Hmmm det har måske hjulpet… der er ingen popup fra antivirus mere….
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\snrsvuqn
*******************
Script file located at: \??\C:\obgaqshm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\gbnagbn.dll deleted successfully.
File C:\WINDOWS\system32\drivers\qtcnwovc.sys deleted successfully.
File C:\WINDOWS\system32\jcnutyay.exe deleted successfully.
File C:\WINDOWS\system\dtsimg32.dll deleted successfully.
File C:\WINDOWS\system32\myzvhodt.dll deleted successfully.
File C:\WINDOWS\system32\vgtklyfg.dll deleted successfully.
File C:\WINDOWS\system32\dllcache\hwxjpn.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vpjvpjdk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{177B0AA7-47AA-44D5-8B81-4F7DB91E01C9} deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
WinPFind3 logfile created on: 13-03-2007 23:07:35
WinPFind3U by OldTimer - Version 1.0.20 Folder = C:\Documents and Settings\Christian Frost\Skrivebord\WinPFind3\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
523760 Kb Total Physical Memory | 214004 Kb Available Physical Memory | 40,86% Memory free
1279912 Kb Paging File | 989264 Kb Available in Paging File | 77,29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 156280288 Kb Total Space | 7772808 Kb Free Space | 4,97% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
[Processes - Non-Microsoft Only]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5140 | Size = 339968 bytes | Modified Date = 19-01-2005 21:40:00 | Attr = ]
avgas.exe -> %SystemDrive%\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 03-03-2007 19:36:02 | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 139367 bytes | Modified Date = 24-03-2006 18:09:22 | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15-07-2005 22:48:34 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr = ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.exe -> Logitech Inc. [Ver = 3.0.74 | Size = 94208 bytes | Modified Date = 10-05-2006 09:48:08 | Attr = ]
laciebackup.exe -> %ProgramFiles%\LaCie\Backup Software\LaCieBackup.exe -> LaCie Group [Ver = 1.5.2215.17706 | Size = 2633728 bytes | Modified Date = 24-01-2006 09:55:10 | Attr = ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (http://www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15-10-2002 18:00:20 | Attr = ]
mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.00 | Size = 180224 bytes | Modified Date = 19-06-2002 10:50:36 | Attr = ]
osd.exe -> %ProgramFiles%\Netropa\Onscreen Display\osd.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 14-11-2001 04:03:12 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 31-10-2003 19:42:40 | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23-09-2005 22:05:26 | Attr = ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.0.107 | Size = 593920 bytes | Modified Date = 30-06-2006 00:21:40 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 08-03-2007 20:21:22 | Attr = ]
traymon.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\Traymon.exe -> [Ver = | Size = 110592 bytes | Modified Date = 07-08-2002 00:36:16 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.20.0 | Size = 310784 bytes | Modified Date = 04-03-2007 13:21:48 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(AVP) AVP [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 139367 bytes | Modified Date = 24-03-2006 18:09:22 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 04-08-2005 04:10:16 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 26-08-2004 16:49:40 | Attr = ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 26-08-2004 16:49:40 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(KLIF) KLIF [Kernel | On_Demand | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.207 | Size = 162064 bytes | Modified Date = 12-09-2006 13:44:14 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LHidKE) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 27264 bytes | Modified Date = 10-05-2006 09:56:54 | Attr = ]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 3.0.74.00 | Size = 71680 bytes | Modified Date = 10-05-2006 09:56:50 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(rkhdrv31) Rootkit Unhooker Driver [Kernel | Boot | Running] -> %System32%\drivers\rkhdrv31.sys -> [Ver = 3, 2, 120, 0 | Size = 24448 bytes | Modified Date = 13-03-2007 21:26:02 | Attr = H ]
