46:53 | Attr =  HS]
ElbyCDIO.dll -> %System32%\ElbyCDIO.dll -> Elaborate Bytes AG [Ver = 6, 0, 5, 6 | Size = 86016 bytes | Created Date = 01-03-2007 00:05:26 | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 23-02-2007 01:16:58 | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 23-02-2007 01:16:58 | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 23-02-2007 01:16:58 | Attr =    ]
qqtwa.ini -> %System32%\qqtwa.ini ->  [Ver =  | Size = 441650 bytes | Created Date = 28-02-2007 05:19:33 | Attr =  HS]
tvvwa.bak1 -> %System32%\tvvwa.bak1 ->  [Ver =  | Size = 445495 bytes | Created Date = 28-02-2007 04:22:14 | Attr =  HS]
tvvwa.ini2 -> %System32%\tvvwa.ini2 ->  [Ver =  | Size = 447616 bytes | Created Date = 28-02-2007 04:37:19 | Attr =  HS]
tvvwa.tmp -> %System32%\tvvwa.tmp ->  [Ver =  | Size = 446281 bytes | Created Date = 28-02-2007 04:22:11 | Attr =  HS]
windrv.sys -> %System32%\windrv.sys ->  [Ver =  | Size = 1152 bytes | Created Date = 03-03-2007 10:32:26 | Attr =    ]
ybadd.ini2 -> %System32%\ybadd.ini2 ->  [Ver =  | Size = 447425 bytes | Created Date = 28-02-2007 00:18:51 | Attr =  HS]
ybadd.tmp -> %System32%\ybadd.tmp ->  [Ver =  | Size = 446596 bytes | Created Date = 28-02-2007 00:16:15 | Attr =  HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 77000 bytes | Created Date = 05-03-2007 16:24:46 | Attr =    ]
ElbyCDIO.sys -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Created Date = 28-02-2007 21:56:07 | Attr =    ]
RegKill.sys -> %System32%\drivers\RegKill.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Created Date = 16-02-2007 01:56:49 | Attr =    ]

[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 194 bytes | Modified Date = 03-03-2007 12:27:10 | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072746496 bytes | Modified Date = 09-03-2007 13:03:36 | Attr =  HS]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 66680 bytes | Modified Date = 23-02-2007 02:40:38 | Attr =    ]
140207.axe -> %UserDocuments%\140207.axe ->  [Ver =  | Size = 6144 bytes | Modified Date = 14-02-2007 01:01:32 | Attr =    ]
cc_20070223_0159.reg -> %UserDocuments%\cc_20070223_0159.reg ->  [Ver =  | Size = 138382 bytes | Modified Date = 23-02-2007 02:00:30 | Attr =    ]
diesel.ods -> %UserDocuments%\diesel.ods ->  [Ver =  | Size = 29674 bytes | Modified Date = 03-03-2007 16:32:14 | Attr =    ]
heidis konfirkmation.odt -> %UserDocuments%\heidis konfirkmation.odt ->  [Ver =  | Size = 11127 bytes | Modified Date = 07-03-2007 05:12:18 | Attr =    ]
heidis konfirkmation_1.odt -> %UserDocuments%\heidis konfirkmation_1.odt ->  [Ver =  | Size = 11175 bytes | Modified Date = 07-03-2007 05:13:10 | Attr =    ]
heidis konfirkmation_bradley.odt -> %UserDocuments%\heidis konfirkmation_bradley.odt ->  [Ver =  | Size = 10850 bytes | Modified Date = 07-03-2007 05:13:34 | Attr =    ]
heidis konfirkmation_forte.odt -> %UserDocuments%\heidis konfirkmation_forte.odt ->  [Ver =  | Size = 10935 bytes | Modified Date = 07-03-2007 05:15:32 | Attr =    ]
heidis konfirkmation_gothic light.odt -> %UserDocuments%\heidis konfirkmation_gothic light.odt ->  [Ver =  | Size = 10688 bytes | Modified Date = 07-03-2007 05:14:22 | Attr =    ]
NeroBurningRom_Eng.pdf -> %UserDocuments%\NeroBurningRom_Eng.pdf ->  [Ver =  | Size = 1054836 bytes | Modified Date = 23-02-2007 01:21:28 | Attr =    ]
spyhunter supportlog 200207.odt -> %UserDocuments%\spyhunter supportlog 200207.odt ->  [Ver =  | Size = 25011 bytes | Modified Date = 19-02-2007 05:51:10 | Attr =    ]
SpywareScanner98981p2s2.exe -> %UserDocuments%\SpywareScanner98981p2s2.exe ->  [Ver =  | Size = 3476776 bytes | Modified Date = 23-02-2007 02:48:38 | Attr =    ]
