CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Olguin Nybegynder
13. juni 2010 - 00:30 Der er 22 kommentarer og
1 løsning

Virus på computeren og/eller den eksterne harddisk.

Hej alle.

Jeg er kommet ud for den trælse "ulykke"; at have fået virus på computeren. Flere gange (dog kan det ske med dages mellemrum) popper beskeder op, som nævner jeg har fået en af de såkaldte 'trojanske heste' på min computer.

Det skal dog nævnes nu fra start, at jeg ikke er nogen ørn indenfor computer, men har dog en generel viden omkring det.

Mit problem er, at jeg på trods af at have kørt utallige scans bl.a. med KasperSky, SUPERAntiSpyware og !avast Antivirus som alle fortæller mig af de har fjernet x antal skadelige filer/virusser, stadig får disse pop up beskeder ang. virus på computeren.

Derudover købte jeg en ekstern for nogle måneder siden, som jeg flittigt har brugt uden jeg har opdaget nogen problemer. Men da jeg så en dag kobler den på en andens pc, poppede der med det samme en besked frem, på vedkommendes pc, som fortalte at der var virus på min ekstern. Det undrer mig dog at jeg aldrig selv har fået sådan en pop up på min egen pc, når jeg kobler den eksterne til.

Min frygt er derfor at jeg har skaffet mig virus på både min bærbar samt min eksterne harddisk.

Desværre har jeg uden held, nu prøvet med hele min, begrænsede, viden indenfor computer og virus at fjerne det skidt der ligger på computeren og/eller den eksterne. Jeg håber derfor at nogle herinde ville være i stand til, på en eller anden måde, at hjælpe og forklare hvad jeg kan gøre for at fjerne virus/virusserne på min bærbar samt eksterne harddisk. Det ville være en enorm hjælp!

På forhånd tak :-)
Avatar billede Olguin Nybegynder
13. juni 2010 - 00:45 #1
Forresten glemte jeg lige at poste logfilen. 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:42:36, on 13-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wm.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hogisauv.hogym.anet.dk:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\All Users\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [lgccxoo] C:\WINDOWS\system32\1qbssne.exe
O4 - HKCU\..\Run: [wwriidu] C:\WINDOWS\system32\v0bxss6ee.exe
O4 - HKCU\..\Run: [vmmhy] C:\WINDOWS\system32\6cc6oo6.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ijeaa] C:\WINDOWS\system32\1okkfww.exe
O4 - HKCU\..\Run: [qrmmiyy] C:\WINDOWS\system32\je1awwriid.exe
O4 - HKCU\..\Run: [mxssoek] C:\WINDOWS\system32\kkfwwriidu.exe
O4 - HKCU\..\Run: [vqqmcc] C:\WINDOWS\system32\2lgg6ss.exe
O4 - HKCU\..\Run: [xnnjzz] C:\WINDOWS\system32\0hdyy6k.exe
O4 - HKCU\..\Run: [rniieuu] C:\WINDOWS\system32\q9m1ieezqq.exe
O4 - HKCU\..\Run: [cdyuu] C:\WINDOWS\system32\ssneezqq.exe
O4 - HKCU\..\Run: [hddojkv] C:\WINDOWS\system32\ccsty86k.exe
O4 - HKCU\..\Run: [palmhxy] C:\WINDOWS\system32\zvqrw81it.exe
O4 - HKCU\..\Run: [bxss6e] C:\WINDOWS\system32\zqqlccxooja.exe
O4 - HKCU\..\Run: [jzzvllh] C:\WINDOWS\system32\xtjjfvvrhh.exe
O4 - HKCU\..\Run: [kggbs] C:\WINDOWS\system32\3wwriid.exe
O4 - HKCU\..\Run: [ghcyytk] C:\WINDOWS\system32\jfvvrhhd.exe
O4 - HKCU\..\Run: [bchdyy6] C:\WINDOWS\system32\o9k1gccxoo.exe
O4 - HKCU\..\Run: [pklqm1n] C:\WINDOWS\system32\yoe0fvb66s.exe
O4 - HKCU\..\Run: [cydopk1] C:\WINDOWS\system32\i1yze81q.exe
O4 - HKCU\..\Run: [zkpalm] C:\WINDOWS\system32\0lq86c8.exe
O4 - HKCU\..\Run: [ssneezq] C:\WINDOWS\system32\0iiduup.exe
O4 - HKCU\..\Run: [fgb0h] C:\WINDOWS\system32\fwwriidu.exe
O4 - HKCU\..\Run: [bgcss6e] C:\WINDOWS\system32\0kkfwwr.exe
O4 - HKCU\..\Run: [afbww] C:\WINDOWS\system32\pggbssne.exe
O4 - HKCU\..\Run: [zpplbbx] C:\WINDOWS\system32\riiduupggbs.exe
O4 - HKCU\..\Run: [idejf] C:\WINDOWS\system32\lgg6ss6ee6q.exe
O4 - HKCU\..\Run: [ukkgww6] C:\WINDOWS\system32\9u1qmmh.exe
O4 - HKCU\..\Run: [fgbchd] C:\WINDOWS\system32\70rnii6.exe
O4 - HKCU\..\Run: [xttpfv] C:\WINDOWS\system32\gccxoojaav.exe
O4 - HKCU\..\Run: [hdttpf] C:\WINDOWS\system32\hdyypfvv.exe
O4 - HKCU\..\Run: [zuvqmmh] C:\WINDOWS\system32\e6qq6cc6.exe
O4 - HKCU\..\Run: [tpkk6w] C:\WINDOWS\system32\9u1qmmh.exe
O4 - HKCU\..\Run: [ghcc6] C:\WINDOWS\system32\upggbssnee.exe
O4 - HKCU\..\Run: [tjjfv] C:\WINDOWS\system32\1eaavmm.exe
O4 - HKCU\..\Run: [jfvvr] C:\WINDOWS\system32\o70plgg6s.exe
O4 - HKCU\..\Run: [oefk8] C:\WINDOWS\system32\c86o81almhx.exe
O4 - HKCU\..\Run: [wssne] C:\WINDOWS\system32\1miiduu.exe
O4 - HKCU\..\Run: [dyzuq] C:\WINDOWS\system32\g3iiduupggb.exe
O4 - HKCU\..\Run: [uvaw1x] C:\WINDOWS\system32\av03m0nd.exe
O4 - HKCU\..\Run: [wmnso1e] C:\WINDOWS\system32\g1x70eeu.exe
O4 - HKCU\..\Run: [ezavw81] C:\WINDOWS\system32\91ufgbr.exe
O4 - HKCU\..\Run: [mmiyy6] C:\WINDOWS\system32\wwriiduupg.exe
O4 - HKCU\..\Run: [iejzf6] C:\WINDOWS\system32\1j70qqg.exe
O4 - HKCU\..\Run: [bssnee] C:\WINDOWS\system32\9c1yuup.exe
O4 - HKCU\..\Run: [ufgbrsn] C:\WINDOWS\system32\e81qbcxno.exe
O4 - HKCU\..\Run: [lmhn60] C:\WINDOWS\system32\e81qbcxd60f.exe
O4 - HKCU\..\Run: [upfgb] C:\WINDOWS\system32\1vfbwxc.exe
O4 - HKCU\..\Run: [tjjfvv] C:\WINDOWS\system32\6oo6aa6.exe
O4 - HKCU\..\Run: [zvqrw8] C:\WINDOWS\system32\0bg86s8.exe
O4 - HKCU\..\Run: [notpfvv] C:\WINDOWS\system32\riiduupg.exe
O4 - HKCU\..\Run: [mniojfv] C:\WINDOWS\system32\riiduupg.exe
O4 - HKCU\..\Run: [hhsno] C:\WINDOWS\system32\e86q81i91o3.exe
O4 - HKCU\..\Run: [efawwr] C:\WINDOWS\system32\no70plbrrn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: setup_9.0.0.722_23.05.2010_21-29.lnk = C:\Documents and Settings\All Users\Desktop\Virus Removal Tool\setup_9.0.0.722_23.05.2010_21-29\startup.exe
O4 - Global Startup: Copy_all.lnk = Steins_C\Copy_all.bat
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://virtualoffice3.eurofins.dk/NELX.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/tdc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\system32\wm.exe

--
End of file - 19960 bytes
Avatar billede f-arn Guru
13. juni 2010 - 02:04 #2
Min frygt er derfor at jeg har skaffet mig virus på både min bærbar samt min eksterne harddisk

Hvis den log er fra en bærbar så.....

"Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

NB Når du opdaterer Malwarebytes, så klik på "Tjek for opdatering" til den skriver at der ikke er flere opdateringer.

------

Hent og gem Combofix på dit skrivebord som alg.exe:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start alg.exe og følg anvisningerne.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind sammen med loggen fra Malwarebytes.
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2010 - 10:54 #3
Velkommen til E. ...

YFFER PYFFER!!!
Den er pænt 'gal' !!! Hvad har du haft gang i ?
Desuden rester (?) fra Symantec/Norton - SUK
Har du noget [Novell] halløj kørende ?
De mangler også en håndfuld WindowsUpdate elementer; bla IE8. Selvom du bruger alternativ Browser (Chrome), så SKAL IE (MS Internet Exolorer) være opdateret da banditter finder den vej...

Følg guiden fra <f-arn> !!!
Avatar billede f-arn Guru
13. juni 2010 - 11:14 #4
Symantec Endpoint Protection har intet med Norton at gøre, bortset fra at begge laves af Symantec.
Det er som at sammenligne gulerødder og kartofler. De gror begge i jorden  :-)

Så langt nåede jeg dog ikke inat  :)
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2010 - 11:19 #5
... men [Avast!] bør tihvertifald ikke køre sammen med SEP...
PS: Ligner en FIRMAPC ?
Avatar billede f-arn Guru
13. juni 2010 - 11:41 #6
Ligner en FIRMAPC

Der ligger da noget software, jeg ikke lige ville forvente på en privat PC.
Jeg ville ihvertfald ikke tilråde at køre SEP og Avast på samme PC.
Avatar billede Olguin Nybegynder
13. juni 2010 - 14:47 #7
Punkt 1 som du, F-arn, beskriver har jeg gjort. Det gav dette resultat:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4192

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13-06-2010 10:40:40
mbam-log-2010-06-13 (10-40-40).txt

Skanningstype: Hurtig skanning
Objekter skannet: 169104
Tid gået: 18 minut(ter), 37 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\unikorn (Trojan.Agent) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-4907887991-8665137246-513677350-0988\rundll32.exe,explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\WINDOWS\system32\drivers\02401411.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully.


Det skal dog nævnes at der til sidst poppede en besked frem som sagde "Nogle objekter kunne ikke fjernes"

_____________________________________________

Da jeg så skulle i gang med punkt 2, det med combofix'en, fortæller den mig at jeg har Avast og Symantec kørende som jeg skal afslutte. Avast er intet problem, men det er Symantec derimod. Jeg har ikke mulighed for at gå ind i indstillingerne i Symantec da de er simpelthen er låst. Da jeg så i stedet prøver at afinstallere Symantec beder den om en kode som jeg desværre ikke selv er i besiddelse af. Det hænger måske sammen med, at Symantec er noget vi har fået udleveret fra det gymnasium jeg går på, som kræver vi alle bruger det.
Jeg er derfor i tvivl nu hvad jeg skal gøre; fortsætte combofix dog med Symantec kørende, eller evt. noget andet?


@karise_larry
Det hænger sådan sammen at denne bærbar er en tidligere firmapc, som jeg så derefter har overtaget. Derfor ligger der ting som Novell på den (og garanteret også andre ting jeg ikke er klar over).

Mvh. Olguin.
Avatar billede f-arn Guru
13. juni 2010 - 16:13 #8
Da jeg så i stedet prøver at afinstallere Symantec beder den om en kode som jeg desværre ikke selv er i besiddelse af. Det hænger måske sammen med, at Symantec er noget vi har fået udleveret fra det gymnasium jeg går på, som kræver vi alle bruger det.

Det lyder helt skørt. På en privat PC. Hvornår skal du snakke med dem igen?

------

Lad os prøve om vi kan komme uden om det.

Hent OTS af oldtimer:
http://oldtimer.geekstogo.com/OTS.exe

Sidste gang jeg prøvede det herinde, var forumsoftware desværre så flabet, at den skar så meget af linierne at loggen blev ubrugelig.

Dobbeltklik på OTS.exe
Vælg quick scan.
Læg loggen herind. Pas på at du får det hele med.
Avatar billede Olguin Nybegynder
13. juni 2010 - 16:37 #9
Ja helt skørt er det, men eftersom det var et krav for at kunne komme på deres net, var der intet andet at gøre end installere Symantec.

Jeg ved ikke om de er at finde deroppe pt., men om ikke andet kan jeg skrive en mail til dem.