(rtl8139) NT-driver til Realtek RTL8139(A/B/C) PCI Fast Ethernet-netværkskort [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03-08-2004 23:31:34 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 12:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 16:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 08-03-2007 20:21:22 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 17-07-2004 10:36:38 | Attr = ]
(si3112r) Silicon Image SiI 3112 SATARaid Controller [Kernel | Boot | Running] -> %System32%\drivers\si3112r.sys -> Silicon Image, Inc. [Ver = 1, 0, 0, 50 | Size = 97408 bytes | Modified Date = 12-05-2004 15:01:18 | Attr = ]
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %System32%\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.8 | Size = 10240 bytes | Modified Date = 15-10-2003 12:28:16 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SiWinAcc) SiWinAcc [Kernel | Boot | Running] -> %System32%\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.8 | Size = 10240 bytes | Modified Date = 15-10-2003 12:28:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %SystemDrive%\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 03-03-2007 19:36:02 | Attr = ]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15-07-2005 22:48:34 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5140 | Size = 339968 bytes | Modified Date = 19-01-2005 21:40:00 | Attr = ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (http://www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15-10-2002 18:00:20 | Attr = ]
kav -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 139367 bytes | Modified Date = 24-03-2006 18:09:22 | Attr = ]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 3.0.74 | Size = 94208 bytes | Modified Date = 10-05-2006 09:48:08 | Attr = ]
MULTIMEDIA KEYBOARD -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.00 | Size = 180224 bytes | Modified Date = 19-06-2002 10:50:36 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09-07-2001 11:50:42 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 31-10-2003 19:42:40 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LaCie Backup -> %ProgramFiles%\LaCie\Backup Software\LaCieBackup.exe -> LaCie Group [Ver = 1.5.2215.17706 | Size = 2633728 bytes | Modified Date = 24-01-2006 09:55:10 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 08-03-2007 20:21:22 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 98304 bytes | Modified Date = 02-05-2000 01:02:32 | Attr = ]
%AllUsersStartup%\Adobe Reader Hurtigstart.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23-09-2005 22:05:26 | Attr = ]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.0.107 | Size = 593920 bytes | Modified Date = 30-06-2006 00:21:40 | Attr = ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
batfile [open] -> “%1” %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
chm.file [open] -> “%SystemRoot%\hh.exe” %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 27-05-2005 00:22:02 | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
cmdfile [open] -> “%1” %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
comfile [open] -> “%1” %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL “%1”,%* -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8461824 bytes | Modified Date = 01-03-2005 00:12:34 | Attr = ]
exefile [open] -> “%1” %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 284672 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
htafile [open] -> %System32%\mshta.exe “%1” %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
htmlfile [edit] -> “%ProgramFiles%\Microsoft Office\Office10\msohtmed.exe” %1 -> Microsoft Corporation [Ver = 10.0.2609 | Size = 66976 bytes | Modified Date = 13-02-2001 09:59:26 | Attr = ]
htmlfile [open] -> “%ProgramFiles%\Internet Explorer\iexplore.exe” “%1” -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
htmlfile [opennew] -> “%ProgramFiles%\Internet Explorer\iexplore.exe” “%1” -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML “%1” -> Microsoft Corporation [Ver = 6.00.2900.2722 (xpsp_sp2_gdr.050719-1518) | Size = 3012096 bytes | Modified Date = 20-07-2005 04:12:58 | Attr = ]
http [open] -> “%ProgramFiles%\Internet Explorer\iexplore.exe” “%1” -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