Ad-Aware SE Personal.lnk -> %AllUsersDesktop%\Ad-Aware SE Personal.lnk ->  [Ver =  | Size = 862 bytes | Modified Date = 14-02-2007 01:27:32 | Attr =    ]
AnyDVD.lnk -> %AllUsersDesktop%\AnyDVD.lnk ->  [Ver =  | Size = 769 bytes | Modified Date = 06-03-2007 20:06:24 | Attr =    ]
Iomega Discovery.lnk -> %AllUsersDesktop%\Iomega Discovery.lnk ->  [Ver =  | Size = 555 bytes | Modified Date = 10-02-2007 08:27:58 | Attr =    ]
MP Navigator 2.0.lnk -> %AllUsersDesktop%\MP Navigator 2.0.lnk ->  [Ver =  | Size = 1702 bytes | Modified Date = 01-03-2007 22:18:28 | Attr =    ]
Nero Home.lnk -> %AllUsersDesktop%\Nero Home.lnk ->  [Ver =  | Size = 2314 bytes | Modified Date = 13-02-2007 19:46:10 | Attr =    ]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk ->  [Ver =  | Size = 2368 bytes | Modified Date = 13-02-2007 19:46:10 | Attr =    ]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk ->  [Ver =  | Size = 427 bytes | Modified Date = 03-03-2007 10:36:16 | Attr =    ]
Sony Ericsson PC Suite.lnk -> %AllUsersDesktop%\Sony Ericsson PC Suite.lnk ->  [Ver =  | Size = 1979 bytes | Modified Date = 11-02-2007 14:34:56 | Attr =    ]
SPYWAREfighter.lnk -> %AllUsersDesktop%\SPYWAREfighter.lnk ->  [Ver =  | Size = 2032 bytes | Modified Date = 17-02-2007 08:59:22 | Attr =    ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1557 bytes | Modified Date = 07-03-2007 04:37:40 | Attr =    ]
CleanUp40.exe -> %UserDesktop%\CleanUp40.exe ->  [Ver =  | Size = 318775 bytes | Modified Date = 03-03-2007 13:08:04 | Attr =    ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe ->  [Ver =  | Size = 5808928 bytes | Modified Date = 03-03-2007 13:08:24 | Attr =    ]
Genvej til bodeling.lnk -> %UserDesktop%\Genvej til bodeling.lnk ->  [Ver =  | Size = 672 bytes | Modified Date = 07-03-2007 06:38:14 | Attr =    ]
http  www.virus.ca spyware removal-instructions Huntbar.pdf -> %UserDesktop%\http  www.virus.ca spyware removal-instructions Huntbar.pdf ->  [Ver =  | Size = 109714 bytes | Modified Date = 06-03-2007 04:53:16 | Attr =    ]
https  www.selvhenter.dk sh csf registration static page 25.6.pdf -> %UserDesktop%\https  www.selvhenter.dk sh csf registration static page 25.6.pdf ->  [Ver =  | Size = 31079 bytes | Modified Date = 18-02-2007 12:22:54 | Attr =    ]
licens xysoft.pdf -> %UserDesktop%\licens xysoft.pdf ->  [Ver =  | Size = 57139 bytes | Modified Date = 16-02-2007 18:14:16 | Attr =    ]
router.url -> %UserDesktop%\router.url ->  [Ver =  | Size = 108 bytes | Modified Date = 03-03-2007 16:16:38 | Attr =    ]
Skandiabanken.url -> %UserDesktop%\Skandiabanken.url ->  [Ver =  | Size = 167 bytes | Modified Date = 04-03-2007 22:57:40 | Attr =    ]
SpyNoMore.lnk -> %UserDesktop%\SpyNoMore.lnk ->  [Ver =  | Size = 673 bytes | Modified Date = 03-03-2007 10:32:00 | Attr =    ]
TPSpeedStat1.0.exe -> %UserDesktop%\TPSpeedStat1.0.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 1482008 bytes | Modified Date = 23-02-2007 02:07:26 | Attr =    ]
tptest4.usr -> %UserDesktop%\tptest4.usr ->  [Ver =  | Size = 25 bytes | Modified Date = 23-02-2007 02:25:00 | Attr =    ]
vundo remove.pdf -> %UserDesktop%\vundo remove.pdf ->  [Ver =  | Size = 233082 bytes | Modified Date = 28-02-2007 05:51:10 | Attr =    ]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk ->  [Ver =  | Size = 697 bytes | Modified Date = 09-03-2007 13:15:56 | Attr =    ]
MailWasherPro.lnk -> %UserStartup%\MailWasherPro.lnk ->  [Ver =  | Size = 859 bytes | Modified Date = 03-03-2007 16:09:00 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 09-03-2007 13:03:46 | Attr =  S]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 11-02-2007 12:53:16 | Attr =    ]
