Jeg burde måske tilføje, at jeg nu forsøger mig med at fjerne msn fra computeren og installere programmet igen. Måske kan det hjælpe?

Følg denne vejledning:
http://www.spywarefri.dk/forum/links/hjtanv.htm
Vi skal se logs fra AVG, Combofix og Hijackthis i nævnte rækkefølge.

Du må IKKE selv slette noget, teamet skal nok hjælpe dig med at fortælle hvad der er galt.

Først den ene maskine og så tager vi den anden efterfølgende…

Så er jeg klar med logfilerne fra den stationære pc:

————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 09:44:30 27-04-2008

+ Scan result:

:mozilla.258:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@laptopmag.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@eboks.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@edsa.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@jyskebank.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@magasindn.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@medhelpinternational.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@politiken.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@politiken.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@sonofon.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@telmore.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.239:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.263:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.264:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.265:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.238:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.241:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.242:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.282:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.283:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.284:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.240:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.275:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.205:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.277:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.148:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.6:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.60:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.36:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.37:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.38:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.175:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.176:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.177:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.178:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.179:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.180:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.181:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@uk.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@www.safer-networking[1].txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.208:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.211:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.248:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@accessories.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@statistik-gallup[2].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.31:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Documents and Settings\Kristine\Cookies\kristine@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.189:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.190:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.191:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.192:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.193:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.194:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.195:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.196:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.243:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.246:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.247:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.30:C:\Documents and Settings\Documents and Settings\Kristine\Application Data\Mozilla\Firefox\Profiles\default.mgj\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Kristine\Cookies\kristine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

ComboFix 08-04-26.2 - Kristine 2008-04-27 9:54:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.529 [GMT 2:00]
Running from: C:\Documents and Settings\Kristine\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 08:41 . 2008-04-27 08:41 <DIR> d————C:\Documents and Settings\Kristine\Application Data\Grisoft
2008-04-27 08:41 . 2007-05-30 14:10 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-24 19:27 . 2008-04-27 09:50 54,156—ah——- C:\WINDOWS\QTFont.qfn
2008-04-24 19:27 . 2008-04-24 19:27 1,409—a———C:\WINDOWS\QTFont.for
2008-04-20 09:59 . 2008-04-20 09:59 <DIR> d————C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 09:29 . 2008-04-20 09:29 <DIR> d————C:\Programmer\CCleaner
2008-04-18 23:53 . 2008-04-23 16:52 <DIR> d————C:\Programmer\Spybot - Search & Destroy
2008-04-18 23:53 . 2008-04-23 16:51 <DIR> d————C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:52 . 2008-04-18 23:52 9,722,720—a———C:\spybotsd152.exe
2008-04-05 10:59 . 2008-04-05 10:59 <DIR> d————C:\Programmer\Safari
2008-04-05 10:56 . 2008-04-05 10:57 <DIR> d————C:\Programmer\iTunes
2008-04-05 10:56 . 2008-04-05 10:56 <DIR> d————C:\Programmer\iPod
2008-04-05 10:54 . 2008-04-05 10:55 <DIR> d————C:\Programmer\QuickTime
2008-04-03 05:03 . 2008-04-03 05:03 1,333,152—a———C:\WINDOWS\system32\drivers\athw.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112—a———C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344—a———C:\WINDOWS\system32\QuickTime.qts
2008-03-28 21:09 . 2008-04-19 10:47 <DIR> d————C:\WINDOWS\system32\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 06:34————- d——-w C:\Programmer\Fælles filer\Symantec Shared
2008-04-27 06:12————- d——-w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 17:51————- dcsh—w C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-04-24 17:47————- d——-w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 17:27————- d——-w C:\Programmer\Ad Muncher
2008-04-20 07:40————- d——-w C:\Programmer\Skype
2008-04-20 07:38————- d——-w C:\Programmer\MySpace
2008-04-18 14:46————- d——-w C:\Documents and Settings\Kristine\Application Data\Apple Computer
2008-03-20 08:09 1,845,248——a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 11:10 633,344———w C:\WINDOWS\system32\gpprefcl.dll
2008-03-11 15:35————- d——-w C:\Programmer\Google
2008-03-11 06:13————- d——-w C:\Programmer\Fælles filer\InstallShield
2008-03-06 20:32 706——a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904——a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537——a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-01 12:58 826,368——a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 06:27————- d——-w C:\Programmer\Windows Live
2008-02-20 06:51 282,624——a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:37 45,568——a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 20:10 357,768——a-w C:\Documents and Settings\Kristine\SymXPep2.dll
2008-02-19 14:23 579,464——a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-19 14:23 207,240——a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-18 21:33 15,256,576——a-w C:\logitech_setpoint_440_32.zip
2008-02-18 20:50 2,213,153——a-w C:\intel_inf_8311011.zip
2008-02-18 20:44 11,502,907——a-w C:\intel_pro1000_124_xp32.zip
2008-02-18 20:09 10,025,984——a-w C:\nvidia_93.71_winxp2k_whql.exe
2008-02-18 18:42 2,406,936——a-w C:\intel_inf_8401016fin.exe
2008-02-18 18:32 379,808——a-w C:\atheros_ar5xxx_60385_xp.zip
2008-02-18 18:00 691,390——a-w C:\a4tech_wop555_drv766.zip
2008-02-18 17:56 120,680——a-w C:\R57664.EXE
2008-02-13 17:12 60,800——a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-29 10:02 107,368——a-w C:\WINDOWS\system32\GEARAspi.dll
2007-10-11 14:47 65,992——a-w C:\Documents and Settings\Kristine\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784—a———C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-13 19:11 116088—a———C:\PROGRA~1\FLLESF~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}”= “C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll” [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}”= C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=“C:\Programmer\Windows Live\Messenger\MsnMsgr.exe” [2007-10-18 11:34 5724184]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-27 14:00 15360]
“Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 02:00 90112]
“nwiz”=“nwiz.exe” [2003-07-28 16:19 323584 C:\WINDOWS\system32\nwiz.exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2003-07-28 16:19 4841472]
“ccApp”=“C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe” [2008-01-31 14:15 51048]
“osCheck”=“C:\Programmer\Norton Internet Security\osCheck.exe” [2007-08-24 22:53 714608]
“Adobe Reader Speed Launcher”=“C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 23:16 39792]
“QuickTime Task”=“C:\Programmer\QuickTime\QTTask.exe” [2008-03-28 23:37 413696]
“iTunesHelper”=“C:\Programmer\iTunes\iTunesHelper.exe” [2008-03-30 10:36 267048]
“!AVG Anti-Spyware”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-27 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ctmp3”= C:\WINDOWS\system32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSave]
C:\Programmer\Avanquest\AutoSave\AutoSave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
—a———2002-04-03 02:01 135264 C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
—a———2007-06-03 15:59 958464 C:\Programmer\Labtec\Desktop\V5.1\moffice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
—a———2008-03-30 10:36 267048 C:\Programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
—a———2002-10-14 22:07 57344 C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
—a———2004-10-13 18:24 1694208 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programmer\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Programmer\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
—a———2007-06-03 15:59 387584 C:\Programmer\Labtec\Desktop\V5.1\kbdap32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Programmer\Nokia\Nokia PC Suite 6\PCSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programmer\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
—a———2007-09-25 01:11 132496 C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
—a———2007-08-30 18:43 4670704 C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\WINDOWS\\system32\\LEXPPS.EXE”=
“C:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe”=
“C:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“C:\\Programmer\\iTunes\\iTunes.exe”=
“C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Programmer\\Windows Live\\Messenger\\livecall.exe”=