________________

Her er loggen:

[code]
OTS logfile created on: 13-06-2010 16:28:14 - Run 1
OTS by OldTimer - Version 3.1.31.2    Folder = C:\Documents and Settings\All Users\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

1.015,00 Mb Total Physical Memory | 330,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 8,09 Gb Free Space | 12,06% Space Free | Partition Type: NTFS
Drive D: | 7,43 Gb Total Space | 0,70 Gb Free Space | 9,40% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LHP-09ESSO
Current User Name: All Users
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Sebastian\My Documents\Downloads\OTS.exe -> [2010-06-13 16:27:39 | 000,640,000 | ---- | M] (OldTimer Tools)
chrome.exe -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2010-06-02 07:57:48 | 000,945,648 | ---- | M] (Google Inc.)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010-02-18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
idman.exe -> C:\Program Files\Internet Download Manager\IDMan.exe -> [2010-01-29 17:24:14 | 003,179,952 | ---- | M] (Tonec Inc.)
autoupdatesrv.exe -> C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe -> [2009-11-26 11:06:44 | 000,667,648 | ---- | M] (Birdstep Technology)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2009-11-02 09:00:39 | 001,455,432 | ---- | M] (Symantec Corporation)
rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009-11-02 09:00:37 | 002,477,304 | ---- | M] (Symantec Corporation)
iemonitor.exe -> C:\Program Files\Internet Download Manager\IEMonitor.exe -> [2009-10-15 11:51:51 | 000,263,600 | ---- | M] (Tonec Inc.)
cnmnsut.exe -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe -> [2009-05-19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.)
bjmyprt.exe -> C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE -> [2009-03-23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008-09-15 19:04:05 | 000,068,856 | ---- | M] (Google Inc.)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
policy.client.invoker.exe -> C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -> [2007-11-30 06:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.)
tmcsvc.exe -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
localsch.exe -> C:\Program Files\LANDesk\LDClient\LocalSch.EXE -> [2007-11-30 06:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.)
collector.exe -> C:\Program Files\LANDesk\LDClient\collector.exe -> [2007-11-30 06:09:10 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.)
issuser.exe -> C:\Program Files\LANDesk\LDClient\issuser.exe -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
rcgui.exe -> C:\Program Files\LANDesk\LDClient\rcgui.exe -> [2007-11-30 05:54:12 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.)
residentagent.exe -> C:\Program Files\LANDesk\Shared Files\residentAgent.exe -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
neservice.exe -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -> [2007-10-24 02:09:28 | 000,296,368 | ---- | M] (SonicWALL Inc.)
negui.exe -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -> [2007-10-24 02:09:26 | 000,562,608 | ---- | M] (SonicWALL Inc.)
pds.exe -> C:\WINDOWS\system32\cba\pds.exe -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2007-01-05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.)
fwcagent.exe -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006-12-09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation)
fwcmgmt.exe -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe -> [2006-12-09 19:04:10 | 000,117,568 | ---- | M] (Microsoft (R) Corporation)
winvnc4.exe -> C:\Program Files\RealVNC\VNC4\winvnc4.exe -> [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.)
wm.exe -> C:\WINDOWS\system32\wm.exe -> [2003-03-27 14:38:56 | 000,110,665 | ---- | M] (Novell, Inc.)
omtsreco.exe -> C:\oracle\ora92\bin\omtsreco.exe -> [2002-04-30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation)
nwtray.exe -> C:\WINDOWS\system32\nwtray.exe -> [2002-03-12 10:37:28 | 000,028,672 | ---- | M] (Novell, Inc.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Sebastian\My Documents\Downloads\OTS.exe -> [2010-06-13 16:27:39 | 000,640,000 | ---- | M] (OldTimer Tools)
idmmkb.dll -> C:\Program Files\Internet Download Manager\idmmkb.dll -> [2009-03-26 17:35:39 | 000,034,224 | ---- | M] (Tonec Inc.)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008-04-14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Smcinst) Symantec Auto-upgrade Agent [On_Demand | Stopped] ->  -> File not found
(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2009-11-02 09:00:38 | 000,341,320 | ---- | M] (Symantec Corporation)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009-11-02 09:00:37 | 002,477,304 | ---- | M] (Symantec Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2009-07-13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation)
(SMServer) SMServer [On_Demand | Stopped] -> C:\WINDOWS\System32\snmvtsvc.exe -> [2009-02-03 13:47:14 | 000,237,568 | ---- | M] (SMServer)
(Softmon) LANDesk(R) Software Monitoring Service [Auto | Stopped] -> C:\Program Files\LANDesk\LDClient\softmon.exe -> [2007-12-06 16:35:30 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.)
(LANDesk Policy Invoker) LANDesk Policy Invoker [Auto | Running] -> C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -> [2007-11-30 06:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.)
(Intel Targeted Multicast) LANDesk Targeted Multicast [Auto | Running] -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
(Intel Local Scheduler Service) Intel Local Scheduler Service [Auto | Running] -> C:\Program Files\LANDesk\LDClient\LocalSch.EXE -> [2007-11-30 06:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.)
(ISSUSER) LANDesk Remote Control Service [Auto | Running] -> C:\Program Files\LANDesk\LDClient\issuser.exe -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
(CBA8) LANDesk(R) Management Agent [Auto | Running] -> C:\Program Files\LANDesk\Shared Files\residentagent.exe -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
(SONICWALL_NetExtender) SonicWALL NetExtender Service [Auto | Running] -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -> [2007-10-24 02:09:28 | 000,296,368 | ---- | M] (SonicWALL Inc.)
(Intel PDS) Intel PDS [Auto | Running] -> C:\WINDOWS\system32\cba\pds.exe -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
(FwcAgent) Firewall Client Agent [Auto | Running] -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006-12-09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation)
(cusrvc) Client Update Service for Novell [On_Demand | Stopped] -> C:\WINDOWS\system32\cusrvc.exe -> [2006-08-11 15:51:04 | 000,028,672 | ---- | M] (Novell, Inc.)
(WinVNC4) VNC Server Version 4 [Auto | Running] -> C:\Program Files\RealVNC\VNC4\WinVNC4.exe -> [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.)
(WM) Novell Workstation Manager [Auto | Running] -> C:\WINDOWS\system32\wm.exe -> [2003-03-27 14:38:56 | 000,110,665 | ---- | M] (Novell, Inc.)
(OracleMTSRecoveryService) OracleMTSRecoveryService [Auto | Running] -> C:\oracle\ora92\bin\omtsreco.exe -> [2002-04-30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation)
(OracleOraHome92ClientCache) OracleOraHome92ClientCache [On_Demand | Stopped] -> C:\oracle\ora92\bin\ONRSD.EXE -> [2002-04-26 19:34:38 | 000,242,328 | ---- | M] ()