https [open] -> “%ProgramFiles%\Internet Explorer\iexplore.exe” -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2713 (xpsp_sp2_gdr.050702-1513) | Size = 1483776 bytes | Modified Date = 03-07-2005 03:16:56 | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML “%1” -> Microsoft Corporation [Ver = 6.00.2900.2722 (xpsp_sp2_gdr.050719-1518) | Size = 3012096 bytes | Modified Date = 20-07-2005 04:12:58 | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
piffile [open] -> “%1” %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
regfile [open] -> regedit.exe “%1” -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
scrfile [config] -> “%1” ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 136192 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
scrfile [open] -> “%1” /S “%3” ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt “%1” “%2” “%3” “%4” -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69632 bytes | Modified Date = 26-08-2004 16:53:54 | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe “%1” %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 26-08-2004 16:53:56 | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8461824 bytes | Modified Date = 01-03-2005 00:12:34 | Attr = ]
Directory [!ezcddaxa] -> “%ProgramFiles%\Easy CD-DA Extractor 9\convert.exe” “%1” -> [Ver = | Size = 4096 bytes | Modified Date = 05-05-2005 16:10:12 | Attr = ]
Directory [!ezcddaxb] -> “%ProgramFiles%\Easy CD-DA Extractor 9\burn.exe” “%1” -> [Ver = | Size = 4096 bytes | Modified Date = 05-05-2005 16:10:12 | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
Directory [Winamp.Bookmark] -> “%ProgramFiles%\Winamp\Winamp.exe” /BOOKMARK “%1” -> Nullsoft [Ver = 5.08e | Size = 980992 bytes | Modified Date = 19-02-2005 19:00:34 | Attr = ]
Directory [Winamp.Enqueue] -> “%ProgramFiles%\Winamp\Winamp.exe” /ADD “%1” -> Nullsoft [Ver = 5.08e | Size = 980992 bytes | Modified Date = 19-02-2005 19:00:34 | Attr = ]
Directory [Winamp.Play] -> “%ProgramFiles%\Winamp\Winamp.exe” “%1” -> Nullsoft [Ver = 5.08e | Size = 980992 bytes | Modified Date = 19-02-2005 19:00:34 | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1033216 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
Applications\iexplore.exe [open] -> “%ProgramFiles%\Internet Explorer\iexplore.exe” -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 26-08-2004 16:53:52 | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> “%programfiles%\internet explorer\iexplore.exe” -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %SystemDrive%\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 12:55:48 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 04-08-2005 04:04:16 | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.dk/ ->
HKCU: SearchAssistant -> http://www.microsoft.com/isapi/redir.dll? ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO’s > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18-12-2006 04:16:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09-11-2006 15:21:52 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09-11-2006 15:21:54 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09-11-2006 15:21:52 | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter; til Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.7.1024 | Size = 387584 bytes | Modified Date = 06-05-2004 12:13:28 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{46E22146-59C0-4136-9233-52E412E2B428} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 9\ezcddax9.dll [EzCddax extension] -> [Ver = | Size = 37888 bytes | Modified Date = 12-12-2005 18:52:40 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll [Web Anti-Virus] -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 184430 bytes | Modified Date = 24-03-2006 18:07:44 | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
{A5110426-177D-4e08-AB3F-785F10B4439C} [HKLM] -> %ProgramFiles%\Sony Ericsson\Mobile\File Manager\fmgrgui.dll [Sony Ericsson File Manager] -> Sony Ericsson Mobile Communications AB [Ver = 1, 1, 15, 0 | Size = 303104 bytes | Modified Date = 21-01-2005 13:28:42 | Attr = R ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 121344 bytes | Modified Date = 26-12-2004 20:34:38 | Attr = ]
{B9B9F083-2B04-452A-8691-83694AC1037B} [HKLM] -> %ProgramFiles%\Logitech\SetPoint\mcplext.dll [Logitech Setpoint Extension] -> Logitech Inc. [Ver = 3.0.107 | Size = 102400 bytes | Modified Date = 30-06-2006 00:42:10 | Attr = ]