R2 LiveUpdate Notice;LiveUpdate Notice;“C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe” /h ccCommon []
S2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;“C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [2007-08-31 12:49]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 uac4pdt;PDT USB Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uac4pdt.sys [2005-12-12 12:56]
S3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys []

*Newly Created Service* - COMHOST
.
Contents of the ‘Scheduled Tasks’ folder
“2008-04-26 08:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
“2008-04-21 19:37:48 C:\WINDOWS\Tasks\Norton Internet Security - Kør Fuld systemskanning - Kristine.job”
- C:\Programmer\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 09:56:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 10

**************************************************************************
.
Completion time: 2008-04-27 9:58:01
ComboFix-quarantined-files.txt 2008-04-27 07:57:43

Pre-Run: 235,561,672,704 byte ledig
Post-Run: 235,616,886,784 byte ledig

187—- E O F—- 2008-04-09 04:10:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:23, on 27-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kristine\Skrivebord\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo;! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FLLESF~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton-værktøjslinjen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] “C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: [osCheck] “C:\Programmer\Norton Internet Security\osCheck.exe”
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.odense.dk/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} (sigSrvClnt Class) - https://signflow.statsamt.dk/signServerClient.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182364660500
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FLLESF~1\SYMANT~1\CCPD-LC\symlcsvc.exe

—
End of file - 8897 bytes

Udfør dette og skift password på din Hotmail og msn konto.

http://www.azkaban.dk/msnvirus.htm

Lad os høre om det løste problemet.

Okay. Det forsøger jeg så nu. Her kommer logfilerne fra den bærbare:

————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 10:56:33 27-04-2008

+ Scan result:

C:\Documents and Settings\Bruger\Cookies\bruger@politiken.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bruger\Cookies\bruger@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Bruger\Cookies\bruger@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.

::Report end

ComboFix 08-04-26.2 - Bruger 2008-04-27 11:05:19.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.552 [GMT 2:00]
Running from: C:\Documents and Settings\Bruger\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 09:57 . 2008-04-27 09:57 <DIR> d————C:\Documents and Settings\Bruger\Application Data\Grisoft
2008-04-27 09:57 . 2007-05-30 14:10 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-20 11:52 . 2008-04-20 11:52 <DIR> d————C:\Programmer\CCleaner
2008-04-15 18:28 . 2008-04-15 18:28 <DIR> d————C:\Program Files
2008-04-15 18:28 . 2008-04-15 18:28 434,600—a———C:\nsinstall.exe
2008-04-15 17:43 . 2008-04-15 17:43 <DIR> d—hs——C:\FOUND.011
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d————C:\Programmer\Google
2008-04-11 17:43 . 2008-04-11 17:43 <DIR> d—hs——C:\FOUND.010
2008-04-01 20:22 . 2008-04-01 20:22 <DIR> d————C:\Documents and Settings\Bruger\Application Data\OpenOffice.org2
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d————C:\Programmer\OpenOffice.org 2.4
2008-04-01 20:07 . 2008-04-01 20:07 118,730,234—a———C:\OOo_2.4.0_Win32Intel_install_da.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 18:13 500,224——a-w C:\AM-Install.exe
2008-03-24 14:16————- d——-w C:\Programmer\Ad Muncher
2008-03-20 08:09 1,845,248——a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,248——a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 19:57————- d——-w C:\Programmer\Microsoft Silverlight
2008-03-04 19:56————- d——-w C:\Programmer\MSXML 6.0
2008-03-04 19:54————- d——-w C:\Programmer\MSBuild
2008-03-04 19:50————- d——-w C:\Programmer\Reference Assemblies
2008-03-04 19:48————- d——-w C:\Programmer\Windows Media Connect 2
2008-03-02 15:46————- d——-w C:\Programmer\Fælles filer\Scanner
2008-03-02 15:46————- d——-w C:\Programmer\CA Yahoo! Anti-Spy
2008-03-02 15:41————- d——-w C:\Programmer\Yahoo!
2008-03-02 15:41————- d——-w C:\Documents and Settings\Bruger\Application Data\Yahoo!
2008-03-02 15:41————- d——-w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 16:28 3,591,680——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 12:47————- d——-w C:\Programmer\Windows Live Safety Center
2008-02-29 20:20————- d-sh—w C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-02-29 20:19————- d——-w C:\Programmer\Windows Live
2008-02-29 20:19————- d——-w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 08:54 70,656——a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:54 625,664——a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824———w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624——a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624——a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568——a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568——a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992——a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792——a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-27 05:00 15360]
“MsnMsgr”=“C:\Programmer\Windows Live\Messenger\MsnMsgr.exe” [2007-10-18 11:34 5724184]
“SpybotSD TeaTimer”=“C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
“Ad Muncher”=“C:\Programmer\Ad Muncher\AdMunch.exe” [2008-04-15 20:13 779776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
“AGRSMMSG”=“AGRSMMSG.exe” [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
“SiS Windows KeyHook”=“C:\WINDOWS\system32\keyhook.exe” [2005-03-04 13:13 32768]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-27 05:00 208952]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-27 05:00 59392]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-15 17:47 579584]
“Adobe Reader Speed Launcher”=“C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“NetSoftware”=“C:\Program Files\NetSoftware\Starter.exe” [2008-04-15 18:29 106496]
“!AVG Anti-Spyware”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-27 05:00 15360]
“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-02-21 05:47 219136]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.iv41”= IR41_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
—a———2005-11-16 16:54 385024 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
—a———2005-10-12 15:16 315392 C:\Programmer\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
————- 2005-03-09 18:59 49152 C:\Programmer\Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
—a———2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
—a———2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
—a———2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
—a———2004-10-07 23:43 688218 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
—a———2004-10-07 23:44 98394 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avginet.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Programmer\\Messenger\\msmsgs.exe”=
“C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Programmer\\Windows Live\\Messenger\\livecall.exe”=

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 11:06:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 11:07:02
ComboFix-quarantined-files.txt 2008-04-27 09:07:02

Pre-Run: 39,883,735,040 byte ledig
Post-Run: 39,873,249,280 byte ledig

124—- E O F—- 2008-04-12 21:03:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:59, on 27-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Ad Muncher\AdMunch.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bruger\Skrivebord\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo;! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [NetSoftware] “C:\Program Files\NetSoftware\Starter.exe” /path=“C:\\Program Files\\NetSoftware”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Ad Muncher] “C:\Programmer\Ad Muncher\AdMunch.exe” /bt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=42861626&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=42861626&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=42861626&id=menu_ie_link
O8 - Extra context menu item: Don’t filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=42861626&id=menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=42861626&id=menu_ie_report
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203619683140
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

—
End of file - 7142 bytes

Jeg kan ikke finde den fil der hedder Alfa.exe som guiden beskriver at jeg skal fjerne. Mappen messenger har jeg tømt som beskrevet, men der er også en mappe der hedder MSNgaming som jeg ikke kan få lov at tømme eller slette. Jeg får en besked om “access denied”

Afinstaller ”NetSoftware” fra Tilføj/fjern programmer.