[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100525.034\NAVEX15.SYS -> [2010-05-11 09:48:52 | 001,347,504 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100525.034\NAVENG.SYS -> [2010-05-11 09:48:52 | 000,085,552 | ---- | M] (Symantec Corporation)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software)
(aswMon2) aswMon2 [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(sptd) sptd [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\drivers\sptd.sys -> [2010-01-07 12:48:08 | 000,691,696 | ---- | M] (Duplex Secure Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010-01-04 12:47:45 | 000,371,248 | ---- | M] (Symantec Corporation)
(mdvrmng) Mobile IP Route Manager [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdvrmng.sys -> [2009-11-26 10:52:30 | 000,010,240 | ---- | M] ()
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2009-11-02 09:06:01 | 000,124,976 | ---- | M] (Symantec Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys -> [2009-11-02 09:00:50 | 000,320,560 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys -> [2009-11-02 09:00:50 | 000,281,648 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys -> [2009-11-02 09:00:50 | 000,043,696 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2009-11-02 09:00:33 | 000,188,080 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2009-11-02 09:00:33 | 000,026,416 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2009-11-02 09:00:32 | 000,421,424 | ---- | M] (Symantec Corporation)
(02401412) 02401412 Boot Guard Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\02401412.sys -> [2009-10-22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab)
(setup_9.0.0.722_23.05.2010_21-29drv) setup_9.0.0.722_23.05.2010_21-29drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\0240141.sys -> [2009-10-09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab)
(WsAudio_DeviceS(1)) WsAudio_DeviceS(1) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -> [2009-09-03 10:37:04 | 000,016,640 | ---- | M] (Wondershare)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009-09-02 16:43:38 | 000,102,448 | ---- | M] (Symantec Corporation)
(SndTVideo) SndTVideo [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SndTVideo.sys -> [2009-02-03 14:04:42 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider)
(SndTAudio) SndTAudio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SndTAudio.sys -> [2009-02-03 14:04:36 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys -> [2009-01-14 13:34:32 | 000,023,888 | ---- | M] (Symantec Corporation)
(MovRVDrv32) MovRVDrv32 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MovRVDrv32.sys -> [2008-04-17 11:57:48 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider)
(SndTDriverV32) SndTDriverV32 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SndTDriverV32.sys -> [2008-04-17 11:57:46 | 000,508,544 | ---- | M] (Windows (R) 2000/XP)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007-10-31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation)
(SSLDrv) SSL-VPN NetExtender Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SSLDrv.sys -> [2007-10-24 02:09:18 | 000,019,376 | ---- | M] (SonicWALL Inc.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2007-10-01 13:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2007-09-15 02:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007-08-24 11:22:56 | 005,776,928 | ---- | M] (Intel Corporation)
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> C:\WINDOWS\system32\NetWare\nwfs.sys -> [2007-06-21 14:03:08 | 000,513,664 | ---- | M] (Novell, Inc.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -> [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ldblank) Screen Blanking driver for Remote Control [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ldblank.sys -> [2007-05-30 17:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.)
(mirrorflt) Mirror Filter Driver for Uninstall [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mirrorflt.sys -> [2007-05-30 17:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.)
(ldmirror) ldmirror [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ldmirror.sys -> [2007-05-30 17:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.)
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwdns.sys -> [2006-10-27 16:53:48 | 000,043,568 | ---- | M] (Novell, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2006-09-28 01:00:10 | 001,160,320 | ---- | M] (Agere Systems)
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> C:\WINDOWS\system32\NetWare\srvloc.sys -> [2006-09-25 09:54:54 | 000,160,209 | ---- | M] (Novell, Inc.)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CPQBttn.sys -> [2006-06-28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2006-05-11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation)
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\nicm.sys -> [2006-03-03 17:50:48 | 000,038,416 | ---- | M] (Novell, Inc.)
(NWDHCP) Novell DHCP Inform Client [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwdhcp.sys -> [2005-11-22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.)
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> C:\WINDOWS\system32\NetWare\nwsipx32.sys -> [2005-10-27 16:15:14 | 000,039,731 | ---- | M] (Novell, Inc.)
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwhost.sys -> [2005-10-12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.)
(NWSNS) Novell Simple Naming Services (NWSNS) [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwsns.sys -> [2005-10-12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2005-08-05 11:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation)
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\NetWare\nwfilter.sys -> [2005-05-26 18:14:00 | 000,015,891 | ---- | M] (Novell, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CVirtA.sys -> [2005-05-17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.)
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwslp.sys -> [2005-01-03 14:51:38 | 000,020,332 | ---- | M] (Novell, Inc.)
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> C:\WINDOWS\system32\NetWare\resmgr.sys -> [2004-06-01 18:19:34 | 000,027,249 | ---- | M] (Novell, Inc.)
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\NetWare\nwsap.sys -> [2003-02-26 14:51:18 | 000,023,232 | ---- | M] ()
(ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctlsb16.sys -> [2001-08-17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.bold.dk/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> hogisauv.hogym.anet.dk:8080 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2004-08-04 12:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1      localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009-02-12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010-05-28 12:48:10 | 000,814,648 | ---- | M] (Google Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008-04-14 02:12:41 | 000,110,592 | ---- | M] (Microsoft Corporation)
"CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2009-03-23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.)
"CanonSolutionMenu" -> C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> [2009-03-17 18:40:00 | 000,767,312 | ---- | M] (CANON INC.)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
"IJNetworkScanUtility" -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe] -> [2009-05-19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.)
"NWTRAY" -> C:\WINDOWS\System32\nwtray.exe [NWTRAY.EXE] -> [2002-03-12 10:37:28 | 000,028,672 | ---- | M] (Novell, Inc.)
"SonicWALLNetExtender" -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot] -> [2007-10-24 02:09:26 | 000,562,608 | ---- | M] (SonicWALL Inc.)
"SoundMAX" -> C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> [2006-07-13 08:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2007-01-05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.)
"SynTPStart" -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> [2007-09-15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.)
"UserFaultCheck" ->  [%systemroot%\system32\dumprep 0 -u] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AdobeUpdater" -> C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> File not found
"afbww" -> C:\WINDOWS\System32\pggbssne.exe [C:\WINDOWS\system32\pggbssne.exe] -> File not found
"bchdyy6" -> C:\WINDOWS\System32\o9k1gccxoo.exe [C:\WINDOWS\system32\o9k1gccxoo.exe] -> File not found
"bgcss6e" -> C:\WINDOWS\System32\0kkfwwr.exe [C:\WINDOWS\system32\0kkfwwr.exe] -> File not found
"bssnee" -> C:\WINDOWS\System32\9c1yuup.exe [C:\WINDOWS\system32\9c1yuup.exe] -> File not found
"bxss6e" -> C:\WINDOWS\System32\zqqlccxooja.exe [C:\WINDOWS\system32\zqqlccxooja.exe] -> File not found
"cdyuu" -> C:\WINDOWS\System32\ssneezqq.exe [C:\WINDOWS\system32\ssneezqq.exe] -> File not found
"cydopk1" -> C:\WINDOWS\System32\i1yze81q.exe [C:\WINDOWS\system32\i1yze81q.exe] -> File not found
"DAEMON Tools" -> C:\Program Files\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2007-08-29 17:09:40 | 000,171,464 | ---- | M] (DT Soft Ltd.)
"dyzuq" -> C:\WINDOWS\System32\g3iiduupggb.exe [C:\WINDOWS\system32\g3iiduupggb.exe] -> File not found
"efawwr" -> C:\WINDOWS\System32\no70plbrrn.exe [C:\WINDOWS\system32\no70plbrrn.exe] -> File not found
"ezavw81" -> C:\WINDOWS\System32\91ufgbr.exe [C:\WINDOWS\system32\91ufgbr.exe] -> File not found
"fgb0h" -> C:\WINDOWS\System32\fwwriidu.exe [C:\WINDOWS\system32\fwwriidu.exe] -> File not found
"fgbchd" -> C:\WINDOWS\System32\70rnii6.exe [C:\WINDOWS\system32\70rnii6.exe] -> File not found
"ghcc6" -> C:\WINDOWS\System32\upggbssnee.exe [C:\WINDOWS\system32\upggbssnee.exe] -> File not found
"ghcyytk" -> C:\WINDOWS\System32\jfvvrhhd.exe [C:\WINDOWS\system32\jfvvrhhd.exe] -> File not found
"hddojkv" -> C:\WINDOWS\System32\ccsty86k.exe [C:\WINDOWS\system32\ccsty86k.exe] -> File not found
"hdttpf" -> C:\WINDOWS\System32\hdyypfvv.exe [C:\WINDOWS\system32\hdyypfvv.exe] -> File not found
"hhsno" -> C:\WINDOWS\System32\e86q81i91o3.exe [C:\WINDOWS\system32\e86q81i91o3.exe] -> File not found
"idejf" -> C:\WINDOWS\System32\lgg6ss6ee6q.exe [C:\WINDOWS\system32\lgg6ss6ee6q.exe] -> File not found
"IDMan" -> C:\Program Files\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> [2010-01-29 17:24:14 | 003,179,952 | ---- | M] (Tonec Inc.)
"iejzf6" -> C:\WINDOWS\System32\1j70qqg.exe [C:\WINDOWS\system32\1j70qqg.exe] -> File not found
"ijeaa" -> C:\WINDOWS\System32\1okkfww.exe [C:\WINDOWS\system32\1okkfww.exe] -> File not found
"jfvvr" -> C:\WINDOWS\System32\o70plgg6s.exe [C:\WINDOWS\system32\o70plgg6s.exe] -> File not found
"jzzvllh" -> C:\WINDOWS\System32\xtjjfvvrhh.exe [C:\WINDOWS\system32\xtjjfvvrhh.exe] -> File not found
"kggbs" -> C:\WINDOWS\System32\3wwriid.exe [C:\WINDOWS\system32\3wwriid.exe] -> File not found
"lgccxoo" -> C:\WINDOWS\System32\1qbssne.exe [C:\WINDOWS\system32\1qbssne.exe] -> File not found
"lmhn60" -> C:\WINDOWS\System32\e81qbcxd60f.exe [C:\WINDOWS\system32\e81qbcxd60f.exe] -> File not found
"mmiyy6" -> C:\WINDOWS\System32\wwriiduupg.exe [C:\WINDOWS\system32\wwriiduupg.exe] -> File not found
"mniojfv" -> C:\WINDOWS\System32\riiduupg.exe [C:\WINDOWS\system32\riiduupg.exe] -> File not found
"mxssoek" -> C:\WINDOWS\System32\kkfwwriidu.exe [C:\WINDOWS\system32\kkfwwriidu.exe] -> File not found
"notpfvv" -> C:\WINDOWS\System32\riiduupg.exe [C:\WINDOWS\system32\riiduupg.exe] -> File not found
"oefk8" -> C:\WINDOWS\System32\c86o81almhx.exe [C:\WINDOWS\system32\c86o81almhx.exe] -> File not found
"palmhxy" -> C:\WINDOWS\System32\zvqrw81it.exe [C:\WINDOWS\system32\zvqrw81it.exe] -> File not found
"pklqm1n" -> C:\WINDOWS\System32\yoe0fvb66s.exe [C:\WINDOWS\system32\yoe0fvb66s.exe] -> File not found
"qrmmiyy" -> C:\WINDOWS\System32\je1awwriid.exe [C:\WINDOWS\system32\je1awwriid.exe] -> File not found
"rniieuu" -> C:\WINDOWS\System32\q9m1ieezqq.exe [C:\WINDOWS\system32\q9m1ieezqq.exe] -> File not found
"ssneezq" -> C:\WINDOWS\System32\0iiduup.exe [C:\WINDOWS\system32\0iiduup.exe] -> File not found
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010-02-18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008-09-15 19:04:05 | 000,068,856 | ---- | M] (Google Inc.)
"tjjfv" -> C:\WINDOWS\System32\1eaavmm.exe [C:\WINDOWS\system32\1eaavmm.exe] -> File not found
"tjjfvv" -> C:\WINDOWS\System32\6oo6aa6.exe [C:\WINDOWS\system32\6oo6aa6.exe] -> File not found
"tpkk6w" -> C:\WINDOWS\System32\9u1qmmh.exe [C:\WINDOWS\system32\9u1qmmh.exe] -> File not found
"ufgbrsn" -> C:\WINDOWS\System32\e81qbcxno.exe [C:\WINDOWS\system32\e81qbcxno.exe] -> File not found
"ukkgww6" -> C:\WINDOWS\System32\9u1qmmh.exe [C:\WINDOWS\system32\9u1qmmh.exe] -> File not found
"upfgb" -> C:\WINDOWS\System32\1vfbwxc.exe [C:\WINDOWS\system32\1vfbwxc.exe] -> File not found
"uvaw1x" -> C:\WINDOWS\System32\av03m0nd.exe [C:\WINDOWS\system32\av03m0nd.exe] -> File not found
"vmmhy" -> C:\WINDOWS\System32\6cc6oo6.exe [C:\WINDOWS\system32\6cc6oo6.exe] -> File not found
"vqqmcc" -> C:\WINDOWS\System32\2lgg6ss.exe [C:\WINDOWS\system32\2lgg6ss.exe] -> File not found
"wmnso1e" -> C:\WINDOWS\System32\g1x70eeu.exe [C:\WINDOWS\system32\g1x70eeu.exe] -> File not found
"wssne" -> C:\WINDOWS\System32\1miiduu.exe [C:\WINDOWS\system32\1miiduu.exe] -> File not found
"wwriidu" -> C:\WINDOWS\System32\v0bxss6ee.exe [C:\WINDOWS\system32\v0bxss6ee.exe] -> File not found
"xnnjzz" -> C:\WINDOWS\System32\0hdyy6k.exe [C:\WINDOWS\system32\0hdyy6k.exe] -> File not found
"xttpfv" -> C:\WINDOWS\System32\gccxoojaav.exe [C:\WINDOWS\system32\gccxoojaav.exe] -> File not found
"zkpalm" -> C:\WINDOWS\System32\0lq86c8.exe [C:\WINDOWS\system32\0lq86c8.exe] -> File not found
"zpplbbx" -> C:\WINDOWS\System32\riiduupggbs.exe [C:\WINDOWS\system32\riiduupggbs.exe] -> File not found
"zuvqmmh" -> C:\WINDOWS\System32\e6qq6cc6.exe [C:\WINDOWS\system32\e6qq6cc6.exe] -> File not found
"zvqrw8" -> C:\WINDOWS\System32\0bg86s8.exe [C:\WINDOWS\system32\0bg86s8.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Copy_all.lnk -> X:\Steins_C\Copy_all.bat -> File not found
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe -> [2006-12-09 19:04:10 | 000,117,568 | ---- | M] (Microsoft (R) Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Opdateringsagent.lnk -> C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe -> [2009-11-26 11:06:44 | 000,667,648 | ---- | M] (Birdstep Technology)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
< Sebastian Startup Folder > -> C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup ->
C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2009-02-26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\setup_9.0.0.722_23.05.2010_21-29.lnk -> C:\Documents and Settings\Sebastian\Desktop\Virus Removal Tool\setup_9.0.0.722_23.05.2010_21-29\startup.exe -> [2009-10-01 14:56:00 | 000,072,208 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"CompatibleRUPSecurity" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all links with IDM -> C:\Program Files\Internet Download Manager\IEGetAll.htm [C:\Program Files\Internet Download Manager\IEGetAll.htm] -> [2003-10-20 12:13:13 | 000,000,283 | ---- | M] ()
Download FLV video content with IDM -> C:\Program Files\Internet Download Manager\IEGetVL.htm [C:\Program Files\Internet Download Manager\IEGetVL.htm] -> [2007-07-02 08:19:10 | 000,000,278 | ---- | M] ()
Download with IDM -> C:\Program Files\Internet Download Manager\IEExt.htm [C:\Program Files\Internet Download Manager\IEExt.htm] -> [2004-12-02 18:31:09 | 000,000,277 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010-01-15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki ... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010-05-28 12:33:26 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010-04-12 17:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog det] -> [2009-07-26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog det i Windows Live Writer] -> [2009-07-26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009-02-26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009-02-26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{38E51477-DDB4-4aed-9D61-D0C193E10749}:{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> C:\Program Files\SoundTaxi\YouTubeRipper.dll [Button: Rip YouTube File] -> [2009-02-03 13:49:06 | 000,462,848 | ---- | M] ()
{38E51477-DDB4-4aed-9D61-D0C193E10749}:{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> C:\Program Files\SoundTaxi\YouTubeRipper.dll [Menu: Rip YouTube file embedded in this page] -> [2009-02-03 13:49:06 | 000,462,848 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009-03-06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{07D09E9E-C667-45DD-B035-217BC2A61A3B} [HKLM] -> https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab [ActiveX sikkerhedssoftware Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] ->
{6EEFD7B1-B26C-440D-B55A-1EC677189F30} [HKLM] -> https://virtualoffice3.eurofins.dk/NELX.cab [NELaunchCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{B9F79165-A264-4C4A-A211-133A5E8D647F} [HKLM] -> http://download.sp.f-secure.com/hc/tdc/fscax.cab [F-Secure Health Check 1.1] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{D821DC4A-0814-435E-9820-661C543A4679} [HKLM] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx [CRLDownloadWrapper Class] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 212.242.40.3 212.242.40.51 212.242.40.3 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{FF6F9E10-844D-46DA-A7C5-68B1A815F95A}\\DhcpNameServer -> 212.242.40.3 212.242.40.51 212.242.40.3  (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> C:\WINDOWS\System32\nwgina.dll -> [2007-07-20 09:28:24 | 000,402,944 | ---- | M] (Novell, Inc.)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009-09-03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007-08-24 11:00:18 | 000,208,896 | ---- | M] (Intel Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{1984DD45-52CF-49cd-AB77-18F378FEA264}" [HKLM] -> C:\Program Files\Stardock\Fences\FencesMenu.dll [FencesShellExt] -> [2009-10-02 19:38:46 | 000,128,360 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009-05-24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008-05-13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009-02-12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
nwv1_0 -> C:\WINDOWS\System32\nwv1_0.dll -> [2000-02-17 06:54:28 | 000,008,480 | ---- | M] (Novell, Inc.)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009-07-26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email] -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
"C:\Program Files\LANDesk\LDClient\issuser.exe" -> C:\Program Files\LANDesk\LDClient\issuser.exe [C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent] -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe [C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast] -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" -> C:\Program Files\LANDesk\Shared Files\residentagent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009-02-14 07:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009-02-26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009-08-17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe" -> C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe [C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks] -> [2007-09-27 20:45:44 | 000,752,624 | ---- | M] (Blitwise Productions, LLC)
"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo] -> File not found
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009] -> File not found
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010] -> [2009-10-07 04:19:18 | 030,020,936 | ---- | M] (Sports Interactive)
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe" -> C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe [C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009] -> File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service] -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service] -> [2009-11-02 09:00:38 | 000,341,320 | ---- | M] (Symantec Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009-07-26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" -> C:\WINDOWS\System32\cba\pds.exe [C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service] -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" -> C:\WINDOWS\System32\msgsys.exe [C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service] -> [2007-08-31 08:12:56 | 000,028,729 | ---- | M] (LANDesk Software Ltd.)
"F:\Track Mania Nations Forever\TmForever.exe" -> F:\Track Mania Nations Forever\TmForever.exe [F:\Track Mania Nations Forever\TmForever.exe:*:Enabled:TmForever] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008-07-24 12:08:13 | 000,000,000 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001-07-27 23:07:00 | 000,000,000 | -HS- | M] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004-04-30 15:01:00 | 000,000,053 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{2bfb977a-9e9d-11de-9c21-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\command
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\AutoRun\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\explore\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\open\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\AutoRun\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\explore\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\open\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{7ae50a98-342e-11df-9ea3-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\command
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{becd76af-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command\\"" ->  [.\Docs\print.exe] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\explore\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\explore\command\\"" ->  [.\\\\Docs/print.exe] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\open\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\open\command\\"" ->  [Docs////print.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\AutoRun\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\explore\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\open\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\AutoRun\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\explore\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\open\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\AutoRun\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\explore\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\open\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\AutoRun\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\explore\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\open\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\AutoRun\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\explore\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\open\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{dd887472-3587-11df-9eac-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{dd887476-3587-11df-9eac-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{f7242300-5299-11df-9f26-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7242300-5299-11df-9f26-0013028f3642}\Shell\AutoRun\command
\{f7242300-5299-11df-9f26-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{f7242300-5299-11df-9f26-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724
Avatar billede f-arn Guru
13. juni 2010 - 16:53 #10
Du fik ikke hele loggen med.
Avatar billede f-arn Guru
13. juni 2010 - 17:02 #11
Jeg har lige kastet et blik på loggen.