setupapi.log.3.old -> %SystemRoot%\setupapi.log.3.old ->  [Ver =  | Size = 1079192 bytes | Modified Date = 14-02-2007 04:39:48 | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 03-03-2007 12:27:10 | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 820 bytes | Modified Date = 03-03-2007 12:27:10 | Attr =    ]
WINCMD.INI -> %SystemRoot%\WINCMD.INI ->  [Ver =  | Size = 2356 bytes | Modified Date = 05-03-2007 01:53:22 | Attr =    ]
WirelessFTP.INI -> %SystemRoot%\WirelessFTP.INI ->  [Ver =  | Size = 97 bytes | Modified Date = 05-03-2007 02:15:58 | Attr =    ]
zip995.ini -> %SystemRoot%\zip995.ini ->  [Ver =  | Size = 26 bytes | Modified Date = 05-03-2007 02:50:02 | Attr =    ]
adeeg.bak1 -> %System32%\adeeg.bak1 ->  [Ver =  | Size = 451242 bytes | Modified Date = 24-02-2007 02:37:20 | Attr =  HS]
adeeg.bak2 -> %System32%\adeeg.bak2 ->  [Ver =  | Size = 451889 bytes | Modified Date = 27-02-2007 18:50:44 | Attr =  HS]
adeeg.ini2 -> %System32%\adeeg.ini2 ->  [Ver =  | Size = 453428 bytes | Modified Date = 27-02-2007 23:55:16 | Attr =  HS]
aebcdebefd_d.ocx -> %System32%\aebcdebefd_d.ocx ->  [Ver =  | Size = 41 bytes | Modified Date = 03-03-2007 12:21:56 | Attr =    ]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 03-03-2007 17:10:38 | Attr =    ]
cdeeg.bak1 -> %System32%\cdeeg.bak1 ->  [Ver =  | Size = 448396 bytes | Modified Date = 28-02-2007 19:47:46 | Attr =  HS]
cdeeg.ini -> %System32%\cdeeg.ini ->  [Ver =  | Size = 449997 bytes | Modified Date = 28-02-2007 20:03:40 | Attr =  HS]
ElbyCDIO.dll -> %System32%\ElbyCDIO.dll -> Elaborate Bytes AG [Ver = 6, 0, 5, 6 | Size = 86016 bytes | Modified Date = 01-03-2007 00:05:28 | Attr =    ]
fabccbca_d.dll -> %System32%\fabccbca_d.dll ->  [Ver =  | Size = 41 bytes | Modified Date = 03-03-2007 12:21:56 | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 265416 bytes | Modified Date = 23-02-2007 02:36:54 | Attr =    ]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 03-03-2007 17:10:38 | Attr =    ]
perfc006.dat -> %System32%\perfc006.dat ->  [Ver =  | Size = 81072 bytes | Modified Date = 24-02-2007 05:34:20 | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 70158 bytes | Modified Date = 24-02-2007 05:34:20 | Attr =    ]
perfh006.dat -> %System32%\perfh006.dat ->  [Ver =  | Size = 433430 bytes | Modified Date = 24-02-2007 05:34:20 | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 419092 bytes | Modified Date = 24-02-2007 05:34:20 | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 1017204 bytes | Modified Date = 24-02-2007 05:34:20 | Attr =    ]
qqtwa.bak1 -> %System32%\qqtwa.bak1 ->  [Ver =  | Size = 451184 bytes | Modified Date = 28-02-2007 05:19:56 | Attr =  HS]
qqtwa.bak2 -> %System32%\qqtwa.bak2 ->  [Ver =  | Size = 450819 bytes | Modified Date = 28-02-2007 05:19:50 | Attr =  HS]
qqtwa.ini2 -> %System32%\qqtwa.ini2 ->  [Ver =  | Size = 451270 bytes | Modified Date = 28-02-2007 05:57:48 | Attr =  HS]
tvvwa.bak1 -> %System32%\tvvwa.bak1 ->  [Ver =  | Size = 445495 bytes | Modified Date = 28-02-2007 04:22:16 | Attr =  HS]
tvvwa.ini2 -> %System32%\tvvwa.ini2 ->  [Ver =  | Size = 447616 bytes | Modified Date = 28-02-2007 05:04:40 | Attr =  HS]
tvvwa.tmp -> %System32%\tvvwa.tmp ->  [Ver =  | Size = 446281 bytes | Modified Date = 28-02-2007 04:37:20 | Attr =  HS]
windrv.sys -> %System32%\windrv.sys ->  [Ver =  | Size = 1152 bytes | Modified Date = 03-03-2007 10:32:28 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 09-03-2007 13:04:52 | Attr =    ]