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NetSoftware”=-

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over SWF-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
———————————————————-

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Genstart så din pc og kom med en frisk hijackThis log.

HijackThis gav mig denne log (uden at jeg fik mulighed for at checke linien af som du bad om). Jeg prøver lige igen.

ComboFix 08-04-26.2 - Bruger 2008-04-27 13:16:03.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.625 [GMT 2:00]
Running from: C:\Documents and Settings\Bruger\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruger\Skrivebord\Spywarefri\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NetSoftware
C:\Program Files\NetSoftware\rmNetSoftware.exe

.
(((((((((((((((((((((((((  Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 12:02 . 2008-04-27 12:02 <DIR> d————C:\Programmer\SUPERAntiSpyware
2008-04-27 12:02 . 2008-04-27 12:02 <DIR> d————C:\Documents and Settings\Bruger\Application Data\SUPERAntiSpyware.com
2008-04-27 12:02 . 2008-04-27 12:02 <DIR> d————C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 12:01 .  <DIR>  C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-27 09:57 . 2008-04-27 09:57 <DIR> d————C:\Documents and Settings\Bruger\Application Data\Grisoft
2008-04-27 09:57 . 2007-05-30 14:10 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-20 11:52 . 2008-04-20 11:52 <DIR> d————C:\Programmer\CCleaner
2008-04-15 18:28 . 2008-04-15 18:28 <DIR> d————C:\Program Files
2008-04-15 18:28 . 2008-04-15 18:28 434,600—a———C:\nsinstall.exe
2008-04-15 17:43 . 2008-04-15 17:43 <DIR> d—hs——C:\FOUND.011
2008-04-14 19:32 . 2008-04-14 19:32 <DIR> d————C:\Programmer\Google
2008-04-11 17:43 . 2008-04-11 17:43 <DIR> d—hs——C:\FOUND.010
2008-04-01 20:22 . 2008-04-01 20:22 <DIR> d————C:\Documents and Settings\Bruger\Application Data\OpenOffice.org2
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d————C:\Programmer\OpenOffice.org 2.4
2008-04-01 20:07 . 2008-04-01 20:07 118,730,234—a———C:\OOo_2.4.0_Win32Intel_install_da.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 18:13 500,224——a-w C:\AM-Install.exe
2008-03-24 14:16————- d——-w C:\Programmer\Ad Muncher
2008-03-20 08:09 1,845,248——a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,248——a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 19:57————- d——-w C:\Programmer\Microsoft Silverlight
2008-03-04 19:56————- d——-w C:\Programmer\MSXML 6.0
2008-03-04 19:54————- d——-w C:\Programmer\MSBuild
2008-03-04 19:50————- d——-w C:\Programmer\Reference Assemblies
2008-03-04 19:48————- d——-w C:\Programmer\Windows Media Connect 2
2008-03-02 15:46————- d——-w C:\Programmer\Fælles filer\Scanner
2008-03-02 15:46————- d——-w C:\Programmer\CA Yahoo! Anti-Spy
2008-03-02 15:41————- d——-w C:\Programmer\Yahoo!
2008-03-02 15:41————- d——-w C:\Documents and Settings\Bruger\Application Data\Yahoo!
2008-03-02 15:41————- d——-w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 16:28 3,591,680——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 20:20————- d-sh—w C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-02-29 20:19————- d——-w C:\Programmer\Windows Live
2008-02-29 20:19————- d——-w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 08:54 70,656——a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:54 625,664——a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824———w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624——a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624——a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568——a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568——a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992——a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792——a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-27 05:00 15360]
“MsnMsgr”=“C:\Programmer\Windows Live\Messenger\MsnMsgr.exe” [ ]
“SpybotSD TeaTimer”=“C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
“Ad Muncher”=“C:\Programmer\Ad Muncher\AdMunch.exe” [2008-04-15 20:13 779776]
“SUPERAntiSpyware”=“C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
“AGRSMMSG”=“AGRSMMSG.exe” [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
“SiS Windows KeyHook”=“C:\WINDOWS\system32\keyhook.exe” [2005-03-04 13:13 32768]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-27 05:00 208952]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-27 05:00 59392]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-15 17:47 579584]
“Adobe Reader Speed Launcher”=“C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“!AVG Anti-Spyware”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-27 05:00 15360]
“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-02-21 05:47 219136]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.iv41”= IR41_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
—a———2005-11-16 16:54 385024 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
—a———2005-10-12 15:16 315392 C:\Programmer\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
————- 2005-03-09 18:59 49152 C:\Programmer\Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
—a———2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
—a———2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
—a———2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
—a———2004-10-07 23:43 688218 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
—a———2004-10-07 23:44 98394 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avginet.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe”=
“C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Programmer\\Messenger\\msmsgs.exe”=

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]

*Newly Created Service* - SASDIFSV
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:20:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAMMER\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAMMER\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAMMER\GRISOFT\AVG7\AVGUPSVC.EXE
C:\PROGRAMMER\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAMMER\GRISOFT\AVG7\AVGCC.EXE
.
**************************************************************************
.
Completion time: 2008-04-27 13:22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 11:22:06
ComboFix2.txt 2008-04-27 09:07:06

Pre-Run: 39,641,251,840 byte ledig
Post-Run: 39,638,925,312 byte ledig

148—- E O F—- 2008-04-12 21:03:24

Den linje som du beder mig markere i HijackThis eksisterer ikke. Hverken på den stationære eller den bærbare. Er det godt eller skidt nyt?

Den er i den HijackThis du senest har lagt ind, fix den - genstart og kom med en ny HijackThis fra denne pc.

Jeg har lige genstartet begge og kørt HijackThis igen. Nu fandt jeg den føromtalte linje på begge pc’er. Jeg har fjernet den her på den stationære, genstartet og kørt HijackThis igen. Nu får jeg denne log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Kristine\Skrivebord\Spywarefri\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo;! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FLLESF~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton-værktøjslinjen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] “C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: [osCheck] “C:\Programmer\Norton Internet Security\osCheck.exe”
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.odense.dk/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} (sigSrvClnt Class) - https://signflow.statsamt.dk/signServerClient.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182364660500
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FLLESF~1\SYMANT~1\CCPD-LC\symlcsvc.exe

—
End of file - 8839 bytes

Den linje som du beder mig markere i HijackThis eksisterer ikke. Hverken på den stationære eller den bærbare. Er det godt eller skidt nyt?

Det betyder ikke så meget, da det bare var oprydning—og hvis computeren har opryddet sig selv, er alt jo godt

Der er ikke noget, der egentlig tyder på, at du er inficeret. Men for at lave et ekstra tjek, synes jeg lige vi skal undersøge din computer for rootkits.