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmet foretage en oprydning. Særligt af Register (Den blå terning)

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

------

Lav så en ny OTS log og send den herind.
Avatar billede Olguin Nybegynder
13. juni 2010 - 17:26 #12
ah sorry synes ellers jeg var opmærksom på det ..


...

hmmm hvor kommer loggen frem her? Skal jeg ikke bare under "Register" også vælge "Skan efter problemer" og hvad så?
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2010 - 17:51 #13
(Der skal IKKE bruges nogen LOG fra CCleaner... - det er OTS log der spørges efter...)

Men iøvrig som der står ved http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763 -> http://www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Avatar billede Olguin Nybegynder
13. juni 2010 - 17:59 #14
Ja my bad det fandt jeg ud af.

btw. har XP men tror dog ikke det betyder det store i denne sammenhæng.

__________

Log fra OTS efter brug af CCleaner:

[code]
OTS logfile created on: 13-06-2010 17:53:42 - Run 2
OTS by OldTimer - Version 3.1.31.2    Folder = C:\Documents and Settings\Sebastian\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

1.015,00 Mb Total Physical Memory | 331,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 8,60 Gb Free Space | 12,82% Space Free | Partition Type: NTFS
Drive D: | 7,43 Gb Total Space | 0,70 Gb Free Space | 9,40% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LHP-09ESSO
Current User Name: Sebastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Quick Scan

[Processes - Safe List]
ots (1).exe -> C:\Documents and Settings\Sebastian\My Documents\Downloads\OTS (1).exe -> [2010-06-13 17:53:31 | 000,640,000 | ---- | M] (OldTimer Tools)
chrome.exe -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2010-06-02 07:57:48 | 000,945,648 | ---- | M] (Google Inc.)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010-02-18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
idman.exe -> C:\Program Files\Internet Download Manager\IDMan.exe -> [2010-01-29 17:24:14 | 003,179,952 | ---- | M] (Tonec Inc.)
autoupdatesrv.exe -> C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe -> [2009-11-26 11:06:44 | 000,667,648 | ---- | M] (Birdstep Technology)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2009-11-02 09:00:39 | 001,455,432 | ---- | M] (Symantec Corporation)
rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009-11-02 09:00:37 | 002,477,304 | ---- | M] (Symantec Corporation)
iemonitor.exe -> C:\Program Files\Internet Download Manager\IEMonitor.exe -> [2009-10-15 11:51:51 | 000,263,600 | ---- | M] (Tonec Inc.)
cnmnsut.exe -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe -> [2009-05-19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.)
bjmyprt.exe -> C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE -> [2009-03-23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008-09-15 19:04:05 | 000,068,856 | ---- | M] (Google Inc.)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
policy.client.invoker.exe -> C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -> [2007-11-30 06:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.)
tmcsvc.exe -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
localsch.exe -> C:\Program Files\LANDesk\LDClient\LocalSch.EXE -> [2007-11-30 06:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.)
collector.exe -> C:\Program Files\LANDesk\LDClient\collector.exe -> [2007-11-30 06:09:10 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.)
issuser.exe -> C:\Program Files\LANDesk\LDClient\issuser.exe -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
rcgui.exe -> C:\Program Files\LANDesk\LDClient\rcgui.exe -> [2007-11-30 05:54:12 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.)
residentagent.exe -> C:\Program Files\LANDesk\Shared Files\residentAgent.exe -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
neservice.exe -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -> [2007-10-24 02:09:28 | 000,296,368 | ---- | M] (SonicWALL Inc.)
negui.exe -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -> [2007-10-24 02:09:26 | 000,562,608 | ---- | M] (SonicWALL Inc.)
pds.exe -> C:\WINDOWS\system32\cba\pds.exe -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2007-01-05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.)
fwcagent.exe -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006-12-09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation)
fwcmgmt.exe -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe -> [2006-12-09 19:04:10 | 000,117,568 | ---- | M] (Microsoft (R) Corporation)
winvnc4.exe -> C:\Program Files\RealVNC\VNC4\winvnc4.exe -> [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.)
wm.exe -> C:\WINDOWS\system32\wm.exe -> [2003-03-27 14:38:56 | 000,110,665 | ---- | M] (Novell, Inc.)
omtsreco.exe -> C:\oracle\ora92\bin\omtsreco.exe -> [2002-04-30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation)
nwtray.exe -> C:\WINDOWS\system32\nwtray.exe -> [2002-03-12 10:37:28 | 000,028,672 | ---- | M] (Novell, Inc.)

[Modules - Safe List]
ots (1).exe -> C:\Documents and Settings\Sebastian\My Documents\Downloads\OTS (1).exe -> [2010-06-13 17:53:31 | 000,640,000 | ---- | M] (OldTimer Tools)
idmmkb.dll -> C:\Program Files\Internet Download Manager\idmmkb.dll -> [2009-03-26 17:35:39 | 000,034,224 | ---- | M] (Tonec Inc.)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008-04-14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Smcinst) Symantec Auto-upgrade Agent [On_Demand | Stopped] ->  -> File not found
(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009-11-02 09:00:49 | 000,108,392 | ---- | M] (Symantec Corporation)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2009-11-02 09:00:38 | 000,341,320 | ---- | M] (Symantec Corporation)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009-11-02 09:00:37 | 002,477,304 | ---- | M] (Symantec Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2009-07-13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation)
(SMServer) SMServer [On_Demand | Stopped] -> C:\WINDOWS\System32\snmvtsvc.exe -> [2009-02-03 13:47:14 | 000,237,568 | ---- | M] (SMServer)
(Softmon) LANDesk(R) Software Monitoring Service [Auto | Stopped] -> C:\Program Files\LANDesk\LDClient\softmon.exe -> [2007-12-06 16:35:30 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.)
(LANDesk Policy Invoker) LANDesk Policy Invoker [Auto | Running] -> C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -> [2007-11-30 06:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.)
(Intel Targeted Multicast) LANDesk Targeted Multicast [Auto | Running] -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
(Intel Local Scheduler Service) Intel Local Scheduler Service [Auto | Running] -> C:\Program Files\LANDesk\LDClient\LocalSch.EXE -> [2007-11-30 06:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.)
(ISSUSER) LANDesk Remote Control Service [Auto | Running] -> C:\Program Files\LANDesk\LDClient\issuser.exe -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
(CBA8) LANDesk(R) Management Agent [Auto | Running] -> C:\Program Files\LANDesk\Shared Files\residentagent.exe -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
(SONICWALL_NetExtender) SonicWALL NetExtender Service [Auto | Running] -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -> [2007-10-24 02:09:28 | 000,296,368 | ---- | M] (SonicWALL Inc.)
(Intel PDS) Intel PDS [Auto | Running] -> C:\WINDOWS\system32\cba\pds.exe -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
(FwcAgent) Firewall Client Agent [Auto | Running] -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006-12-09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation)
(cusrvc) Client Update Service for Novell [On_Demand | Stopped] -> C:\WINDOWS\system32\cusrvc.exe -> [2006-08-11 15:51:04 | 000,028,672 | ---- | M] (Novell, Inc.)
(WinVNC4) VNC Server Version 4 [Auto | Running] -> C:\Program Files\RealVNC\VNC4\WinVNC4.exe -> [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.)
(WM) Novell Workstation Manager [Auto | Running] -> C:\WINDOWS\system32\wm.exe -> [2003-03-27 14:38:56 | 000,110,665 | ---- | M] (Novell, Inc.)
(OracleMTSRecoveryService) OracleMTSRecoveryService [Auto | Running] -> C:\oracle\ora92\bin\omtsreco.exe -> [2002-04-30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation)
(OracleOraHome92ClientCache) OracleOraHome92ClientCache [On_Demand | Stopped] -> C:\oracle\ora92\bin\ONRSD.EXE -> [2002-04-26 19:34:38 | 000,242,328 | ---- | M] ()