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} [HKLM] -> %ProgramFiles%\Logitech\SetPoint\kbcplext.dll [Logitech Setpoint Extension] -> Logitech Inc. [Ver = 3.0.107 | Size = 102400 bytes | Modified Date = 30-06-2006 00:41:52 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\K-Lite Codec Pack\real\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Modified Date = 10-08-2004 09:51:28 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %SystemDrive%\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 03-03-2007 19:35:58 | Attr = ]
{46E22146-59C0-4136-9233-52E412E2B428} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 9\ezcddax9.dll [EzCddax] -> [Ver = | Size = 37888 bytes | Modified Date = 12-12-2005 18:52:40 | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 41067 bytes | Modified Date = 24-03-2006 18:08:16 | Attr = ]
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 05-06-2006 13:06:22 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 26-12-2004 20:34:38 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %SystemDrive%\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 03-03-2007 19:35:58 | Attr = ]
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 05-06-2006 13:06:22 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 26-12-2004 20:34:38 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.0.299 | Size = 41067 bytes | Modified Date = 24-03-2006 18:08:16 | Attr = ]
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 05-06-2006 13:06:22 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 26-12-2004 20:34:38 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 02:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4C52B098-B537-461A-A976-1B05833A64DC} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{B9A5F809-F3FE-4B00-A5BC-30FD8AB9465E} -> (1394-netværkskort) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} -> TDServer Control - CodeBase = http://www.bitstream.com/wfplayer/tdserver.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = ->
[Files - Created Within 30 days]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Created Date = 08-03-2007 20:10:10 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
177B0AA7-47AA-44D5-8B81-4F7DB91E01C9.ini -> %LocalAppData%\177B0AA7-47AA-44D5-8B81-4F7DB91E01C9.ini -> [Ver = | Size = 2808 bytes | Created Date = 03-03-2007 15:48:39 | Attr = ]
Golf 2 GT.doc -> %UserDocuments%\Golf 2 GT.doc -> [Ver = | Size = 20992 bytes | Created Date = 13-02-2007 13:16:31 | Attr = ]
phonocar-Zubehoer-2006.pdf -> %UserDocuments%\phonocar-Zubehoer-2006.pdf -> [Ver = | Size = 4067411 bytes | Created Date = 04-03-2007 18:00:48 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\phonocar-Zubehoer-2006.pdf:Zone.Identifier ->
SUPERAntiSpyware Professional.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Professional.lnk -> [Ver = | Size = 1735 bytes | Created Date = 07-03-2007 17:11:48 | Attr = ]
Audi_lo_res.pdf -> %UserDesktop%\Audi_lo_res.pdf -> [Ver = | Size = 5788011 bytes | Created Date = 28-02-2007 18:01:37 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Audi_lo_res.pdf:Zone.Identifier ->
avenger.exe -> %UserDesktop%\avenger.exe -> [Ver = | Size = 130048 bytes | Created Date = 12-03-2007 12:15:48 | Attr = ]
AVG Anti-Spyware.lnk -> %UserDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 601 bytes | Created Date = 07-03-2007 12:32:38 | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1372 bytes | Created Date = 07-03-2007 12:32:30 | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = 0. 0. 0. 0 | Size = 1109150 bytes | Created Date = 13-03-2007 12:00:55 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5821648 bytes | Created Date = 07-03-2007 17:14:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
DrWeb.csv -> %UserDesktop%\DrWeb.csv -> [Ver = | Size = 405 bytes | Created Date = 08-03-2007 18:38:22 | Attr = ]
Genvej til 1Qa7Idxxp6I4gLf4.exe.lnk -> %UserDesktop%\Genvej til 1Qa7Idxxp6I4gLf4.exe.lnk -> [Ver = | Size = 576 bytes | Created Date = 13-03-2007 21:23:40 | Attr = ]
Genvej til drweb-cureit.exe.lnk -> %UserDesktop%\Genvej til drweb-cureit.exe.lnk -> [Ver = | Size = 524 bytes | Created Date = 08-03-2007 15:18:09 | Attr = ]
Genvej til HijackThis.exe.lnk -> %UserDesktop%\Genvej til HijackThis.exe.lnk -> [Ver = | Size = 491 bytes | Created Date = 08-03-2007 20:50:10 | Attr = ]
Genvej til WinPFind3U.exe.lnk -> %UserDesktop%\Genvej til WinPFind3U.exe.lnk -> [Ver = | Size = 753 bytes | Created Date = 12-03-2007 21:29:15 | Attr = ]
RegSupreme.lnk -> %UserDesktop%\RegSupreme.lnk -> [Ver = | Size = 635 bytes | Created Date = 09-03-2007 20:34:49 | Attr = ]