Jeg overfører derfor tråden til Rootkit-kategorien. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her:

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320

Prøv følgende:
Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www2.gmer.net/gmer.exe

Kør programmet, og vent imens der laves en hurtig “Quick Scan”. Klik så på “Scan”. Imens der scannes, bør du afbryde netforbindelsen, lukke alle åbne programmer, og undlade at bruge computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på “Save”, og gemme logfilen et sted, hvor du kan finde den igen. Find så logfilen, som du lige har gemt, og kopier indholdet herind i tråden.

I nogle tilfælde er logfilen så lang, at den ikke kan være i en enkelt post. Så må du lægge den af flere omgange.

Okay. Her er logfilen fra den stationære:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-04-27 14:49:31
Windows 5.1.2600 Service Pack 2

——System - GMER 1.0.14——

SSDT         865B5350                                                                         ZwAlertResumeThread
SSDT         865A9068                                                                         ZwAlertThread
SSDT         864C0F20                                                                         ZwAllocateVirtualMemory
SSDT         86318CC8                                                                         ZwConnectPort
SSDT         \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                  ZwCreateKey [0xF1D09EE0]
SSDT         86778898                                                                         ZwCreateMutant
SSDT         86641108                                                                         ZwCreateThread
SSDT         865AD468                                                                         ZwDebugActiveProcess
SSDT         \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                  ZwDeleteKey [0xF1D0A160]
SSDT         \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                  ZwDeleteValueKey [0xF1D0A6C0]
SSDT         864EC268                                                                         ZwFreeVirtualMemory
SSDT         865AC088                                                                         ZwImpersonateAnonymousToken
SSDT         865AEE00                                                                         ZwImpersonateThread
SSDT         864F8D50                                                                         ZwMapViewOfSection
SSDT         865AC450                                                                         ZwOpenEvent
SSDT         \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                         ZwOpenProcess [0xF7E538AC]
SSDT         865A0550                                                                         ZwOpenProcessToken
SSDT         865ABC40                                                                         ZwOpenSection
SSDT         84480270                                                                         ZwOpenThreadToken
SSDT         862B4D40                                                                         ZwResumeThread
SSDT         865A1870                                                                         ZwSetContextThread
SSDT         864A9BA8                                                                         ZwSetInformationProcess
SSDT         8642D9D8                                                                         ZwSetInformationThread
SSDT         \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                  ZwSetValueKey [0xF1D0A910]
SSDT         865AC818                                                                         ZwSuspendProcess
SSDT         865A5F68                                                                         ZwSuspendThread
SSDT         \??\C:\WINDOWS\system32\drivers\CO_Mon.sys (Behavior Blocker v2007.1 WDM driver (2007.1.1.99)/Symantec Corporation)  ZwTerminateProcess [0xF7AD3760]
SSDT         865A1008                                                                         ZwTerminateThread
SSDT         865A0E90                                                                         ZwUnmapViewOfSection
SSDT         864D0190                                                                         ZwWriteVirtualMemory

——User code sections - GMER 1.0.14——

.text       C:\Programmer\MSN Messenger\MsnMsgr.Exe[1832] kernel32.dll!SetUnhandledExceptionFilter                     7C84467D 5 Bytes JMP 004DE392 C:\Programmer\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

——Devices - GMER 1.0.14——

AttachedDevice \Driver\Tcpip \Device\Ip                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

——Registry - GMER 1.0.14——

Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs                              
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                       15
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                         10000
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                   yes
Reg         HKLM\SOFTWARE\Microsoft\Windows

——Devices - GMER 1.0.14——

AttachedDevice \Driver\Tcpip \Device\Ip                                                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

——Registry - GMER 1.0.14——

Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs                              
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                       15
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                         10000
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                   yes
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                  
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                       90
Reg         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                         10000

——EOF - GMER 1.0.14——

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-04-27 15:56:09
Windows 5.1.2600 Service Pack 2

——System - GMER 1.0.14——

SSDT         \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                 ZwOpenProcess [0xF711F8AC]
SSDT         \??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys                                       ZwTerminateProcess [0xAC954660]