[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100525.034\NAVEX15.SYS -> [2010-05-11 09:48:52 | 001,347,504 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100525.034\NAVENG.SYS -> [2010-05-11 09:48:52 | 000,085,552 | ---- | M] (Symantec Corporation)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software)
(aswMon2) aswMon2 [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(sptd) sptd [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\drivers\sptd.sys -> [2010-01-07 12:48:08 | 000,691,696 | ---- | M] (Duplex Secure Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010-01-04 12:47:45 | 000,371,248 | ---- | M] (Symantec Corporation)
(mdvrmng) Mobile IP Route Manager [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdvrmng.sys -> [2009-11-26 10:52:30 | 000,010,240 | ---- | M] ()
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2009-11-02 09:06:01 | 000,124,976 | ---- | M] (Symantec Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys -> [2009-11-02 09:00:50 | 000,320,560 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys -> [2009-11-02 09:00:50 | 000,281,648 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys -> [2009-11-02 09:00:50 | 000,043,696 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2009-11-02 09:00:33 | 000,188,080 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2009-11-02 09:00:33 | 000,026,416 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2009-11-02 09:00:32 | 000,421,424 | ---- | M] (Symantec Corporation)
(02401412) 02401412 Boot Guard Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\02401412.sys -> [2009-10-22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab)
(setup_9.0.0.722_23.05.2010_21-29drv) setup_9.0.0.722_23.05.2010_21-29drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\0240141.sys -> [2009-10-09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab)
(WsAudio_DeviceS(1)) WsAudio_DeviceS(1) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -> [2009-09-03 10:37:04 | 000,016,640 | ---- | M] (Wondershare)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009-09-02 16:43:38 | 000,102,448 | ---- | M] (Symantec Corporation)
(SndTVideo) SndTVideo [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SndTVideo.sys -> [2009-02-03 14:04:42 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider)
(SndTAudio) SndTAudio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SndTAudio.sys -> [2009-02-03 14:04:36 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys -> [2009-01-14 13:34:32 | 000,023,888 | ---- | M] (Symantec Corporation)
(MovRVDrv32) MovRVDrv32 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MovRVDrv32.sys -> [2008-04-17 11:57:48 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider)
(SndTDriverV32) SndTDriverV32 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SndTDriverV32.sys -> [2008-04-17 11:57:46 | 000,508,544 | ---- | M] (Windows (R) 2000/XP)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007-10-31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation)
(SSLDrv) SSL-VPN NetExtender Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SSLDrv.sys -> [2007-10-24 02:09:18 | 000,019,376 | ---- | M] (SonicWALL Inc.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2007-10-01 13:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2007-09-15 02:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007-08-24 11:22:56 | 005,776,928 | ---- | M] (Intel Corporation)
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> C:\WINDOWS\system32\NetWare\nwfs.sys -> [2007-06-21 14:03:08 | 000,513,664 | ---- | M] (Novell, Inc.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -> [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ldblank) Screen Blanking driver for Remote Control [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ldblank.sys -> [2007-05-30 17:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.)
(mirrorflt) Mirror Filter Driver for Uninstall [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mirrorflt.sys -> [2007-05-30 17:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.)
(ldmirror) ldmirror [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ldmirror.sys -> [2007-05-30 17:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.)
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwdns.sys -> [2006-10-27 16:53:48 | 000,043,568 | ---- | M] (Novell, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2006-09-28 01:00:10 | 001,160,320 | ---- | M] (Agere Systems)
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> C:\WINDOWS\system32\NetWare\srvloc.sys -> [2006-09-25 09:54:54 | 000,160,209 | ---- | M] (Novell, Inc.)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CPQBttn.sys -> [2006-06-28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2006-05-11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation)
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\nicm.sys -> [2006-03-03 17:50:48 | 000,038,416 | ---- | M] (Novell, Inc.)
(NWDHCP) Novell DHCP Inform Client [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwdhcp.sys -> [2005-11-22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.)
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> C:\WINDOWS\system32\NetWare\nwsipx32.sys -> [2005-10-27 16:15:14 | 000,039,731 | ---- | M] (Novell, Inc.)
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwhost.sys -> [2005-10-12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.)
(NWSNS) Novell Simple Naming Services (NWSNS) [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwsns.sys -> [2005-10-12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2005-08-05 11:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation)
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\NetWare\nwfilter.sys -> [2005-05-26 18:14:00 | 000,015,891 | ---- | M] (Novell, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CVirtA.sys -> [2005-05-17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.)
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> C:\WINDOWS\system32\NetWare\nwslp.sys -> [2005-01-03 14:51:38 | 000,020,332 | ---- | M] (Novell, Inc.)
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> C:\WINDOWS\system32\NetWare\resmgr.sys -> [2004-06-01 18:19:34 | 000,027,249 | ---- | M] (Novell, Inc.)
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\NetWare\nwsap.sys -> [2003-02-26 14:51:18 | 000,023,232 | ---- | M] ()
(ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctlsb16.sys -> [2001-08-17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.bold.dk/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> hogisauv.hogym.anet.dk:8080 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2004-08-04 12:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1      localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009-02-12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010-05-28 12:48:10 | 000,814,648 | ---- | M] (Google Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010-05-28 12:33:19 | 000,278,128 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software)
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008-04-14 02:12:41 | 000,110,592 | ---- | M] (Microsoft Corporation)
"CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2009-03-23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.)
"CanonSolutionMenu" -> C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> [2009-03-17 18:40:00 | 000,767,312 | ---- | M] (CANON INC.)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
"IJNetworkScanUtility" -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe] -> [2009-05-19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.)
"NWTRAY" -> C:\WINDOWS\System32\nwtray.exe [NWTRAY.EXE] -> [2002-03-12 10:37:28 | 000,028,672 | ---- | M] (Novell, Inc.)
"SonicWALLNetExtender" -> C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot] -> [2007-10-24 02:09:26 | 000,562,608 | ---- | M] (SonicWALL Inc.)
"SoundMAX" -> C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> [2006-07-13 08:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2007-01-05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.)
"SynTPStart" -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> [2007-09-15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.)
"UserFaultCheck" ->  [%systemroot%\system32\dumprep 0 -u] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools" -> C:\Program Files\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2007-08-29 17:09:40 | 000,171,464 | ---- | M] (DT Soft Ltd.)
"IDMan" -> C:\Program Files\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> [2010-01-29 17:24:14 | 003,179,952 | ---- | M] (Tonec Inc.)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010-02-18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2008-09-15 19:04:05 | 000,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Copy_all.lnk -> X:\Steins_C\Copy_all.bat -> File not found
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe -> [2006-12-09 19:04:10 | 000,117,568 | ---- | M] (Microsoft (R) Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Opdateringsagent.lnk -> C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe -> [2009-11-26 11:06:44 | 000,667,648 | ---- | M] (Birdstep Technology)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
< Sebastian Startup Folder > -> C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup ->
C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2009-02-26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\setup_9.0.0.722_23.05.2010_21-29.lnk -> C:\Documents and Settings\Sebastian\Desktop\Virus Removal Tool\setup_9.0.0.722_23.05.2010_21-29\startup.exe -> [2009-10-01 14:56:00 | 000,072,208 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"CompatibleRUPSecurity" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all links with IDM -> C:\Program Files\Internet Download Manager\IEGetAll.htm [C:\Program Files\Internet Download Manager\IEGetAll.htm] -> [2003-10-20 12:13:13 | 000,000,283 | ---- | M] ()
Download FLV video content with IDM -> C:\Program Files\Internet Download Manager\IEGetVL.htm [C:\Program Files\Internet Download Manager\IEGetVL.htm] -> [2007-07-02 08:19:10 | 000,000,278 | ---- | M] ()
Download with IDM -> C:\Program Files\Internet Download Manager\IEExt.htm [C:\Program Files\Internet Download Manager\IEExt.htm] -> [2004-12-02 18:31:09 | 000,000,277 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010-01-15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki ... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010-05-28 12:33:26 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010-04-12 17:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog det] -> [2009-07-26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog det i Windows Live Writer] -> [2009-07-26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009-02-26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009-02-26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{38E51477-DDB4-4aed-9D61-D0C193E10749}:{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> C:\Program Files\SoundTaxi\YouTubeRipper.dll [Button: Rip YouTube File] -> [2009-02-03 13:49:06 | 000,462,848 | ---- | M] ()
{38E51477-DDB4-4aed-9D61-D0C193E10749}:{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> C:\Program Files\SoundTaxi\YouTubeRipper.dll [Menu: Rip YouTube file embedded in this page] -> [2009-02-03 13:49:06 | 000,462,848 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009-03-06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{07D09E9E-C667-45DD-B035-217BC2A61A3B} [HKLM] -> https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab [ActiveX sikkerhedssoftware Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] ->
{6EEFD7B1-B26C-440D-B55A-1EC677189F30} [HKLM] -> https://virtualoffice3.eurofins.dk/NELX.cab [NELaunchCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{B9F79165-A264-4C4A-A211-133A5E8D647F} [HKLM] -> http://download.sp.f-secure.com/hc/tdc/fscax.cab [F-Secure Health Check 1.1] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{D821DC4A-0814-435E-9820-661C543A4679} [HKLM] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx [CRLDownloadWrapper Class] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 212.242.40.3 212.242.40.51 212.242.40.3 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{FF6F9E10-844D-46DA-A7C5-68B1A815F95A}\\DhcpNameServer -> 212.242.40.3 212.242.40.51 212.242.40.3  (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> C:\WINDOWS\System32\nwgina.dll -> [2007-07-20 09:28:24 | 000,402,944 | ---- | M] (Novell, Inc.)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009-09-03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007-08-24 11:00:18 | 000,208,896 | ---- | M] (Intel Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{1984DD45-52CF-49cd-AB77-18F378FEA264}" [HKLM] -> C:\Program Files\Stardock\Fences\FencesMenu.dll [FencesShellExt] -> [2009-10-02 19:38:46 | 000,128,360 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009-05-24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008-05-13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009-02-12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
nwv1_0 -> C:\WINDOWS\System32\nwv1_0.dll -> [2000-02-17 06:54:28 | 000,008,480 | ---- | M] (Novell, Inc.)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009-07-26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email] -> [2009-11-02 09:00:47 | 000,115,560 | ---- | M] (Symantec Corporation)
"C:\Program Files\LANDesk\LDClient\issuser.exe" -> C:\Program Files\LANDesk\LDClient\issuser.exe [C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent] -> [2007-11-30 05:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe [C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast] -> [2007-11-30 06:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" -> C:\Program Files\LANDesk\Shared Files\residentagent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> [2007-11-29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009-02-14 07:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009-02-26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009-08-17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe" -> C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe [C:\Program Files\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks] -> [2007-09-27 20:45:44 | 000,752,624 | ---- | M] (Blitwise Productions, LLC)
"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo] -> File not found
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009] -> File not found
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010] -> [2009-10-07 04:19:18 | 030,020,936 | ---- | M] (Sports Interactive)
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe" -> C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe [C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009] -> File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service] -> [2009-11-02 09:00:39 | 001,864,888 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service] -> [2009-11-02 09:00:38 | 000,341,320 | ---- | M] (Symantec Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009-07-26 13:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" -> C:\WINDOWS\System32\cba\pds.exe [C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service] -> [2007-08-31 08:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" -> C:\WINDOWS\System32\msgsys.exe [C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service] -> [2007-08-31 08:12:56 | 000,028,729 | ---- | M] (LANDesk Software Ltd.)
"F:\Track Mania Nations Forever\TmForever.exe" -> F:\Track Mania Nations Forever\TmForever.exe [F:\Track Mania Nations Forever\TmForever.exe:*:Enabled:TmForever] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008-07-24 12:08:13 | 000,000,000 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001-07-27 23:07:00 | 000,000,000 | -HS- | M] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004-04-30 15:01:00 | 000,000,053 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{2bfb977a-9e9d-11de-9c21-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\command
\{2bfb977a-9e9d-11de-9c21-0013028f3642}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command
\{2cbc4a52-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command
\{2cbc4a54-34e7-11df-9ea7-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\AutoRun\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\explore\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{3b3c482f-d804-11de-9d44-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\open\command
\{3b3c482f-d804-11de-9d44-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\AutoRun\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\explore\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{40c17642-ac14-11de-9c74-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\open\command
\{40c17642-ac14-11de-9c74-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{7ae50a98-342e-11df-9ea3-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\command
\{7ae50a98-342e-11df-9ea3-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{becd76af-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command
\{becd76af-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\AutoRun\command\\"" ->  [.\Docs\print.exe] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\explore\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\explore\command\\"" ->  [.\\\\Docs/print.exe] -> File not found
\{becd76b0-f924-11de-9daf-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\open\command
\{becd76b0-f924-11de-9daf-0013028f3642}\Shell\open\command\\"" ->  [Docs////print.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\AutoRun\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\explore\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c5bedb90-e304-11de-9d6b-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\open\command
\{c5bedb90-e304-11de-9d6b-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\AutoRun\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\explore\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\open\command
\{c7c8ad40-b31b-11de-9c9f-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\AutoRun\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\explore\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{ca740794-3325-11df-9e9d-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\open\command
\{ca740794-3325-11df-9e9d-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\AutoRun\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\AutoRun\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\explore\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\explore\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{cf048a33-14a7-11de-9aad-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\open\command
\{cf048a33-14a7-11de-9aad-0013028f3642}\Shell\open\command\\"" -> C:\WINDOWS\System32\rundll.exe [system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\AutoRun\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\explore\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{d633b525-4ed0-11df-9f19-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\open\command
\{d633b525-4ed0-11df-9f19-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{dd887472-3587-11df-9eac-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command
\{dd887472-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{dd887476-3587-11df-9eac-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command
\{dd887476-3587-11df-9eac-0013028f3642}\Shell\AutoRun\command\\"" -> G:\AutoRun.exe [G:\AutoRun.exe] -> File not found
\{f7242300-5299-11df-9f26-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7242300-5299-11df-9f26-0013028f3642}\Shell\AutoRun\command
\{f7242300-5299-11df-9f26-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{f7242300-5299-11df-9f26-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7242300-5299-11df-9f26-0013028f3642}\Shell\explore\command
\{f7242300-5299-11df-9f26-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{f7242300-5299-11df-9f26-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7242300-5299-11df-9f26-0013028f3642}\Shell\open\command
\{f7242300-5299-11df-9f26-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\AutoRun\command
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\explore\command
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\explore\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\open\command
\{fcb7167e-c1fd-11de-9ce2-0013028f3642}\Shell\open\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{fd46c3dc-3910-11df-9ec1-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\AutoRun\command
\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\AutoRun\command\\"" -> G:\system32\rundll.exe [G:\system32/rundll.exe] -> File not found
\{fd46c3dc-3910-11df-9ec1-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\explore\command
\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\explore\command\\"" ->  [G:\] -> File not found
\{fd46c3dc-3910-11df-9ec1-0013028f3642}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\open\command
\{fd46c3dc-3910-11df-9ec1-0013028f3642}\Shell\open\command\\"" ->  [G:\] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 90 Days]
Recent -> C:\Documents and Settings\Sebastian\Recent -> [2010-06-13 17:52:27 | 000,000,000 | RH-D | C]
CCleaner -> C:\Program Files\CCleaner -> [2010-06-13 17:14:23 | 000,000,000 | ---D | C]
ComboFix -> C:\ComboFix -> [2010-06-13 14:47:57 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010-06-13 14:30:38 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Sebastian\Application Data\Malwarebytes -> [2010-06-13 10:20:13 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010-06-13 10:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010-06-13 10:19:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010-06-13 10:19:11 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010-06-13 10:19:10 | 000,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2010-06-13 00:36:57 | 000,000,000 | ---D | C]
CanonIJScan -> C:\Documents and Settings\All Users\Application Data\CanonIJScan -> [2010-06-03 23:17:36 | 000,000,000 | -H-D | C]
Canon -> C:\Documents and Settings\Sebastian\Application Data\Canon -> [2010-06-03 23:17:15 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010-06-02 23:18:11 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2010-06-02 23:18:08 | 000,000,000 | ---D | C]
aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010-06-02 23:09:06 | 000,164,048 | ---- | C] (ALWIL Software)
aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010-06-02 23:09:06 | 000,023,376 | ---- | C] (ALWIL Software)
aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010-06-02 23:09:06 | 000,019,024 | ---- | C] (ALWIL Software)
aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010-06-02 23:09:05 | 000,046,672 | ---- | C] (ALWIL Software)
aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010-06-02 23:09:04 | 000,100,432 | ---- | C] (ALWIL Software)
aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010-06-02 23:09:04 | 000,094,800 | ---- | C] (ALWIL Software)
aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010-06-02 23:09:04 | 000,028,880 | ---- | C] (ALWIL Software)
aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010-06-02 23:08:42 | 000,165,032 | ---- | C] (ALWIL Software)
avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010-06-02 23:08:42 | 000,038,848 | ---- | C] (ALWIL Software)
Alwil Software -> C:\Program Files\Alwil Software -> [2010-06-02 23:08:29 | 000,000,000 | ---D | C]
Alwil Software -> C:\Documents and Settings\All Users\Appl
Avatar billede Olguin Nybegynder
13. juni 2010 - 18:00 #15
Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010-06-02 23:08:29 | 000,000,000 | ---D | C]
0240141.sys -> C:\WINDOWS\System32\drivers\0240141.sys -> [2010-05-23 21:04:24 | 000,315,408 | ---- | C] (Kaspersky Lab)
02401412.sys -> C:\WINDOWS\System32\drivers\02401412.sys -> [2010-05-23 21:04:24 | 000,037,392 | ---- | C] (Kaspersky Lab)
Virus Removal Tool -> C:\Documents and Settings\Sebastian\Desktop\Virus Removal Tool -> [2010-05-23 21:04:24 | 000,000,000 | ---D | C]
Eidos Interactive -> C:\Program Files\Eidos Interactive -> [2010-05-23 17:23:49 | 000,000,000 | ---D | C]
Eksamen10 -> C:\Documents and Settings\Sebastian\Desktop\Eksamen10 -> [2010-05-17 08:04:09 | 000,000,000 | ---D | C]
Mathsoft -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\Mathsoft -> [2010-05-16 21:12:07 | 000,000,000 | ---D | C]
musikk -> C:\Documents and Settings\Sebastian\Desktop\musikk -> [2010-05-14 23:55:22 | 000,000,000 | ---D | C]
NSS -> C:\WINDOWS\System32\drivers\NSS -> [2010-05-12 18:01:36 | 000,000,000 | ---D | C]
0207030.022 -> C:\WINDOWS\System32\drivers\NSS\0207030.022 -> [2010-05-12 18:01:36 | 000,000,000 | ---D | C]
Norton Security Scan -> C:\Program Files\Norton Security Scan -> [2010-05-12 18:01:35 | 000,000,000 | ---D | C]
Playstation -> C:\Documents and Settings\Sebastian\Desktop\Playstation -> [2010-05-06 10:47:28 | 000,000,000 | ---D | C]
Parametric_Technology_Cor -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\Parametric_Technology_Cor -> [2010-05-04 10:14:36 | 000,000,000 | ---D | C]
Mathsoft -> C:\Documents and Settings\Sebastian\Application Data\Mathsoft -> [2010-05-04 10:04:00 | 000,000,000 | ---D | C]
Mathcad -> C:\Program Files\Mathcad -> [2010-05-04 10:00:55 | 000,000,000 | ---D | C]
Mathcad 14 install program -> C:\Documents and Settings\Sebastian\Desktop\Mathcad 14 install program -> [2010-05-04 09:55:53 | 000,000,000 | ---D | C]
Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2010-04-23 17:07:17 | 000,000,000 | ---D | C]
NortonInstaller -> C:\Program Files\NortonInstaller -> [2010-04-23 17:07:14 | 000,000,000 | ---D | C]
NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2010-04-23 17:07:14 | 000,000,000 | ---D | C]
mobil -> C:\Documents and Settings\Sebastian\My Documents\mobil -> [2010-04-23 12:23:09 | 000,000,000 | ---D | C]
TVU Networks -> C:\Documents and Settings\All Users\Application Data\TVU Networks -> [2010-04-14 20:59:49 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010-03-23 21:58:36 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\Sebastian\Application Data\SUPERAntiSpyware.com -> [2010-03-23 21:58:23 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010-03-23 21:58:23 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2010-03-23 21:57:30 | 000,000,000 | ---D | C]
Mobilt Bredbånd -> C:\Program Files\Mobilt Bredbånd -> [2010-03-22 10:34:25 | 000,000,000 | ---D | C]
Birdstep Technology -> C:\Documents and Settings\Sebastian\Application Data\Birdstep Technology -> [2010-03-21 14:35:15 | 000,000,000 | ---D | C]
Birdstep Technology -> C:\Documents and Settings\All Users\Application Data\Birdstep Technology -> [2010-03-21 14:30:40 | 000,000,000 | ---D | C]
Huawei Modems -> C:\Program Files\Huawei Modems -> [2010-03-21 14:29:33 | 000,000,000 | ---D | C]
Connect it -> C:\Program Files\Connect it -> [2010-03-21 14:28:47 | 000,000,000 | ---D | C]
Pocket Tanks Deluxe -> C:\Program Files\Pocket Tanks Deluxe -> [2010-03-19 10:05:09 | 000,000,000 | ---D | C]
musica -> C:\Documents and Settings\Sebastian\Desktop\musica -> [2010-03-19 09:47:26 | 000,000,000 | ---D | C]
pcouffin.sys -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.sys -> [2010-03-18 21:51:11 | 000,047,360 | ---- | C] (VSO Software)
Vso -> C:\Documents and Settings\Sebastian\Application Data\Vso -> [2010-03-18 21:51:10 | 000,000,000 | ---D | C]
PcSetup -> C:\Documents and Settings\Sebastian\My Documents\PcSetup -> [2010-03-18 21:51:10 | 000,000,000 | ---D | C]
VSO -> C:\Program Files\VSO -> [2010-03-18 21:50:57 | 000,000,000 | ---D | C]
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 90 Days]
cc_20100613_175235.reg -> C:\Documents and Settings\Sebastian\My Documents\cc_20100613_175235.reg -> [2010-06-13 17:52:41 | 000,298,996 | ---- | M] ()
cc_20100613_173821.reg -> C:\Documents and Settings\Sebastian\My Documents\cc_20100613_173821.reg -> [2010-06-13 17:38:28 | 000,000,082 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010-06-13 17:26:00 | 000,000,920 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1078081533-484763869-839522115-1009UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484763869-839522115-1009UA.job -> [2010-06-13 17:05:00 | 000,001,028 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010-06-13 14:52:03 | 000,013,646 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010-06-13 14:51:00 | 000,000,916 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010-06-13 14:50:27 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010-06-13 14:50:09 | 000,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Sebastian\NTUSER.DAT -> [2010-06-13 14:49:06 | 013,369,344 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Sebastian\ntuser.ini -> [2010-06-13 14:48:57 | 000,000,178 | -HS- | M] ()
eurofins arbejde løn (timer).xls -> C:\Documents and Settings\Sebastian\My Documents\eurofins arbejde løn (timer).xls -> [2010-06-13 01:24:37 | 000,027,136 | ---- | M] ()
HiJackThis.lnk -> C:\Documents and Settings\Sebastian\Desktop\HiJackThis.lnk -> [2010-06-13 00:36:59 | 000,001,992 | ---- | M] ()
Norton Security Scan for Sebastian.job -> C:\WINDOWS\tasks\Norton Security Scan for Sebastian.job -> [2010-06-12 21:54:31 | 000,000,566 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-1078081533-484763869-839522115-1009Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484763869-839522115-1009Core.job -> [2010-06-12 14:05:01 | 000,000,976 | ---- | M] ()
MNKSGRD.INI -> C:\WINDOWS\MNKSGRD.INI -> [2010-06-08 00:47:09 | 000,000,242 | ---- | M] ()
NetWare.INI -> C:\WINDOWS\NetWare.INI -> [2010-06-08 00:47:05 | 000,000,011 | ---- | M] ()
Arbejde eurofins.docx -> C:\Documents and Settings\Sebastian\My Documents\Arbejde eurofins.docx -> [2010-06-07 20:40:56 | 000,010,888 | ---- | M] ()
defrag.job -> C:\WINDOWS\tasks\defrag.job -> [2010-06-07 19:41:16 | 000,000,270 | ---- | M] ()
engelsk mundtlig.docx -> C:\Documents and Settings\Sebastian\My Documents\engelsk mundtlig.docx -> [2010-06-06 16:43:36 | 000,015,657 | ---- | M] ()
Dansk Ra1.docx -> C:\Documents and Settings\Sebastian\My Documents\Dansk Ra1.docx -> [2010-06-04 11:46:24 | 000,014,293 | ---- | M] ()
Dansk rap.docx -> C:\Documents and Settings\Sebastian\My Documents\Dansk rap.docx -> [2010-06-04 11:30:08 | 000,104,054 | ---- | M] ()
rap.docx -> C:\Documents and Settings\Sebastian\Desktop\rap.docx -> [2010-06-04 02:22:40 | 000,015,587 | ---- | M] ()
avast! Free Antivirus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk -> [2010-06-02 23:09:07 | 000,001,700 | ---- | M] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010-06-02 23:09:05 | 000,002,626 | ---- | M] ()
sebastian EF tur.xlsx -> C:\Documents and Settings\Sebastian\My Documents\sebastian EF tur.xlsx -> [2010-06-02 16:49:47 | 000,008,815 | ---- | M] ()
Dansk rap.omp -> C:\Documents and Settings\Sebastian\Desktop\Dansk rap.omp -> [2010-06-02 00:52:47 | 000,024,566 | ---- | M] ()
Dansk rap2.doc -> C:\Documents and Settings\Sebastian\My Documents\Dansk rap2.doc -> [2010-06-01 01:04:35 | 000,053,887 | ---- | M] ()
Dansk rap.doc -> C:\Documents and Settings\Sebastian\Desktop\Dansk rap.doc -> [2010-05-31 18:11:59 | 000,042,912 | ---- | M] ()
hiphop1.gif -> C:\Documents and Settings\Sebastian\Desktop\hiphop1.gif -> [2010-05-31 15:13:21 | 000,018,508 | ---- | M] ()
Der Teufel mit den drei goldenen Haaren.docx -> C:\Documents and Settings\Sebastian\Desktop\Der Teufel mit den drei goldenen Haaren.docx -> [2010-05-29 15:54:52 | 000,015,509 | ---- | M] ()
Die sechs Schwäne.docx -> C:\Documents and Settings\Sebastian\Desktop\Die sechs Schwäne.docx -> [2010-05-29 15:14:19 | 000,013,417 | ---- | M] ()
Der Froschkönig oder der eiserne Heinrich.docx -> C:\Documents and Settings\Sebastian\Desktop\Der Froschkönig oder der eiserne Heinrich.docx -> [2010-05-29 15:08:26 | 000,013,308 | ---- | M] ()
t1io.1 -> C:\t1io.1 -> [2010-05-28 11:30:48 | 000,000,000 | ---- | M] ()
setup_9.0.0.722_23.05.2010_21-29.lnk -> C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\setup_9.0.0.722_23.05.2010_21-29.lnk -> [2010-05-23 21:05:32 | 000,002,246 | ---- | M] ()
billy elliot - samfundsklasser.docx -> C:\Documents and Settings\Sebastian\My Documents\billy elliot - samfundsklasser.docx -> [2010-05-19 08:32:14 | 000,013,729 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010-05-19 08:14:09 | 000,000,284 | ---- | M] ()
samfundsfag - læserbrev - Der var engang et yndigt land.docx -> C:\Documents and Settings\Sebastian\My Documents\samfundsfag - læserbrev - Der var engang et yndigt land.docx -> [2010-05-18 23:36:49 | 000,017,470 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010-05-18 09:39:09 | 000,006,656 | ---- | M] ()
eksamen.docx -> C:\Documents and Settings\Sebastian\My Documents\eksamen.docx -> [2010-05-17 11:12:23 | 000,019,786 | ---- | M] ()
Norton Security Scan.lnk -> C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk -> [2010-05-12 18:01:43 | 000,001,172 | ---- | M] ()
isolate.ini -> C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini -> [2010-05-12 18:01:36 | 000,000,172 | ---- | M] ()
Two Kinds sebastian.docx -> C:\Documents and Settings\Sebastian\My Documents\Two Kinds sebastian.docx -> [2010-05-10 00:05:09 | 000,018,254 | ---- | M] ()
avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010-05-06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software)
aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010-05-06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software)
aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software)
aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software)
aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software)
aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software)
aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010-05-06 22:33:55 | 000,094,800 | ---- | M] (ALWIL Software)
aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software)
aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software)
IconCache.db -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\IconCache.db -> [2010-05-06 11:13:48 | 001,576,872 | -H-- | M] ()
virtuel modul 5 maj fysik.docx -> C:\Documents and Settings\Sebastian\My Documents\virtuel modul 5 maj fysik.docx -> [2010-05-04 23:19:39 | 000,013,662 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010-05-04 11:45:49 | 000,335,464 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010-05-04 10:08:55 | 000,099,504 | ---- | M] ()
Samfundsfagsaflevering 4.docx -> C:\Documents and Settings\Sebastian\My Documents\Samfundsfagsaflevering 4.docx -> [2010-05-04 01:36:30 | 000,021,717 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
mobil.docx -> C:\Documents and Settings\Sebastian\My Documents\mobil.docx -> [2010-04-23 23:42:13 | 000,011,024 | ---- | M] ()
htc desire tak for din ordre.docx -> C:\Documents and Settings\Sebastian\My Documents\htc desire tak for din ordre.docx -> [2010-04-21 14:34:06 | 000,068,447 | ---- | M] ()
t1cs.1 -> C:\t1cs.1 -> [2010-04-20 07:52:16 | 000,000,000 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010-03-29 09:01:21 | 000,464,966 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010-03-29 09:01:21 | 000,079,234 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010-03-29 09:01:20 | 000,554,670 | ---- | M] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010-03-23 21:58:29 | 000,000,780 | ---- | M] ()
Connect it.lnk -> C:\Documents and Settings\All Users\Desktop\Connect it.lnk -> [2010-03-21 14:43:13 | 000,001,686 | ---- | M] ()
Opdateringsagent.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Opdateringsagent.lnk -> [2010-03-21 14:43:12 | 000,000,591 | ---- | M] ()
Huawei ModemsUninstall.exe -> C:\WINDOWS\Huawei ModemsUninstall.exe -> [2010-03-21 14:41:26 | 000,071,279 | ---- | M] ()
Pocket Tanks Deluxe.lnk -> C:\Documents and Settings\All Users\Desktop\Pocket Tanks Deluxe.lnk -> [2010-03-19 10:05:26 | 000,000,759 | ---- | M] ()
inst.exe -> C:\Documents and Settings\Sebastian\Application Data\inst.exe -> [2010-03-18 21:56:18 | 000,087,608 | ---- | M] ()
pcouffin.sys -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.sys -> [2010-03-18 21:56:18 | 000,047,360 | ---- | M] (VSO Software)
pcouffin.cat -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.cat -> [2010-03-18 21:56:18 | 000,007,887 | ---- | M] ()
pcouffin.inf -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.inf -> [2010-03-18 21:56:18 | 000,001,144 | ---- | M] ()
vso_ts_preview.xml -> C:\Documents and Settings\Sebastian\Application Data\vso_ts_preview.xml -> [2010-03-18 21:55:51 | 000,001,057 | ---- | M] ()
8 C:\Documents and Settings\Sebastian\Local Settings\Temp\Google Toolbar\*.tmp files -> C:\Documents and Settings\Sebastian\Local Settings\Temp\Google Toolbar\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
11040 C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp ->
11040 C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp ->
11040 C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp ->
11040 C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Sebastian\Local Settings\Temp\*.tmp ->