RegSupreme_setup.exe -> %UserDesktop%\RegSupreme_setup.exe -> [Ver = | Size = 814547 bytes | Created Date = 09-03-2007 20:33:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\RegSupreme_setup.exe:Zone.Identifier ->
rootchk.exe -> %UserDesktop%\rootchk.exe -> [Ver = | Size = 257392 bytes | Created Date = 07-03-2007 12:27:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
SUPERAntiSpywarePro1241.exe -> %UserDesktop%\SUPERAntiSpywarePro1241.exe -> [Ver = | Size = 5693216 bytes | Created Date = 07-03-2007 17:08:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpywarePro1241.exe:Zone.Identifier ->
Virtual DJ.lnk -> %UserDesktop%\Virtual DJ.lnk -> [Ver = | Size = 630 bytes | Created Date = 24-02-2007 13:50:34 | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 08-03-2007 20:48:22 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 03-03-2007 18:31:44 | Attr = ]
rkhdrv31.sys -> %System32%\drivers\rkhdrv31.sys -> [Ver = 3, 2, 120, 0 | Size = 24448 bytes | Created Date = 13-03-2007 21:25:35 | Attr = H ]
[Files - Modified Within 30 days]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Modified Date = 08-03-2007 20:10:12 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
177B0AA7-47AA-44D5-8B81-4F7DB91E01C9.ini -> %LocalAppData%\177B0AA7-47AA-44D5-8B81-4F7DB91E01C9.ini -> [Ver = | Size = 2808 bytes | Modified Date = 13-03-2007 22:05:34 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 245248 bytes | Modified Date = 07-03-2007 21:12:48 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 26976 bytes | Modified Date = 04-03-2007 00:42:04 | Attr = ]
Golf 2 GT.doc -> %UserDocuments%\Golf 2 GT.doc -> [Ver = | Size = 20992 bytes | Modified Date = 14-02-2007 21:24:36 | Attr = ]
Gæsteliste.doc -> %UserDocuments%\Gæsteliste.doc -> [Ver = | Size = 25088 bytes | Modified Date = 01-03-2007 18:08:04 | Attr = ]
Mine delemapper.lnk -> %UserDocuments%\Mine delemapper.lnk -> [Ver = | Size = 617 bytes | Modified Date = 13-03-2007 12:08:18 | Attr = ]
phonocar-Zubehoer-2006.pdf -> %UserDocuments%\phonocar-Zubehoer-2006.pdf -> [Ver = | Size = 4067411 bytes | Modified Date = 04-03-2007 18:00:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\phonocar-Zubehoer-2006.pdf:Zone.Identifier ->
SUPERAntiSpyware Professional.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Professional.lnk -> [Ver = | Size = 1735 bytes | Modified Date = 07-03-2007 17:34:40 | Attr = ]
Audi_lo_res.pdf -> %UserDesktop%\Audi_lo_res.pdf -> [Ver = | Size = 5788011 bytes | Modified Date = 28-02-2007 18:01:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Audi_lo_res.pdf:Zone.Identifier ->
AVG Anti-Spyware.lnk -> %UserDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 601 bytes | Modified Date = 07-03-2007 12:32:40 | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1372 bytes | Modified Date = 07-03-2007 12:32:32 | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = 0. 0. 0. 0 | Size = 1109150 bytes | Modified Date = 13-03-2007 12:01:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5821648 bytes | Modified Date = 07-03-2007 17:14:02 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
DrWeb.csv -> %UserDesktop%\DrWeb.csv -> [Ver = | Size = 405 bytes | Modified Date = 09-03-2007 22:50:14 | Attr = ]
Genvej til 1Qa7Idxxp6I4gLf4.exe.lnk -> %UserDesktop%\Genvej til 1Qa7Idxxp6I4gLf4.exe.lnk -> [Ver = | Size = 576 bytes | Modified Date = 13-03-2007 21:23:42 | Attr = ]
Genvej til drweb-cureit.exe.lnk -> %UserDesktop%\Genvej til drweb-cureit.exe.lnk -> [Ver = | Size = 524 bytes | Modified Date = 08-03-2007 15:18:10 | Attr = ]
Genvej til HijackThis.exe.lnk -> %UserDesktop%\Genvej til HijackThis.exe.lnk -> [Ver = | Size = 491 bytes | Modified Date = 08-03-2007 20:50:12 | Attr = ]
Genvej til WinPFind3U.exe.lnk -> %UserDesktop%\Genvej til WinPFind3U.exe.lnk -> [Ver = | Size = 753 bytes | Modified Date = 12-03-2007 21:29:16 | Attr = ]
RegSupreme.lnk -> %UserDesktop%\RegSupreme.lnk -> [Ver = | Size = 635 bytes | Modified Date = 09-03-2007 20:34:50 | Attr = ]
RegSupreme_setup.exe -> %UserDesktop%\RegSupreme_setup.exe -> [Ver = | Size = 814547 bytes | Modified Date = 09-03-2007 20:34:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\RegSupreme_setup.exe:Zone.Identifier ->
rootchk.exe -> %UserDesktop%\rootchk.exe -> [Ver = | Size = 257392 bytes | Modified Date = 07-03-2007 12:27:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
SUPERAntiSpywarePro1241.exe -> %UserDesktop%\SUPERAntiSpywarePro1241.exe -> [Ver = | Size = 5693216 bytes | Modified Date = 07-03-2007 17:08:40 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpywarePro1241.exe:Zone.Identifier ->