ybadd.ini2 -> %System32%\ybadd.ini2 ->  [Ver =  | Size = 447425 bytes | Modified Date = 28-02-2007 00:28:02 | Attr =  HS]
ybadd.tmp -> %System32%\ybadd.tmp ->  [Ver =  | Size = 446596 bytes | Modified Date = 28-02-2007 00:18:52 | Attr =  HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 77000 bytes | Modified Date = 05-03-2007 16:24:48 | Attr =    ]
ElbyCDIO.sys -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 28-02-2007 21:56:08 | Attr =    ]
RegKill.sys -> %System32%\drivers\RegKill.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 16-02-2007 01:56:50 | Attr =    ]

< End of report >
Avatar billede ejvindh Ekspert
11. marts 2007 - 23:17 #5
-- Gå ind i kontrolpanel-tilføj/fjern programmer, og se om du kan få lov til at afinstallere følgende programmer:
SweetIm
Download Accellerator

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind.

-- Kør WinPFind3U fra WinPFind3U-mappen igen. Kopier indholdet mellem de bølgede linier ind i det hvide felt til højre (højreklik på feltet og vælg "sæt ind"/"paste"):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> sweetim.exe -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe
[Win32 Services - Non-Microsoft Only]
YY -> (EpgSpooler) Pinnacle Systems tvtv Spooler [Win32_Own | Auto | Stopped] ->
YY -> (LBTServ) Logitech Bluetooth Service [Win32_Own | Auto | Stopped] ->
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
YN -> {BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu]
[Files - Created Within 30 days]
NY -> adeeg.ini2 -> %System32%\adeeg.ini2
NY -> cdeeg.bak1 -> %System32%\cdeeg.bak1
NY -> cdeeg.ini -> %System32%\cdeeg.ini
NY -> qqtwa.ini -> %System32%\qqtwa.ini
NY -> tvvwa.bak1 -> %System32%\tvvwa.bak1
NY -> tvvwa.ini2 -> %System32%\tvvwa.ini2
NY -> tvvwa.tmp -> %System32%\tvvwa.tmp
NY -> windrv.sys -> %System32%\windrv.sys
NY -> ybadd.ini2 -> %System32%\ybadd.ini2
NY -> ybadd.tmp -> %System32%\ybadd.tmp
[Start Explorer]
[Reboot]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Klik herefter på "Run Fix", og følg instruksionerne, der gives. Din computer vil nu genstarte. Efter genstart skal du åbne WinPFindu-mappen igen. Her vil nu ligge en log, hvis navn består af en masse numre - den skal du kopiere herind. Du behøver i første omgang ikke lægge en ny log fra Winpfind3u herind.
Avatar billede gert_hahn Novice
12. marts 2007 - 19:20 #6
VBG.txt:

[03/12/2007, 17:01:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gert\Skrivebord\VirtumundoBeGone.exe" )
[03/12/2007, 17:02:04] - Detected System Information:
[03/12/2007, 17:02:04] -  Windows Version: 5.1.2600, Service Pack 2
[03/12/2007, 17:02:04] -  Current Username: Gert (Admin)
[03/12/2007, 17:02:04] -  Windows is in NORMAL mode.
[03/12/2007, 17:02:04] - Searching for Browser Helper Objects:
[03/12/2007, 17:02:04] -  BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/12/2007, 17:02:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2007, 17:02:04] -  Checking for HKLM\...\Winlogon\Notify\NppBho
[03/12/2007, 17:02:04] -  Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/12/2007, 17:02:04] - Finished Searching Browser Helper Objects
[03/12/2007, 17:02:04] - Finishing up...
[03/12/2007, 17:02:04] - Nothing found! Exiting...
Avatar billede gert_hahn Novice
12. marts 2007 - 19:22 #7
Winpfindu log efter clean:
Explorer killed successfully
[Processes - Non-Microsoft Only]
Process sweetim.exe killed successfully.
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service EpgSpooler stopped successfully.
Service EpgSpooler deleted successfully.
File  not found.
Service LBTServ stopped successfully.
Service LBTServ deleted successfully.