[Files - No Company Name]
cc_20100613_175235.reg -> C:\Documents and Settings\Sebastian\My Documents\cc_20100613_175235.reg -> [2010-06-13 17:52:37 | 000,298,996 | ---- | C] ()
cc_20100613_173821.reg -> C:\Documents and Settings\Sebastian\My Documents\cc_20100613_173821.reg -> [2010-06-13 17:38:28 | 000,000,082 | ---- | C] ()
HiJackThis.lnk -> C:\Documents and Settings\Sebastian\Desktop\HiJackThis.lnk -> [2010-06-13 00:36:59 | 000,001,992 | ---- | C] ()
engelsk mundtlig.docx -> C:\Documents and Settings\Sebastian\My Documents\engelsk mundtlig.docx -> [2010-06-06 16:43:34 | 000,015,657 | ---- | C] ()
Dansk Ra1.docx -> C:\Documents and Settings\Sebastian\My Documents\Dansk Ra1.docx -> [2010-06-04 11:46:23 | 000,014,293 | ---- | C] ()
Dansk rap.docx -> C:\Documents and Settings\Sebastian\My Documents\Dansk rap.docx -> [2010-06-04 11:05:33 | 000,104,054 | ---- | C] ()
avast! Free Antivirus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk -> [2010-06-02 23:09:07 | 000,001,700 | ---- | C] ()
Dansk rap.omp -> C:\Documents and Settings\Sebastian\Desktop\Dansk rap.omp -> [2010-06-01 22:49:54 | 000,024,566 | ---- | C] ()
Dansk rap2.doc -> C:\Documents and Settings\Sebastian\My Documents\Dansk rap2.doc -> [2010-06-01 01:04:28 | 000,053,887 | ---- | C] ()
Dansk rap.doc -> C:\Documents and Settings\Sebastian\Desktop\Dansk rap.doc -> [2010-05-31 17:59:34 | 000,042,912 | ---- | C] ()
hiphop1.gif -> C:\Documents and Settings\Sebastian\Desktop\hiphop1.gif -> [2010-05-31 15:13:21 | 000,018,508 | ---- | C] ()
rap.docx -> C:\Documents and Settings\Sebastian\Desktop\rap.docx -> [2010-05-29 16:48:53 | 000,015,587 | ---- | C] ()
Der Teufel mit den drei goldenen Haaren.docx -> C:\Documents and Settings\Sebastian\Desktop\Der Teufel mit den drei goldenen Haaren.docx -> [2010-05-29 15:54:52 | 000,015,509 | ---- | C] ()
Die sechs Schwäne.docx -> C:\Documents and Settings\Sebastian\Desktop\Die sechs Schwäne.docx -> [2010-05-29 15:14:18 | 000,013,417 | ---- | C] ()
Der Froschkönig oder der eiserne Heinrich.docx -> C:\Documents and Settings\Sebastian\Desktop\Der Froschkönig oder der eiserne Heinrich.docx -> [2010-05-29 15:08:26 | 000,013,308 | ---- | C] ()
t1io.1 -> C:\t1io.1 -> [2010-05-28 11:30:48 | 000,000,000 | ---- | C] ()
eurofins arbejde løn (timer).xls -> C:\Documents and Settings\Sebastian\My Documents\eurofins arbejde løn (timer).xls -> [2010-05-26 21:20:49 | 000,027,136 | ---- | C] ()
sebastian EF tur.xlsx -> C:\Documents and Settings\Sebastian\My Documents\sebastian EF tur.xlsx -> [2010-05-25 21:19:14 | 000,008,815 | ---- | C] ()
setup_9.0.0.722_23.05.2010_21-29.lnk -> C:\Documents and Settings\Sebastian\Start Menu\Programs\Startup\setup_9.0.0.722_23.05.2010_21-29.lnk -> [2010-05-23 21:05:32 | 000,002,246 | ---- | C] ()
Øvelse i Es.doc -> C:\Documents and Settings\Sebastian\My Documents\Øvelse i Es.doc -> [2010-05-19 09:34:34 | 000,090,112 | ---- | C] ()
billy elliot - samfundsklasser.docx -> C:\Documents and Settings\Sebastian\My Documents\billy elliot - samfundsklasser.docx -> [2010-05-19 08:32:14 | 000,013,729 | ---- | C] ()
samfundsfag - læserbrev - Der var engang et yndigt land.docx -> C:\Documents and Settings\Sebastian\My Documents\samfundsfag - læserbrev - Der var engang et yndigt land.docx -> [2010-05-18 23:35:59 | 000,017,470 | ---- | C] ()
Arbejde eurofins.docx -> C:\Documents and Settings\Sebastian\My Documents\Arbejde eurofins.docx -> [2010-05-17 17:23:35 | 000,010,888 | ---- | C] ()
eksamen.docx -> C:\Documents and Settings\Sebastian\My Documents\eksamen.docx -> [2010-05-17 09:00:44 | 000,019,786 | ---- | C] ()
isolate.ini -> C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini -> [2010-05-12 18:01:36 | 000,000,172 | ---- | C] ()
Two Kinds sebastian.docx -> C:\Documents and Settings\Sebastian\My Documents\Two Kinds sebastian.docx -> [2010-05-09 22:19:05 | 000,018,254 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\IconCache.db -> [2010-05-06 11:13:48 | 001,576,872 | -H-- | C] ()
virtuel modul 5 maj fysik.docx -> C:\Documents and Settings\Sebastian\My Documents\virtuel modul 5 maj fysik.docx -> [2010-05-04 23:19:38 | 000,013,662 | ---- | C] ()
Samfundsfagsaflevering 4.docx -> C:\Documents and Settings\Sebastian\My Documents\Samfundsfagsaflevering 4.docx -> [2010-05-03 00:16:24 | 000,021,717 | ---- | C] ()
Norton Security Scan for Sebastian.job -> C:\WINDOWS\tasks\Norton Security Scan for Sebastian.job -> [2010-04-23 17:07:22 | 000,000,566 | -H-- | C] ()
Norton Security Scan.lnk -> C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk -> [2010-04-23 17:07:20 | 000,001,172 | ---- | C] ()
mobil.docx -> C:\Documents and Settings\Sebastian\My Documents\mobil.docx -> [2010-04-23 11:56:46 | 000,011,024 | ---- | C] ()
htc desire tak for din ordre.docx -> C:\Documents and Settings\Sebastian\My Documents\htc desire tak for din ordre.docx -> [2010-04-21 14:34:05 | 000,068,447 | ---- | C] ()
t1cs.1 -> C:\t1cs.1 -> [2010-04-20 07:52:16 | 000,000,000 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Sebastian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010-03-25 15:15:07 | 000,006,656 | ---- | C] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010-03-23 21:58:29 | 000,000,780 | ---- | C] ()
Connect it.lnk -> C:\Documents and Settings\All Users\Desktop\Connect it.lnk -> [2010-03-21 14:30:28 | 000,001,686 | ---- | C] ()
Opdateringsagent.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Opdateringsagent.lnk -> [2010-03-21 14:30:28 | 000,000,591 | ---- | C] ()
Huawei ModemsUninstall.exe -> C:\WINDOWS\Huawei ModemsUninstall.exe -> [2010-03-21 14:29:33 | 000,071,279 | ---- | C] ()
mdvrmng.sys -> C:\WINDOWS\System32\drivers\mdvrmng.sys -> [2010-03-21 14:29:30 | 000,010,240 | ---- | C] ()
Pocket Tanks Deluxe.lnk -> C:\Documents and Settings\All Users\Desktop\Pocket Tanks Deluxe.lnk -> [2010-03-19 10:05:26 | 000,000,759 | ---- | C] ()
vso_ts_preview.xml -> C:\Documents and Settings\Sebastian\Application Data\vso_ts_preview.xml -> [2010-03-18 21:52:09 | 000,001,057 | ---- | C] ()
pcouffin.log -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.log -> [2010-03-18 21:51:29 | 000,000,033 | ---- | C] ()
inst.exe -> C:\Documents and Settings\Sebastian\Application Data\inst.exe -> [2010-03-18 21:51:11 | 000,087,608 | ---- | C] ()
pcouffin.cat -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.cat -> [2010-03-18 21:51:11 | 000,007,887 | ---- | C] ()
pcouffin.inf -> C:\Documents and Settings\Sebastian\Application Data\pcouffin.inf -> [2010-03-18 21:51:11 | 000,001,144 | ---- | C] ()
MNKSGRD.INI -> C:\WINDOWS\MNKSGRD.INI -> [2009-12-08 22:55:04 | 000,000,242 | ---- | C] ()
Munks_cd.dll -> C:\WINDOWS\System32\Munks_cd.dll -> [2009-12-08 22:54:54 | 000,525,716 | ---- | C] ()
C4dll.dll -> C:\WINDOWS\System32\C4dll.dll -> [2009-12-08 22:54:54 | 000,516,864 | ---- | C] ()
TEXTware.ini -> C:\WINDOWS\TEXTware.ini -> [2009-10-29 11:07:32 | 000,000,301 | ---- | C] ()
Twavbx32.dll -> C:\WINDOWS\System32\Twavbx32.dll -> [2009-10-29 11:07:20 | 000,147,456 | ---- | C] ()
ILXTBS.DLL -> C:\WINDOWS\System32\ILXTBS.DLL -> [2009-10-29 11:07:20 | 000,143,360 | ---- | C] ()
UnzDll.dll -> C:\WINDOWS\System32\UnzDll.dll -> [2009-10-29 11:07:20 | 000,115,200 | ---- | C] ()
Twasbb01.dll -> C:\WINDOWS\System32\Twasbb01.dll -> [2009-10-29 11:07:20 | 000,102,400 | ---- | C] ()
TWAIED02.DLL -> C:\WINDOWS\System32\TWAIED02.DLL -> [2009-10-29 11:07:20 | 000,018,432 | ---- | C] ()
TWASFI.DLL -> C:\WINDOWS\System32\TWASFI.DLL -> [2009-10-29 11:07:20 | 000,009,216 | ---- | C] ()
IllViSup.dll -> C:\WINDOWS\System32\IllViSup.dll -> [2009-10-29 11:07:19 | 000,322,048 | ---- | C] ()
ILXTBL.DLL -> C:\WINDOWS\System32\ILXTBL.DLL -> [2009-10-29 11:07:19 | 000,143,360 | ---- | C] ()
ILXIMC.DLL -> C:\WINDOWS\System32\ILXIMC.DLL -> [2009-10-29 11:07:19 | 000,143,360 | ---- | C] ()
OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009-08-03 15:07:42 | 000,403,816 | ---- | C] ()
ActiveSkin.INI -> C:\WINDOWS\ActiveSkin.INI -> [2009-06-05 22:42:24 | 000,000,112 | ---- | C] ()
igfxCoIn_v4864.dll -> C:\WINDOWS\System32\igfxCoIn_v4864.dll -> [2008-07-25 09:57:03 | 000,147,456 | ---- | C] ()
CSGina.dll -> C:\WINDOWS\System32\CSGina.dll -> [2008-07-25 09:34:46 | 000,189,440 | ---- | C] ()
pdfcmnnt.dll -> C:\WINDOWS\System32\pdfcmnnt.dll -> [2008-07-25 09:32:44 | 000,116,224 | ---- | C] ()
NetWare.INI -> C:\WINDOWS\NetWare.INI -> [2008-07-25 09:21:10 | 000,000,011 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008-07-25 09:06:22 | 000,001,132 | ---- | C] ()
GAMSWrap.dll -> C:\WINDOWS\System32\GAMSWrap.dll -> [2008-07-24 14:41:16 | 000,114,688 | ---- | C] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007-09-27 10:51:02 | 000,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007-09-27 10:48:48 | 000,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007-09-27 10:48:28 | 000,031,698 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006-06-29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006-06-29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006-04-18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006-04-18 15:39:28 | 000,026,040 | ---- | C] ()
lgnwnt32.dll -> C:\WINDOWS\System32\lgnwnt32.dll -> [2004-06-09 14:46:08 | 000,216,064 | ---- | C] ()
nwshlxnt.dll -> C:\WINDOWS\System32\nwshlxnt.dll -> [2004-06-02 09:21:26 | 000,245,843 | ---- | C] ()
setupw2k.dll -> C:\WINDOWS\System32\setupw2k.dll -> [2003-07-28 18:04:22 | 000,065,619 | ---- | C] ()
asutl8.dll -> C:\WINDOWS\System32\asutl8.dll -> [2002-06-06 02:01:58 | 000,029,696 | ---- | C] ()
wmntapi.dll -> C:\WINDOWS\System32\wmntapi.dll -> [2001-10-23 09:36:04 | 000,012,112 | ---- | C] ()
nwslog32.dll -> C:\WINDOWS\System32\nwslog32.dll -> [2001-10-04 14:40:54 | 000,040,960 | ---- | C] ()
wmrasm.dll -> C:\WINDOWS\System32\wmrasm.dll -> [2001-07-18 09:36:46 | 000,015,840 | ---- | C] ()
lgncon32.dll -> C:\WINDOWS\System32\lgncon32.dll -> [2000-01-20 09:15:14 | 000,051,200 | ---- | C] ()
oraodbc.ini -> C:\WINDOWS\oraodbc.ini -> [1999-07-30 09:24:34 | 000,000,218 | ---- | C] ()
rdrstats.ini -> C:\WINDOWS\System32\rdrstats.ini -> [1999-01-11 04:37:36 | 000,002,757 | ---- | C] ()
prtwin32.dll -> C:\WINDOWS\System32\prtwin32.dll -> [1996-05-14 09:50:22 | 000,192,512 | ---- | C] ()
nwpsrv32.dll -> C:\WINDOWS\System32\nwpsrv32.dll -> [1995-08-22 08:36:12 | 000,192,512 | ---- | C] ()