——User code sections - GMER 1.0.14——

.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!StrStrW + FFE25BCA                           7C9C217D 272 Bytes [ C1, F1, 77, 48, A2, F1, 77, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!StrStrW + FFE25CDB                           7C9C228E 1 Byte [ 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!StrStrW + FFE25CDD                           7C9C2290 117 Bytes [ E7, 30, 83, 7C, 27, F8, 82, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!StrStrW + FFE25D53                           7C9C2306 90 Bytes [ 81, 7C, F7, 28, 83, 7C, 5D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!StrStrW + FFE25DAE                           7C9C2361 2 Bytes [ 30, 81 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDiskFreeSpaceExW + 9B                     7C9EA8DC 63 Bytes [ 53, 48, 47, 65, 74, 44, 69, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDiskFreeSpaceExW + DB                     7C9EA91C 149 Bytes [ 53, 48, 47, 65, 74, 46, 69, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDiskFreeSpaceExW + 171                     7C9EA9B2 610 Bytes [ 53, 48, 47, 65, 74, 49, 63, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFree + 3B                               7C9EAC15 344 Bytes [ 64, 49, 6E, 50, 72, 6F, 63, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFree + 194                               7C9EAD6E 235 Bytes [ 53, 48, 51, 75, 65, 72, 79, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFree + 7E                               7C9EAE5A 18 Bytes [ 6F, 67, 57, 00, 53, 48, 54, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFree + 91                               7C9EAE6D 796 Bytes [ 65, 72, 73, 68, 69, 70, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILClone + A5                               7C9EB18A 409 Bytes [ 57, 00, 53, 74, 72, 4E, 43, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILClone + 23F                             7C9EB324 8 Bytes [ 55, 8B, EC, FF, 75, 08, 6A, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILClone + 248                             7C9EB32D 37 Bytes [ 15, 28, 16, 9C, 7C, 5D, C3, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILClone + 26E                             7C9EB353 118 Bytes [ 8C, 03, 00, 8B, C7, 5F, 5E, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCloneFirst + 79                           7C9EB3CD 14 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCloneFirst + 88                           7C9EB3DC 41 Bytes [ 5D, 08, 56, 57, 53, 89, 45, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCombine + 1                             7C9EB406 56 Bytes CALL 7C9E83FE C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCombine + 3A                             7C9EB43F 15 Bytes [ 8B, BA, 06, 00, 85, FF, 74, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCombine + 4A                             7C9EB44F 57 Bytes [ 4D, FC, 8B, C7, 5F, 5E, 5B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCombine + 84                             7C9EB489 44 Bytes [ 5D, 08, 8D, 34, 9D, A8, F6, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCombine + B1                             7C9EB4B6 28 Bytes [ 90, 90, 90, 90, 90, 81, C1, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDesktopFolder + 13                       7C9EBA6B 44 Bytes [ 3B, D7, 72, 1A, 77, 04, 3B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDesktopFolder + 40                       7C9EBA98 25 Bytes [ 5E, 5B, C9, C2, 10, 00, 90, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDesktopFolder + 5A                       7C9EBAB2 24 Bytes [ 15, 60, 15, 9C, 7C, 8B, F8, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDesktopFolder + 73                       7C9EBACB 44 Bytes [ C7, 5F, 5E, 5D, C2, 04, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetDesktopFolder + A0                       7C9EBAF8 233 Bytes [ 90, 90, 90, 90, 90, C7, 01, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHRestricted + 38                           7C9EC381 38 Bytes [ 85, C0, 74, 1E, 56, 8B, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHRestricted + 5F                           7C9EC3A8 2 Bytes [ 90, 90 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHRestricted + 63                           7C9EC3AC 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHRestricted + 6F                           7C9EC3B8 41 Bytes [ 83, C0, 04, 50, FF, 75, 08, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHRestricted + 99                           7C9EC3E2 35 Bytes [ 4D, 08, 56, 8B, F1, 57, C1, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILRemoveLastID + 1                           7C9EC4A8 4 Bytes [ EC, 83, EC, 10 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILRemoveLastID + 8                           7C9EC4AF 28 Bytes [ 85, C9, 0F, 85, 06, 07, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILRemoveLastID + 25                         7C9EC4CC 93 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILRemoveLastID + 83                         7C9EC52A 104 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILRemoveLastID + EC                         7C9EC593 6 Bytes [ 80, 0F, 8D, 4E, 7E, 00 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetSettings + 63                         7C9EC703 75 Bytes [ 50, A5, 89, 45, C8, FF, 15, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetSettings + AF                         7C9EC74F 42 Bytes [ 74, 17, FF, 75, CC, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetSettings + DA                         7C9EC77A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetSettings + F6                         7C9EC796 78 Bytes [ 0F, 8C, E4, 01, 00, 00, 56, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetSettings + 145                       7C9EC7E5 5 Bytes [ 56, 57, 68, D0, 00 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCLSIDFromString + 26                       7C9ECAC9 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCLSIDFromString + 43                       7C9ECAE6 96 Bytes [ D8, 0F, 84, 8E, E4, 06, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCLSIDFromString + A4                       7C9ECB47 39 Bytes [ 47, 85, C0, 74, 49, 8B, 08, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCLSIDFromString + CC                       7C9ECB6F 62 Bytes [ 11, 85, C0, 7C, 18, 56, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCLSIDFromString + 10B                       7C9ECBAE 8 Bytes [ FF, 75, 10, FF, 75, 08, E8, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindLastID + 2A                           7C9ECC96 80 Bytes [ 53, FF, 75, 10, 8D, 4F, F0, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindLastID + 7B                           7C9ECCE7 53 Bytes [ CE, 2B, C8, D1, F9, 51, 50, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindLastID + B1                           7C9ECD1D 114 Bytes [ 75, 10, 53, FF, 37, FF, 15, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindLastID + 124                           7C9ECD90 55 Bytes [ 49, 00, 44, 00, 50, 00, 52, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindLastID + 15C                           7C9ECDC8 7 Bytes [ 69, 00, 43, 00, 61, 00, 63 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHParseDisplayName + 3E                       7C9EDE9E 133 Bytes [ 0F, 84, 0C, 85, 03, 00, 83, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHParseDisplayName + C4                       7C9EDF24 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHParseDisplayName + FF                       7C9EDF5F 51 Bytes CALL 7C9EDE03 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHParseDisplayName + 133                       7C9EDF93 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHParseDisplayName + 13F                       7C9EDF9F 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHILCreateFromPath + 8C                       7C9EE4BC 27 Bytes CALL 7C9EE461 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHILCreateFromPath + A8                       7C9EE4D8 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHILCreateFromPath + D8                       7C9EE508 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHILCreateFromPath + FA                       7C9EE52A 89 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHILCreateFromPath + 154                       7C9EE584 19 Bytes [ 53, FF, 75, 14, 57, 50, FF, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCreateFromPath + 1                         7C9EE5D0 8 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCreateFromPath + A                         7C9EE5D9 13 Bytes [ 68, 90, 44, 9C, 7C, 6A, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCreateFromPath + 18                         7C9EE5E7 7 Bytes [ FF, 5D, C2, 0C, 00, 90, 90 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCreateFromPath + 22                         7C9EE5F1 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILCreateFromPath + 29                         7C9EE5F8 52 Bytes [ 30, 02, 00, 00, A1, 48, F5, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathW + 14                         7C9EF066 49 Bytes [ 8B, D8, 85, DB, 7C, 6B, 83, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathW + 46                         7C9EF098 10 Bytes [ C8, 8B, 45, CC, 8B, 08, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathW + 51                         7C9EF0A3 41 Bytes [ 55, C0, 52, 56, 57, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathW + 7B                         7C9EF0CD 5 Bytes [ FF, 8B, 45, CC, 8B ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathW + 81                         7C9EF0D3 35 Bytes [ 50, FF, 51, 08, 8B, 4D, FC, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderLocation + D                       7C9EF54A 8 Bytes [ 57, 6A, 2C, 89, 45, FC, BF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderLocation + 16                       7C9EF553 13 Bytes [ 07, 80, 8B, C3, 59, 90, 90, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderLocation + 24                       7C9EF561 20 Bytes [ 00, 00, 40, 49, 75, F9, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderLocation + 39                       7C9EF576 17 Bytes CALL 7C9ECB3A C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderLocation + 4B                       7C9EF588 33 Bytes [ 66, C7, 03, 19, 00, C6, 43, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderLocation                     7C9EF5BF 9 Bytes [ 68, 30, 81, 9C, 7C, E8, 06, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderLocation + A                   7C9EF5C9 188 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderLocation + C7                 7C9EF686 29 Bytes [ 15, 30, 10, 9C, 7C, 85, C0, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderLocation + E5                 7C9EF6A4 59 Bytes [ 85, C0, 75, 2F, 8D, 45, AC, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderLocation + 121                 7C9EF6E0 21 Bytes [ 8B, 4D, FC, 8B, 45, A8, 5F, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCoCreateInstance + 65                       7C9EF927 8 Bytes [ 33, C0, 8D, 7D, F4, AB, AB, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCoCreateInstance + 6E                       7C9EF930 36 Bytes [ 06, 8D, 55, F0, 52, C7, 45, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCoCreateInstance + 93                       7C9EF955 29 Bytes [ 08, 5E, 8B, 45, 08, 5F, 5B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCoCreateInstance + B1                       7C9EF973 22 Bytes [ 8D, 7A, 08, C7, 02, AC, 81, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCoCreateInstance + CB                       7C9EF98D 58 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetClassObject + 1C                       7C9EFA95 8 Bytes [ 8B, 8D, A0, FD, FF, FF, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetClassObject + 25                       7C9EFA9E 49 Bytes [ FD, FF, FF, 50, FF, 33, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetClassObject + 57                       7C9EFAD0 19 Bytes CALL 7C9E83AC C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetClassObject + 6B                       7C9EFAE4 23 Bytes [ B5, A8, FD, FF, FF, 6A, 0B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetClassObject + 84                       7C9EFAFD 63 Bytes [ 50, F3, A5, FF, 15, 3C, 1C, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHBindToParent + 2                           7C9EFD21 35 Bytes [ 00, 56, 89, 45, FC, 8B, 45, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHBindToParent + 26                         7C9EFD45 63 Bytes [ 8D, 85, F4, FD, FF, FF, 51, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHBindToParent + 66                         7C9EFD85 57 Bytes [ 00, 85, C0, 0F, 85, 69, 0C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHBindToParent + A0                         7C9EFDBF 35 Bytes CALL 7C9EDE88 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHBindToParent + C4                         7C9EFDE3 63 Bytes [ EC, 83, EC, 20, 56, 8B, F1, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsNetDrive + 69                             7C9F0E39 50 Bytes [ 7F, 0F, 87, 6D, 2B, 05, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsNetDrive + 9C                             7C9F0E6C 192 Bytes [ 56, 57, FF, 75, 14, 8B, 7D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsNetDrive + 15D                           7C9F0F2D 21 Bytes [ 50, 1C, 85, C0, 5F, 0F, 8C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsNetDrive + 173                           7C9F0F43 69 Bytes [ 15, D4, 15, 9C, 7C, 8B, 4D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsNetDrive + 1B9                           7C9F0F89 17 Bytes CALL 7C9F08AD C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DriveType + 13                             7C9F1675 5 Bytes [ 00, 00, 02, 6A, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DriveType + 19                             7C9F167B 18 Bytes [ 75, 0C, FF, 75, 08, FF, 15, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DriveType + 2C                             7C9F168E 31 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DriveType + 4C                             7C9F16AE 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DriveType + 68                             7C9F16CA 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetPathFromIDListW + 3B                     7C9F17F3 17 Bytes JMP 7C9EB4A3 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetPathFromIDListW + 4D                     7C9F1805 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetPathFromIDListW + 60                     7C9F1818 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetPathFromIDListW + 7A                     7C9F1832 47 Bytes [ 00, 49, 0F, 85, FD, 3D, 01, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetPathFromIDListW + AA                     7C9F1862 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsEqual + 20                             7C9F19C3 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsEqual + 28                             7C9F19CB 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsEqual + 43                             7C9F19E6 2 Bytes [ FF, 55 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsEqual + 46                             7C9F19E9 52 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsEqual + 7B                             7C9F1A1E 1 Byte [ FD ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderPathW + 11                   7C9F1B4C 13 Bytes [ FF, FF, 85, C0, 74, C9, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderPathW + 1F                   7C9F1B5A 9 Bytes [ 85, C0, FF, 75, 0C, 0F, 84, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderPathW + 29                   7C9F1B64 23 Bytes CALL 7C9EDC4A C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderPathW + 42                   7C9F1B7D 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSpecialFolderPathW + 4B                   7C9F1B86 5 Bytes [ EC, 81, EC, 84, 01 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsSlowW + 24                           7C9F1BC7 11 Bytes [ 0F, 84, C8, 00, 00, 00, 85, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsSlowW + 32                           7C9F1BD5 4 Bytes [ B9, FF, FF, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsSlowW + 37                           7C9F1BDA 93 Bytes [ 85, 4D, 0C, 0F, 85, 4B, 4B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsSlowW + 95                           7C9F1C38 4 Bytes [ 8D, B5, 9C, FE ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsSlowW + 9B                           7C9F1C3E 187 Bytes [ 33, C0, F3, A6, 0F, 85, 1D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsParent + 91                             7C9F1CFA 9 Bytes [ 66, 39, 1E, 0F, 84, 10, C8, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILIsParent + 9B                             7C9F1D04 47 Bytes CALL 7C9EC354 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindChild + B                             7C9F1D34 25 Bytes [ 08, 8D, 55, 08, 52, 68, 74, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindChild + 25                           7C9F1D4E 47 Bytes [ 50, FF, 51, 08, 8B, 45, 14, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindChild + 55                           7C9F1D7E 26 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindChild + 70                           7C9F1D99 4 Bytes CALL 7C9F36B9 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILFindChild + 75                           7C9F1D9E 19 Bytes CALL 089F1D9E
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyDeregister + 2                   7C9F58C0 66 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyDeregister + 45                   7C9F5903 53 Bytes [ 5F, 5E, C9, C2, 10, 00, 90, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyDeregister + 7B                   7C9F5939 1 Byte [ 1C ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyDeregister + 7F                   7C9F593D 61 Bytes [ 85, C0, 0F, 84, E6, 91, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyDeregister + BD                   7C9F597B 14 Bytes [ 75, 18, 5F, 89, 45, FC, 6A, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetImageLists + 36                       7C9F62C6 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetImageLists + 40                       7C9F62D0 2 Bytes [ 4D, 0C ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetImageLists + 43                       7C9F62D3 150 Bytes [ B8, 03, 04, 00, 00, 33, F6, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetImageLists + DA                       7C9F636A 30 Bytes [ 8B, 0D, A0, F5, BC, 7C, E8, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetImageLists + F9                       7C9F6389 75 Bytes [ 79, 04, 3B, C7, 0F, 85, D7, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetCachedImageIndex + 2                   7C9F6557 43 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetCachedImageIndex + 2E                   7C9F6583 3 Bytes [ EC, 51, 8D ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetCachedImageIndex + 32                   7C9F6587 6 Bytes [ FC, 50, 8D, 45, 08, 50 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetCachedImageIndex + 39                   7C9F658E 9 Bytes CALL 7C9F63FB C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_GetCachedImageIndex + 43                   7C9F6598 197 Bytes [ C0, 0F, 8C, 97, 72, 00, 00, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyRegister + 3B                     7C9F733A 2 Bytes [ 8B, F8 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyRegister + 3E                     7C9F733D 22 Bytes [ 45, 0C, 8B, 08, 50, FF, 51, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyRegister + 55                     7C9F7354 21 Bytes [ FF, 90, 90, 90, 61, 63, 9F, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyRegister + 6B                     7C9F736A 31 Bytes [ BD, 7C, FF, 0F, 84, BA, AF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotifyRegister + 8B                     7C9F738A 7 Bytes [ 55, 8B, EC, 83, 7D, 08, 00 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_MergeMenus + B                         7C9F7A07 67 Bytes [ 00, 8B, 85, 98, F9, FF, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_MergeMenus + 4F                         7C9F7A4B 48 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_MergeMenus + 80                         7C9F7A7C 31 Bytes [ 85, C0, 75, 0D, FF, 75, 0C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_MergeMenus + A3                         7C9F7A9F 46 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_MergeMenus + D2                         7C9F7ACE 13 Bytes CALL 7C9F65E7 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateShellFolderView + 2                     7C9F9064 37 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateShellFolderView + 28                   7C9F908A 50 Bytes [ 6A, 00, 6A, 00, 68, BB, 04, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateShellFolderView + 5B                   7C9F90BD 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateShellFolderView + 9A                   7C9F90FC 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateShellFolderView + 11D                   7C9F917F 5 Bytes [ 80, A6, 12, 02, 00 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38             7C9FB5A4 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54             7C9FB5C0 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B             7C9FB5C7 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF             7C9FB61B 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7             7C9FB623 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 12               7C9FC29E 3 Bytes [ 8B, 7D, 08 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 18               7C9FC2A4 68 Bytes [ 8B, F1, 8B, 86, 48, 01, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 5D               7C9FC2E9 23 Bytes [ FF, 55, 8B, EC, 81, EC, 54, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 75               7C9FC301 46 Bytes [ 75, 14, 89, 85, C0, F9, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHMapPIDLToSystemImageListIndex + A4               7C9FC330 99 Bytes CALL 7C9EDA4F C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetImageList                             7C9FE4A9 33 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetImageList + 22                         7C9FE4CB 11 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetImageList + 2F                         7C9FE4D8 4 Bytes [ 0C, 8B, 08, 50 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetImageList + 34                         7C9FE4DD 1 Byte [ 51 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetImageList + 36                         7C9FE4DF 118 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHExtractIconsW + 10                         7C9FE914 15 Bytes [ 00, A1, 48, F5, BC, 7C, 56, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHExtractIconsW + 21                         7C9FE925 16 Bytes CALL 8C9FE925
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHExtractIconsW + 32                         7C9FE936 24 Bytes [ 76, 38, BB, 84, 10, 9D, 7C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHExtractIconsW + 4C                         7C9FE950 9 Bytes [ 83, C4, 10, 85, C0, 7C, 2E, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHExtractIconsW + 56                         7C9FE95A 16 Bytes [ FB, FF, FF, 50, 68, 02, 00, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetVersion                             7C9FF5BB 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetVersion + 6                           7C9FF5C1 6 Bytes [ EC, 81, EC, 28, 02, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetVersion + D                           7C9FF5C8 77 Bytes [ A1, 48, F5, BC, 7C, 89, 45, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetVersion + 5B                           7C9FF616 43 Bytes [ 15, 04, 16, 9C, 7C, 39, 35, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllGetVersion + 87                           7C9FF642 1 Byte [ 00 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathResolve + 5B                           7CA0212D 338 Bytes [ B9, 89, 7A, AD, 7C, 89, 15, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathResolve + 1AE                           7CA02280 2 Bytes [ D1, 5D ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathResolve + 1B2                           7CA02284 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathResolve + 1C4                           7CA02296 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathResolve + 1DA                           7CA022AC 19 Bytes [ 83, 25, A0, 00, BD, 7C, 00, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ShellExecuteExW + 96                         7CA025D1 61 Bytes [ 83, FF, 08, 0F, 8E, E1, 8E, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ShellExecuteExW + D4                         7CA0260F 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ShellExecuteExW + F6                         7CA02631 92 Bytes [ 10, 89, 91, AC, 00, BD, 7C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ShellExecuteExW + 153                         7CA0268E 62 Bytes [ 00, 56, FF, 35, 84, 05, BD, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ShellExecuteExW + 192                         7CA026CD 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHTestTokenMembership + 4D                     7CA04BE8 6 Bytes [ F1, 8B, 86, 30, 60, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHTestTokenMembership + 54                     7CA04BEF 18 Bytes [ 8B, 08, 68, 48, 10, 00, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHTestTokenMembership + 68                     7CA04C03 15 Bytes [ 6A, 01, 6A, 00, 50, FF, 51, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHTestTokenMembership + 78                     7CA04C13 28 Bytes [ 5F, 5E, 8B, C3, 5B, 5D, C2, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHTestTokenMembership + 95                     7CA04C30 96 Bytes [ C0, 0F, 85, 9C, 9C, 04, 00, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!OpenRegStream + 3D                           7CA05137 71 Bytes [ 00, 00, 56, 8D, 70, 04, 56, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!OpenRegStream + 85                           7CA0517F 3 Bytes [ 00, 00, 8D ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!OpenRegStream + 89                           7CA05183 5 Bytes [ A4, FD, FF, FF, 50 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!OpenRegStream + 8F                           7CA05189 3 Bytes [ 85, AC, FD ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!OpenRegStream + 93                           7CA0518D 16 Bytes CALL 7C9EF8D1 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILLoadFromStream + 4                         7CA05F76 58 Bytes [ D8, 85, DB, 0F, 8C, 5B, C1, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILLoadFromStream + 3F                         7CA05FB1 31 Bytes CALL 7C9E83AE C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILLoadFromStream + 5F                         7CA05FD1 25 Bytes [ 5D, C2, 04, 00, 48, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILLoadFromStream + 79                         7CA05FEB 224 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ILLoadFromStream + 15A                       7CA060CC 81 Bytes [ 15, B8, 10, 9C, 7C, 85, C0, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DAD_ShowDragImage + 1                         7CA082DD 114 Bytes [ 47, 30, 85, C0, 0F, 85, 12, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DAD_ShowDragImage + 74                       7CA08350 2 Bytes [ 50, 53 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DAD_ShowDragImage + 77                       7CA08353 3 Bytes [ CE, F9, FF ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DAD_ShowDragImage + 7B                       7CA08357 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DAD_ShowDragImage + A7                       7CA08383 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathAndSubDirW + F                   7CA0A817 5 Bytes [ FF, 01, 00, 00, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetFolderPathAndSubDirW + 15                   7CA0A81D 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateDirectoryExW + 17                     7CA0A8A1 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateDirectoryExW + 7B                     7CA0A905 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateDirectoryExW + 93                     7CA0A91D 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateDirectoryExW + E8                     7CA0A972 4 Bytes [ 84, B6, F0, 04 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCreateDirectoryExW + ED                     7CA0A977 3 Bytes [ 6A, 43, FF ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHUpdateRecycleBinIcon + 5                     7CA0B325 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHUpdateRecycleBinIcon + 2D                     7CA0B34D 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHUpdateRecycleBinIcon + 5F                     7CA0B37F 93 Bytes JMP 7C9F7B71 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHUpdateRecycleBinIcon + BD                     7CA0B3DD 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHUpdateRecycleBinIcon + EF                     7CA0B40F 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsUserAnAdmin + 35                           7CA0D1D0 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsUserAnAdmin + 46                           7CA0D1E1 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsUserAnAdmin + 5A                           7CA0D1F5 5 Bytes [ 0F, 85, 72, CB, 03 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsUserAnAdmin + 60                           7CA0D1FB 42 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!IsUserAnAdmin + 8B                           7CA0D226 16 Bytes [ 4D, CB, 03, 00, 8B, 45, 10, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathProcessCommand + 41                       7CA0DB0C 1 Byte [ 53 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathProcessCommand + 43                       7CA0DB0E 38 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathProcessCommand + 6A                       7CA0DB35 9 Bytes [ FF, 83, FE, FF, 0F, 84, 36, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathProcessCommand + 74                       7CA0DB3F 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathProcessCommand + 8B                       7CA0DB56 5 Bytes [ 89, 9D, B0, FB, FF ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileW + 13                         7CA10F1D 17 Bytes [ 39, B5, CC, FD, FF, FF, 0F, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileAorW + 2                         7CA10F2F 37 Bytes [ 03, 45, 14, 3B, 45, 18, 89, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileAorW + 28                       7CA10F55 48 Bytes [ 15, 7C, 1F, 9C, 7C, 85, C0, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileAorW + 5A                       7CA10F87 61 Bytes [ 50, FF, B5, 54, FF, FF, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileAorW + 99                       7CA10FC6 34 Bytes [ FF, FF, 85, 54, FF, FF, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DragQueryFileAorW + BC                       7CA10FE9 30 Bytes [ 89, 45, FC, 8B, 45, 0C, 53, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!InternalExtractIconListA + 15                   7CA1AF76 5 Bytes [ 33, C8, 89, 8B, A4 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!InternalExtractIconListA + 1C                   7CA1AF7D 46 Bytes JMP 7CA1B413 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!InternalExtractIconListA + 4B                   7CA1AFAC 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!InternalExtractIconListA + 73                   7CA1AFD4 5 Bytes [ 89, 83, A4, 00, 00 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!InternalExtractIconListA + 79                   7CA1AFDA 58 Bytes JMP 7CA1B414 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetFolderCustomSettingsW + 53               7CA1D260 68 Bytes [ 76, 08, FF, D7, 85, C0, 74, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetFolderCustomSettingsW + 98               7CA1D2A5 25 Bytes [ 00, FF, 45, E4, 8B, 45, E4, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetFolderCustomSettingsW + B2               7CA1D2BF 34 Bytes [ F6, D9, 1B, C9, 23, 4D, 08, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetFolderCustomSettingsW + D5               7CA1D2E2 14 Bytes CALL 7CA18E03 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHGetSetFolderCustomSettingsW + E5               7CA1D2F2 43 Bytes [ F6, 46, 44, 01, 0F, 85, 67, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHSetLocalizedName + 6                       7CA20C92 8 Bytes [ 6C, 24, 04, 08, E9, D2, F5, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHSetLocalizedName + F                       7CA20C9B 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHSetLocalizedName + 2D                       7CA20CB9 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHSetLocalizedName + 4B                       7CA20CD7 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHSetLocalizedName + 85                       7CA20D11 14 Bytes JMP 7CA0EB33 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFlushSFCache + 77                         7CA20E35 14 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFlushSFCache + 86                         7CA20E44 29 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFlushSFCache + A4                         7CA20E62 85 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFlushSFCache + FA                         7CA20EB8 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHFlushSFCache + 161                         7CA20F1F 4 Bytes [ FD, FF, FF, 8D ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_NotifyIcon + B                         7CA21821 45 Bytes [ 83, BD, 3C, F5, FF, FF, 01, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_NotifyIcon + 39                         7CA2184F 7 Bytes [ FF, 00, 09, 8D, 28, F5, FF ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_NotifyIcon + 41                         7CA21857 18 Bytes [ 89, 85, 58, F5, FF, FF, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_NotifyIcon + 54                         7CA2186A 8 Bytes [ FF, 8B, F8, 85, FF, 7C, 23, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!Shell_NotifyIcon + 5D                         7CA21873 2 Bytes [ 24, F5 ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Lock + 6                   7CA21F23 70 Bytes [ 85, C0, 57, 8D, 85, F4, FD, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Lock + 4D                   7CA21F6A 21 Bytes [ 00, FF, B5, BC, F9, FF, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Lock + 63                   7CA21F80 21 Bytes CALL 7C9E83AC C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Lock + 79                   7CA21F96 5 Bytes [ EC, 81, EC, 0C, 02 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Lock + 80                   7CA21F9D 63 Bytes [ A1, 48, F5, BC, 7C, 8B, 4D, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractVersionResource16W + 73                   7CA222EC 61 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractVersionResource16W + B2                   7CA2232B 8 Bytes [ 75, F8, EB, F3, 90, 53, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractVersionResource16W + BB                   7CA22334 1 Byte [ 46 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractVersionResource16W + BD                   7CA22336 9 Bytes [ 54, 00, 57, 00, 41, 00, 52, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractVersionResource16W + C7                   7CA22340 1 Byte [ 5C ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllCanUnloadNow + 27                         7CA22EEC 15 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllCanUnloadNow + 37                         7CA22EFC 78 Bytes [ 57, 8B, 7D, 08, F7, 47, 04, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllCanUnloadNow + 86                         7CA22F4B 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllCanUnloadNow + 129                         7CA22FEE 4 Bytes [ 55, 8B, EC, 56 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!DllCanUnloadNow + 12E                         7CA22FF3 13 Bytes [ F1, 8B, 4D, 08, 57, FF, 76, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Unlock + 2                 7CA230D4 58 Bytes JMP 7CA22FB1 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Unlock + 3D                 7CA2310F 10 Bytes CALL 7CA2404B C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Unlock + 48                 7CA2311A 25 Bytes [ 00, 6A, 00, 68, F4, 01, 00, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Unlock + 62                 7CA23134 2 Bytes [ 1C, F8 ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotification_Unlock + 66                 7CA23138 55 Bytes [ 85, C0, 0F, 84, 8F, FD, FF, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotify + A                           7CA235D5 12 Bytes CALL 7C9F05E5 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotify + 17                         7CA235E2 28 Bytes CALL 7C9EFEF7 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotify + 34                         7CA235FF 10 Bytes CALL 7CA23421 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotify + 3F                         7CA2360A 8 Bytes CALL 7CA234F7 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHChangeNotify + 49                         7CA23614 4 Bytes CALL 7CA2348F C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractIconExW + 43                         7CA24F7E 28 Bytes [ FF, B6, 88, 00, 00, 00, E8, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractIconExW + 60                         7CA24F9B 30 Bytes [ 02, 00, 39, 5D, 10, 74, 10, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractIconExW + 7F                         7CA24FBA 28 Bytes CALL 7C9E83AC C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractIconExW + 9C                         7CA24FD7 15 Bytes [ A1, 48, F5, BC, 7C, 53, 8B, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!ExtractIconExW + AE                         7CA24FE9 39 Bytes [ 10, 89, 45, FC, 75, 12, 57, ... ]
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCloneSpecialIDList + 23                     7CA252F2 17 Bytes [ D0, 8B, 55, E0, 89, 07, 8D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCloneSpecialIDList + 35                     7CA25304 16 Bytes [ 4D, D8, 89, 4F, 0C, 8B, 4D, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCloneSpecialIDList + 46                     7CA25315 21 Bytes [ 55, E4, 51, 50, FF, 75, 08, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCloneSpecialIDList + 5C                     7CA2532B 41 Bytes [ 75, 08, 8D, 47, 2C, 68, 04, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!SHCloneSpecialIDList + 86                     7CA25355 14 Bytes JMP 7CA54E1E C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...                                                                   
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsExe + 26                             7CA25800 99 Bytes CALL 7CA25780 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsExe + 8A                             7CA25864 13 Bytes [ FF, 55, 8B, EC, 51, 51, 83, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsExe + 98                             7CA25872 27 Bytes [ 4D, F8, 8D, 4D, F8, E8, DB, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsExe + B4                             7CA2588E 42 Bytes [ FF, EB, E3, C9, C3, 33, C9, ... ]
.text       C:\WINDOWS\System32\svchost.exe[432] SHELL32.dll!PathIsExe + DF                             7CA258B9 7 Bytes CALL 7CA25861 C:\WINDOWS\system32\SHELL32.dll (Dll-fil med fælles dialogbokse til brugergrænsefladen i Windows/Microsoft Corporation)
.text       ...