File  not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
File C:\Programmer\Macrogaming\SweetIM\SweetIM.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\DAP_ShredMenu not found.
[Files - Created Within 30 days]
C:\WINDOWS\SYSTEM32\adeeg.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\cdeeg.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\cdeeg.ini moved successfully.
C:\WINDOWS\SYSTEM32\qqtwa.ini moved successfully.
C:\WINDOWS\SYSTEM32\tvvwa.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\tvvwa.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\tvvwa.tmp moved successfully.
C:\WINDOWS\SYSTEM32\windrv.sys moved successfully.
C:\WINDOWS\SYSTEM32\ybadd.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\ybadd.tmp moved successfully.
< End of log >
Created on 03-12-2007 17:05:40
Avatar billede gert_hahn Novice
12. marts 2007 - 19:30 #8
Dette var de 2 logs, du bad mig om - men IBIS er der stadig - iflg. xoftspy. Det program fortæller at den ligger i  software\folder manager, men jeg kan ski ikke finde den.....
Avatar billede gert_hahn Novice
12. marts 2007 - 19:38 #9
Til gengæld kan jeg finde nogle filer, der ligger tilbage med samme navn, men forskellig type, som dem, der er fjernet af wpfind3u. Det er f.eks.
adeeg: bak1, bak2, ini, tmp
qqtwa:  bak1, bak2, ini2, tmp
windrv.sys ligger der stadig, selvom den skulle være fjernet.
????? Ser det rigtigt ud?
Avatar billede ejvindh Ekspert
12. marts 2007 - 21:58 #10
Kan du ikke prøve at lægge de præcise oplysninger som Xoftspy giver dig.

Prøv også at lave en rootkitscanning:
Download Rootkit Unhooker herfra:
http://rku.xell.ru/?l=e&a=dl
Installér programmet. Kør så RKU. Klik på Setup-"Extended mode". Du vil så blive bedt om at genstarte, hvilket du skal gøre. Kør så Rootkit Unhooker igen, klik på fanebladet "Report", klik på knappen "Scan". Lad programmet skanne færdig, klik på "File-Save Report", og gem rapporten et sted, hvor du kan finde den igen. Læg indholdet af denne rapport herind.
Avatar billede gert_hahn Novice
15. marts 2007 - 05:16 #11
Det er ikke så ligetil, idet jeg ikke kan køre rku - den kommer på et tidspunkt efter laaaaang tid og meddeler at der er en fejl, og at programmet afsluttes.
Mht. xoftspy, så meddeler progr. bare, at den finder ibis/hunt toolbar og kilden er software/folder manager, og nix weiter. Eneste mulighed jeg har er at fjerne den. Ved en efterfølgende scanning er den så godt nok også væk, men efter reboot kommer den igen - og systemgendannelse er deaktiveret...
Har lige kørt spybot - den fandt at windows security center var disablet - og ved et tilfælde ville jeg gå til placeringen af den key.... software/folder manager. Ved ikke om det har noget at sige, men pudsigt er det da. Så nu prøver jeg at aktivere sec.center, og så kigger jeg på det i aften..
Avatar billede ejvindh Ekspert
15. marts 2007 - 14:01 #12
Prøv om du kan få lov at køre rku fra fejlsikret tilstand.
Avatar billede gert_hahn Novice
15. marts 2007 - 21:57 #13
Spooky spooky - har lige opdateret xoftspy og så er ibis tilsyneladende væk. rku kunne ikke køre fra fejlsikret tilstand. der var en service, der ikke kunne startes. Så jeg ved snart ikke helt. Nu vil jeg prøve at se, om den vender tilbage....
Det er bare surt ikke at vide, hvad der er lavet for at få skidtet til at forsvinde, ikke. Men tak for hjælpen alligevel.
'
Avatar billede ejvindh Ekspert
15. marts 2007 - 22:25 #14
Det kan jo også have været en falsk positiv fra xoftspy, som nu er rettet. ;-)

Du er velkommen :-)
Avatar billede gert_hahn Novice
05. april 2007 - 20:33 #15
Tjah, det er sommetider den mest nærliggende løsning, der virker. Xoftspy laver en log, når den finder noget, og den angav lokale indstillinger/temp som biblioteket, hvor filen angiveligt var. Efter at have slettet temp-biblioteket, forsvandt advarslen. Så problemet er løst.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 09:43 AI google.com Af Peter Olsen i Andre onlineløsninger
31/0310:22 Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel
30/0313:45 Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
30/0312:04 Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08 Problemer med replay af købte kursusvideoer Af annam i Browsere
White papers
Flere white papers »