[File - Lop Check]
Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010-06-02 23:08:29 | 000,000,000 | ---D | M]
Birdstep Technology -> C:\Documents and Settings\All Users\Application Data\Birdstep Technology -> [2010-03-21 14:38:06 | 000,000,000 | ---D | M]
CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2010-01-10 11:57:40 | 000,000,000 | -H-D | M]
CanonIJScan -> C:\Documents and Settings\All Users\Application Data\CanonIJScan -> [2010-06-03 23:17:36 | 000,000,000 | -H-D | M]
DAEMON Tools Pro -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro -> [2010-01-07 12:47:42 | 000,000,000 | ---D | M]
LANDesk -> C:\Documents and Settings\All Users\Application Data\LANDesk -> [2008-07-24 16:01:54 | 000,000,000 | ---D | M]
Lotus -> C:\Documents and Settings\All Users\Application Data\Lotus -> [2008-07-25 08:59:10 | 000,000,000 | ---D | M]
PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009-10-05 14:28:54 | 000,000,000 | ---D | M]
Sports Interactive -> C:\Documents and Settings\All Users\Application Data\Sports Interactive -> [2010-01-05 18:31:38 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009-12-27 17:50:19 | 000,000,000 | ---D | M]
vulScan -> C:\Documents and Settings\All Users\Application Data\vulScan -> [2010-06-13 16:52:43 | 000,000,000 | ---D | M]
{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} -> C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} -> [2009-11-02 21:41:13 | 000,000,000 | -H-D | M]
Anvil Studio -> C:\Documents and Settings\Sebastian\Application Data\Anvil Studio -> [2009-10-24 23:22:22 | 000,000,000 | ---D | M]
Birdstep Technology -> C:\Documents and Settings\Sebastian\Application Data\Birdstep Technology -> [2010-03-21 14:35:15 | 000,000,000 | ---D | M]
Canon -> C:\Documents and Settings\Sebastian\Application Data\Canon -> [2010-06-03 23:17:36 | 000,000,000 | ---D | M]
CoSoSys -> C:\Documents and Settings\Sebastian\Application Data\CoSoSys -> [2008-12-11 18:31:02 | 000,000,000 | ---D | M]
DAEMON Tools Pro -> C:\Documents and Settings\Sebastian\Application Data\DAEMON Tools Pro -> [2010-01-07 12:52:29 | 000,000,000 | ---D | M]
Design Science -> C:\Documents and Settings\Sebastian\Application Data\Design Science -> [2009-08-30 16:55:45 | 000,000,000 | ---D | M]
DMCache -> C:\Documents and Settings\Sebastian\Application Data\DMCache -> [2010-06-13 14:51:27 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\Sebastian\Application Data\GetRightToGo -> [2009-09-23 19:35:24 | 000,000,000 | ---D | M]
Gyldendal -> C:\Documents and Settings\Sebastian\Application Data\Gyldendal -> [2009-10-29 11:08:17 | 000,000,000 | ---D | M]
IDM -> C:\Documents and Settings\Sebastian\Application Data\IDM -> [2010-03-08 16:27:24 | 000,000,000 | ---D | M]
MatchWare -> C:\Documents and Settings\Sebastian\Application Data\MatchWare -> [2008-12-06 19:22:18 | 000,000,000 | ---D | M]
Mathsoft -> C:\Documents and Settings\Sebastian\Application Data\Mathsoft -> [2010-05-04 10:04:00 | 000,000,000 | ---D | M]
Publish Providers -> C:\Documents and Settings\Sebastian\Application Data\Publish Providers -> [2009-09-30 00:52:25 | 000,000,000 | ---D | M]
Sony -> C:\Documents and Settings\Sebastian\Application Data\Sony -> [2009-09-30 00:51:51 | 000,000,000 | ---D | M]
Sports Interactive -> C:\Documents and Settings\Sebastian\Application Data\Sports Interactive -> [2010-03-20 18:07:40 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Sebastian\Application Data\Stardock -> [2009-11-02 21:41:23 | 000,000,000 | ---D | M]
TeamViewer -> C:\Documents and Settings\Sebastian\Application Data\TeamViewer -> [2009-12-09 23:38:48 | 000,000,000 | ---D | M]
TEXTware -> C:\Documents and Settings\Sebastian\Application Data\TEXTware -> [2009-10-29 11:07:42 | 000,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Sebastian\Application Data\uTorrent -> [2010-01-06 22:00:50 | 000,000,000 | ---D | M]
Vso -> C:\Documents and Settings\Sebastian\Application Data\Vso -> [2010-03-18 21:56:19 | 000,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\Sebastian\Application Data\Windows Desktop Search -> [2008-07-30 18:13:43 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\Sebastian\Application Data\Windows Search -> [2008-09-23 20:03:49 | 000,000,000 | ---D | M]
XnView -> C:\Documents and Settings\Sebastian\Application Data\XnView -> [2009-10-03 21:48:05 | 000,000,000 | ---D | M]
defrag.job -> C:\WINDOWS\Tasks\defrag.job -> [2010-06-07 19:41:16 | 000,000,270 | ---- | M] ()