Virtual DJ.lnk -> %UserDesktop%\Virtual DJ.lnk -> [Ver = | Size = 630 bytes | Modified Date = 24-02-2007 13:53:36 | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 08-03-2007 20:48:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
Ønskeseddel.doc -> %UserDesktop%\Ønskeseddel.doc -> [Ver = | Size = 24064 bytes | Modified Date = 22-02-2007 13:44:10 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 13-03-2007 23:05:54 | Attr = S]
CDPLAYER.INI -> %SystemRoot%\CDPLAYER.INI -> [Ver = | Size = 23150 bytes | Modified Date = 12-03-2007 14:18:38 | Attr = ]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Modified Date = 13-03-2007 23:06:18 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 135 bytes | Modified Date = 07-03-2007 21:13:34 | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 04-03-2007 21:34:38 | Attr = ]
wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 568 bytes | Modified Date = 07-03-2007 17:53:04 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 132480 bytes | Modified Date = 03-03-2007 19:29:34 | Attr = ]
perfc006.dat -> %System32%\perfc006.dat -> [Ver = | Size = 62474 bytes | Modified Date = 11-03-2007 21:02:38 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 11-03-2007 21:02:38 | Attr = ]
perfh006.dat -> %System32%\perfh006.dat -> [Ver = | Size = 394772 bytes | Modified Date = 11-03-2007 21:02:38 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 11-03-2007 21:02:38 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 900660 bytes | Modified Date = 11-03-2007 21:02:38 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 06-03-2007 22:04:46 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 19593760 bytes | Modified Date = 13-03-2007 23:06:16 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 267620 bytes | Modified Date = 13-03-2007 23:05:00 | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 586784 bytes | Modified Date = 13-03-2007 23:05:00 | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 57080 bytes | Modified Date = 13-03-2007 23:05:00 | Attr = HS]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.394 | Size = 75932 bytes | Modified Date = 22-02-2007 20:06:16 | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.393 | Size = 74396 bytes | Modified Date = 22-02-2007 20:06:16 | Attr = ]
rkhdrv31.sys -> %System32%\drivers\rkhdrv31.sys -> [Ver = 3, 2, 120, 0 | Size = 24448 bytes | Modified Date = 13-03-2007 21:26:02 | Attr = H ]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\KillBox.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Modified Date = 08-03-2007 20:10:12 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\phonocar-Zubehoer-2006.pdf:Zone.Identifier ->
File scan skipped for file %UserDocuments%\Record Take 2.wav -> File size too big (114296420 bytes) ->
File scan skipped for file %UserDocuments%\Record Take 3.wav -> File size too big (117852634 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Rens_din_skaerm.ppt:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Terra efterår 2005(1).pdf:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Women.ppt:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Audi_lo_res.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = 0. 0. 0. 0 | Size = 1109150 bytes | Modified Date = 13-03-2007 12:01:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\mwav.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Pool.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\RegSupreme_setup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpywarePro1241.exe:Zone.Identifier ->
Thawte Consulting , -> %UserDesktop%\SUPERAntiSpywarePro1241.exe -> [Ver = | Size = 5693216 bytes | Modified Date = 07-03-2007 17:08:40 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Thrustmapper_4.02.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41123 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.99 | Size = 75264 bytes | Modified Date = 15-05-2004 16:10:42 | Attr = ]
UPX! , UPX0 , -> %System32%\MonkeySource.ax -> [Ver = | Size = 177152 bytes | Modified Date = 19-06-2004 18:28:44 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 09-10-2001 14:00:00 | Attr = ]
< End of report >
Bemærk at tråden er skiftet til side 2 
. Og jeg kan se at du også fandt ud af årsagen til at jeg først forsøger med rku: Gmer giver nogle gange nogle ret omfattende logs.