[File - Purity Scan]


[Alternate Data Streams]
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0
@Alternate Data Stream - 388061 bytes -> C:\WINDOWS\Temp:temp
< End of report >
[/code]
Avatar billede f-arn Guru
14. juni 2010 - 00:00 #16
Start OTS og kopier følgende ind i vinduet "Paste Fix Here".

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (WinVNC4) VNC Server Version 4 [Auto | Running] -> C:\Program Files\RealVNC\VNC4\WinVNC4.exe
[Driver Services - Safe List]
YY -> (02401412) 02401412 Boot Guard Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\02401412.sys
YY -> (setup_9.0.0.722_23.05.2010_21-29drv) setup_9.0.0.722_23.05.2010_21-29drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\0240141.sys
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
YN -> comfile [open] -> "%1" %*
YN -> exefile [open] -> "%1" %*
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
YN -> .com [@ = comfile] -> "%1" %*
YN -> .exe [@ = exefile] -> "%1" %*
[File - Lop Check]
NY -> uTorrent -> C:\Documents and Settings\Sebastian\Application Data\uTorrent
[Alternate Data Streams]
NY -> @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0
NY -> @Alternate Data Stream - 388061 bytes -> C:\WINDOWS\Temp:temp
[Empty Temp Folders]
[Start Explorer]
[Reboot]


Klik på "Run Fix" Computeren vil nu genstarte og åbne en log.
Indholdet af den må du gerne kopiere herind.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste svar sammen med en ny HijackThis log.
Avatar billede f-arn Guru
14. juni 2010 - 00:02 #17
Jeg lagde iøvrigt mærke til at der stadig var en masse Avast.
Avatar billede Olguin Nybegynder
14. juni 2010 - 01:11 #18
Log efter at have kørt OTS påny:


All Processes Killed
No active process named Explorer.EXE was found!
[Win32 Services - Safe List]
Service WinVNC4 stopped successfully!
Service WinVNC4 deleted successfully!
C:\Program Files\RealVNC\VNC4\WinVNC4.exe moved successfully.
[Driver Services - Safe List]
Error: Unable to stop service 02401412!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\02401412 deleted successfully.
C:\WINDOWS\system32\DRIVERS\02401412.sys moved successfully.
Error: Unable to stop service setup_9.0.0.722_23.05.2010_21-29drv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\setup_9.0.0.722_23.05.2010_21-29drv deleted successfully.
C:\WINDOWS\system32\drivers\0240141.sys moved successfully.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\software\classes\.com\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\software\classes\.exe\\'' updated successfully.
[File - Lop Check]
C:\Documents and Settings\Sebastian\Application Data\uTorrent folder moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0 deleted successfully.
ADS C:\WINDOWS\Temp:temp deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: edbmand
->Temp folder emptied: 23503449 bytes
->Temporary Internet Files folder emptied: 2223504 bytes

User: LKL
->Temp folder emptied: 68973682 bytes
->Temporary Internet Files folder emptied: 1931256 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 415784790 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Sebastian
->Temp folder emptied: 862055091 bytes
->Temporary Internet Files folder emptied: 15264658 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 270018983 bytes
->Flash cache emptied: 52821 bytes

User: SES
->Temp folder emptied: 3419077 bytes
->Temporary Internet Files folder emptied: 5025766 bytes
->Flash cache emptied: 4529 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 334353 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56352829 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10452868 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 34781083 bytes

Total Files Cleaned = 1.691,00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.31.2 fix logfile created on 06142010_000825

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

_______________________

Jeg er nu igang med at køre en online scanning med ESET Online Scanner som du skrev. Det tager dog lidt tid som du nævner, så derfor kommer loggen fra den og HiJackThis senere når det hele er gennemført.

Det skal dog nævnes at inden den online scanning, har jeg slettet Avast og (de få stykker?) af KasperSky som lå tilbage på pc'en. Dog havde jeg som tidligere nævnt, ikke mulighed for at slå Symantec fra, men der står den er "Out Of Date", så det kan være den automatisk er slået fra på den måde så.
Avatar billede Olguin Nybegynder
14. juni 2010 - 02:28 #19
Log fra ESET Online Scanner:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=87e4e5fd5255d34b9a5a628c0ac0d3c1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-14 12:22:24
# local_time=2010-06-14 02:22:24 (+0100, Romance Daylight Time)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 87009 87009 0 0
# compatibility_mode=768 16777215 100 0 956317 956317 0 0
# compatibility_mode=8192 67108863 100 0 276 276 0 0
# scanned=87526
# found=0
# cleaned=0
# scan_time=5718

_______________________

samt ny HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:26:21, on 14-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Connect it\Connect it\AutoUpdateSrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hogisauv.hogym.anet.dk:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sebastian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Copy_all.lnk = Steins_C\Copy_all.bat
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://virtualoffice3.eurofins.dk/NELX.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/tdc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\system32\wm.exe

--
End of file - 15182 bytes
Avatar billede f-arn Guru
14. juni 2010 - 12:49 #20
Start hijackthis, klik på "do a system scan only" og sæt flueben ved følgende.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hogisauv.hogym.anet.dk:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://virtualoffice3.eurofins.dk/NELX.cab

Luk så alle andre vinduer og klik "fix checked"

Genstart.

------

Opdater Malwarebytes, kør "fuld system skan" under fanebladet "skanner"
Kopier loggen herind, og fortæl hvordan PCen kører nu.
Avatar billede Olguin Nybegynder
14. juni 2010 - 15:52 #21
Ny log fra Malwarebytes:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4196

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

14-06-2010 14:45:10
mbam-log-2010-06-14 (14-45-10).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|H:\|)
Objekter skannet: 270778
Tid gået: 1 time(e), 34 minut(ter), 14 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\System Volume Information\_restore{DA6412E5-D647-45FF-B055-047D6FA206D6}\RP462\A0139346.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DA6412E5-D647-45FF-B055-047D6FA206D6}\RP462\A0139347.exe (Trojan.Dropper) -> No action taken.


.........

Ang. hvordan PCen kører nu, mærker jeg ikke de store forskelle. Hastighedsmæssigt var der heller ingen problemer før, så det er nogenlunde stadig på det samme. Jeg får dog ikke nogen pop-up beskeder ang. virus - men det har jeg dog heller ikke gjort de sidste 2-3 dage.
Avatar billede f-arn Guru
14. juni 2010 - 18:07 #22
Du bør deaktivere din systemgendannelse, hvis du ikke ved hvordan, så se her.
http://support.microsoft.com/kb/310405/da

Start OTS, klik "cleanup". Den vil så rydde op efter sig og genstarte.

Aktiver din systemgendannelse igen.
Avatar billede Olguin Nybegynder
16. juni 2010 - 11:50 #23
okay, tak for hjælpen!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 6 I går 19:08 I går 22:39
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 08:14 Ipad - finde billeder i Photo Af nu_igen i Tablet
I går 19:08 Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus
I går 13:18 Gnidret graf Af mort1 i Excel
30/0819:00 Indjejr Af Jubilee i Excel
30/0810:47 pull request Af OBS i C#
White papers
Flere white papers »


Premium
Teaser billede
Fra EU er han den mest magtfulde politiker i it-Danmark: "De første fem år bruger du på at finde ud af, hvor toiletterne er"
Læs mere »
Regeringen har præsenteret sit udspil til finansloven: Her er de vigtigste digitale nedslagspunkter
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Snart vil Microsoft automatisk gemme dine Word-filer i clouden
Se alle »
Computerworld
Teaser billede
Apple klar med nye AirPods Pro 3 om få måneder – fans raser over ny funktion
Læs mere »
Test: Elegant smart-ur proppet med fede funktioner og endda til en pris, der er til at betale
Apples store iPhone-event er lige om hjørnet: Helt ny type af iPhones er i spil
Test: Er man fuldstændig sindssyg, hvis man slipper 33.500 kroner for denne musikafspiller?
Se alle »
CIO
Teaser billede
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Læs mere »
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Her er Danmarks tre bedste CISO'er lige nu: De er med i opløbet om at blive Årets CISO 2025
Microsoft vil nappe kunder fra VMware med nyt gratis værktøj
Se alle »
Job & Karriere
Teaser billede
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Læs mere »
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Se alle »
White paper
Teaser billede
Revolutionér kundeoplevelsen med AI og automatisering
Læs mere »
Cybersikkerhed 2025: Er din branche blandt de mest udsatte?
Specialister med særlige evner: Din skjulte konkurrencefordel
Sådan får du reel værdi ud af Microsoft Copilot
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »