‹‹ Virus - Personal Security     Facebook "you tube" virus ››
 
 
 
Ukendt virusprogram låser atl påcomputeren.
    [ Ignorer ]   
  bjravn
19.03.2010 11:46:12
Antal indlæg: 78

Hej.

Jeg har haft besøg af et ukendt virusprogram, som låste for stort set alle funktioner på
computeren, med en meddelse om at div. filer/programmer jeg ønskede at starte blev låst
med en meddelse om at de var angrebet af virus.
Problemet var kun på 1 brugerlogin ud af fire, med på de 3 andre kom en meddelse og at der skulle køres et program, straks der blev logget på, hvilket jo nok blev gjort på den 4 bruger.
Jeg har kørt CCleaner, skannet med BullGuard som ikke fandt noget, samt kørt Malwarwbytes som fandt 6 inficerede filer som blev fjernet.
Vedhæftet et par logs for ekstra kontrol om der er andet snavs tilbage.

Log fra Malwarebytes:
Malwarebytes’ Anti-Malware 1.44
Database version: 3878
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18-03-2010 06:07:36
mbam-log-2010-03-18 (06-07-36).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 219468
Tid tilbagelagt: 1 hour(s), 39 minute(s), 39 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 5

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxccncko (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Bjarne\Dokumenter\Hentede filer\video(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne\Dokumenter\Hentede filer\video(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne\Dokumenter\Hentede filer\video(4).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne\Dokumenter\Hentede filer\video.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne\Lokale indstillinger\Application Data\ukkhsv\guaesftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Log fra HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:31, on 19-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\Canon\MyPrinter\BJMyPrt.exe
C:\Programmer\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bjarne\Dokumenter\Hentede filer\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] “C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe” -boot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmer\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmer\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programmer\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] “C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe”
O4 - HKCU\..\Run: [updateMgr] “C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe” AcPro7_1_0 -reboot 1
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] “C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe” /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195308511247
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.new.facebook.com/controls/contactx.dll
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\Bjarne\LOKALE~1\Temp\pft6~tmp\INSTAL~1.EXE (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


End of file - 11714 bytes

    [ Ignorer ]   [ # 1 ]   
  Peder TeamSpywarefri
19.03.2010 12:01:31
Redaktør
Team Spywarefri
Antal indlæg: 12994

Hej.


—Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Luk alle andre vinduer ned.

Kør så Combofix.exe,  og følg anvisningerne.

Vigtigt-> Deaktiver dit antivirus/antispyware program.
Hvis du ikke kan deaktiver programmet, så klikker du bare ”OK” så vil combofix forsætte

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.

    [ Ignorer ]   [ # 2 ]   
  bjravn
19.03.2010 12:45:01
Antal indlæg: 78

Log fra Combofix.

ComboFix 10-03-18.02 - Bjarne 19-03-2010 11:25:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.658 [GMT 1:00]
Kører fra: c:\documents and settings\Bjarne\Dokumenter\Hentede filer\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe1.dll
c:\documents and settings\All Users\Application Data\hpe5.dll
c:\windows\system32\Data

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Service_npf


(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-19 til 2010-03-19 )))))))))))))))))))))))))))))))))))
.

2010-03-17 21:23 . 2010-03-17 21:24   5115823   ——a-w-  c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe
2010-03-17 21:22 . 2010-03-17 21:22   ————  d——-w-  c:\documents and settings\Mail\Application Data\Malwarebytes
2010-03-17 21:22 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-03-17 21:22 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 21:22 . 2010-03-17 21:25   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-03-13 10:32 . 2010-03-18 05:07   ————  d——-w-  c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\ukkhsv
2010-03-11 19:19 . 2010-03-11 19:19   ————  d——-w-  c:\programmer\Fælles filer\Deterministic Networks
2010-03-10 19:26 . 2009-10-23 15:28   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-06 17:17 . 2010-03-06 17:17   0   ——a-w-  c:\windows\nsreg.dat
2010-03-06 17:16 . 2010-03-06 17:16   ————  d——-w-  c:\documents and settings\Bjarne\Lokale indstillinger\Application Data\Mozilla
2010-03-05 21:51 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 10:37 . 2002-07-08 20:00   512440   ——a-w-  c:\windows\system32\perfh006.dat
2010-03-19 10:37 . 2002-07-08 20:00   106276   ——a-w-  c:\windows\system32\perfc006.dat
2010-03-19 10:23 . 2008-10-10 18:36   ————  d——-w-  c:\documents and settings\All Users\Application Data\BullGuard
2010-03-11 18:20 . 2009-08-10 13:47   ————  d——-w-  c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-03-10 20:37 . 2007-03-16 19:51   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 17:50 . 2009-04-03 17:02   87376   ——a-w-  c:\windows\system32\BGLsp.dll
2010-02-18 17:50 . 2008-09-19 13:48   14160   ——a-w-  c:\windows\system32\client_cc.dll
2010-02-18 17:49 . 2008-10-10 18:36   256792   ——a-r-  c:\windows\system32\drivers\AfwCore.sys
2010-02-18 17:49 . 2008-09-18 09:17   31640   ——a-r-  c:\windows\system32\drivers\Afw.sys
2010-02-01 18:49 . 2009-11-22 08:48   ————  d——-w-  c:\programmer\Sony Ericsson
2010-02-01 18:49 . 2007-03-16 19:06   ————  d—h—w-  c:\programmer\InstallShield Installation Information
2010-02-01 18:45 . 2010-02-01 18:45   ————  d——-w-  c:\programmer\Avanquest update
2010-01-24 18:45 . 2010-01-24 18:45   ————  d——-w-  c:\programmer\Vimicro
2010-01-22 10:13 . 2009-03-12 21:18   ————  d——-w-  c:\programmer\Microsoft Silverlight
2009-12-31 16:50 . 2004-08-27 12:00   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-27 12:00   916480   ——a-w-  c:\windows\system32\wininet.dll
2009-12-20 20:05 . 2008-11-30 13:42   411368   ——a-w-  c:\windows\system32\deploytk.dll
2009-12-20 20:03 . 2009-12-20 19:42   152576   ——a-w-  c:\documents and settings\Bjarne\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 20:03 . 2009-11-12 17:00   79488   ——a-w-  c:\documents and settings\Bjarne\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 18:02 . 2009-12-13 08:17   79488   ——a-w-  c:\documents and settings\Gunvor\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-05-12 17:17 . 2009-05-12 17:17   956344   ——a-w-  c:\programmer\SaveAsPDFandXPS.exe
2007-11-18 18:50 . 2007-03-20 18:56   29195296   —sha-w-  c:\windows\system32\drivers\fidbox.dat
2007-11-18 18:50 . 2007-03-20 18:56   1416992   —sha-w-  c:\windows\system32\drivers\fidbox2.dat
.

———- Sigcheck———-

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-27 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-27 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-27 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-27 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 32E823DFD0A7F18CF3B024F78C7AA7DD . 24832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 32E823DFD0A7F18CF3B024F78C7AA7DD . 24832 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-27 . 0B5A2F9059F01F4E1215782F3BBA7E87 . 24832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-27 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-27 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-27 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-27 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-27 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . 58AD7404C7FEE33EB0F3FC2BACD04FF6 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 58AD7404C7FEE33EB0F3FC2BACD04FF6 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-27 . 2D2A409A32520396CF23CA1B604FC935 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . AC9FCA8BCD685ABDB9928B1964B731A2 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AC9FCA8BCD685ABDB9928B1964B731A2 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-27 . 9086126FB5FD15CEB387121506400244 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 7B4A4A94389364565C2334A82FCDDF67 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 7B4A4A94389364565C2334A82FCDDF67 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . B1427399652E1C9DC13D710C8B93E967 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . A831DC8B17E7D33D4A3D9E61D196D257 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-27 . 7EE38D215A725DD9636543397BB5680A . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 51C84408E87A52187E25D839C58BDC45 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 51C84408E87A52187E25D839C58BDC45 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 51C84408E87A52187E25D839C58BDC45 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-26 . D346FE0FB5FB6811860C29D004F7BB69 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . E06D0A59737CF479466A86AB5E2A0B6B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . E06D0A59737CF479466A86AB5E2A0B6B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-27 . FD532707B4C012B2B73A8104EC7D510A . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . E0339362391BF6AC04D1622EF8E3A61B . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . E0339362391BF6AC04D1622EF8E3A61B . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-27 . 713AD65B9FF9CEE0A43181B442D846EB . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . C52D1F0C069AAA5641BD5010708E2E10 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . C52D1F0C069AAA5641BD5010708E2E10 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . A7CC1EC9AAFFBE2E49A578EC1A5355AB . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-27 . 84AFB3F3EF1520B8C93845B38357AEFB . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 325D42794A21D1717B98F354ACF499E2 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 325D42794A21D1717B98F354ACF499E2 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-27 . 9BF534EAD71926B4E4EB241188A5AFBE . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 9B00CFA245011AA6267512EAC7877985 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:29 . 72B9667D6F9FF2A85FCC43FDD7C8ED9F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:29 . 72B9667D6F9FF2A85FCC43FDD7C8ED9F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:29 . 72B9667D6F9FF2A85FCC43FDD7C8ED9F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 2FE64C97A8FBFE16E30D0DDF5BF22BCC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . F5FC65273A450ECF738ED02C55E74C5F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 07:05 . 0BC7487CFE87BA448BCF60BFA0AC9054 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 07:05 . 0BC7487CFE87BA448BCF60BFA0AC9054 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:41 . F14DD4E7D5DB60034648910E5576C158 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:29 . 111EF92C7FC32C3819A281CF12103213 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-27 12:00 . EF51807820172079DA4925DFFA8A4133 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . E8C6B982597CD2BA53D73A068CDF9D8C . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . E8C6B982597CD2BA53D73A068CDF9D8C . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-27 . 3C15A580CC20CD764608C04E90B5BAB4 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 333D52B7FC51C11F36E954471EB5C74D . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 333D52B7FC51C11F36E954471EB5C74D . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 649AC04C199A5840417F0D58E22961EB . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . C63AACC4E37600B9187DB3E303BE83C0 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-27 . DF5FD3B78F58F8605BA03C4F68134D73 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 092EAE8580AD227EDD7DBF67F687CE22 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 092EAE8580AD227EDD7DBF67F687CE22 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-27 . 00E0E767CA42AC7A01CE0D3665B7899D . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 359B4AC32B5AFAD31551FAB6A55489B3 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 359B4AC32B5AFAD31551FAB6A55489B3 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-27 . 1545BE01ABCC204F0EB33DDCE8CDD17E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . CA5E78029618D585ED054DBA44744F3B . 246784 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . CA5E78029618D585ED054DBA44744F3B . 246784 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . CA5E78029618D585ED054DBA44744F3B . 246784 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 9FC2465B35A50662C7589E4C36FF6475 . 246784 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . B7E606E6A07F25C558ECB2CF74B2EDCB . 246784 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . C9A10961900E88B34BEF56CDB9ED242C . 246784 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 5C49AC5A2435B040C6504ED603B274BD . 246784 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 5C49AC5A2435B040C6504ED603B274BD . 246784 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-27 . 27BFA605608A160D4087634DAF4409E2 . 246784 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 90C7E2675B3B1B6ADC5E694708F924F2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 90C7E2675B3B1B6ADC5E694708F924F2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-27 . FAEC07FEB65065D65B113399586EDEAD . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 71F270F3E6092CA48920FA3876ED86A2 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 71F270F3E6092CA48920FA3876ED86A2 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-27 . AF6CCEFAA99E42EE81290C7CC867C9B5 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . D609CB57A3B325A7B774EDD2C27665AD . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . D609CB57A3B325A7B774EDD2C27665AD . 186368 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-27 . 8089DF546BCB65603013764BA12961A8 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 2EE3F794D81AA928C689E1827EB4B88D . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 2EE3F794D81AA928C689E1827EB4B88D . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-27 . 620CC849AC9D58874CA1946BEB9E441E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 555F8F4CB284FE94059DCACF6074F9EC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 555F8F4CB284FE94059DCACF6074F9EC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-27 . 46FE2ED518FDFBFD289F014A3078575C . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . DD04BA74CF4D5D223675B1BD8326648E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . DD04BA74CF4D5D223675B1BD8326648E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 0C307830353C9F3C03761CAD332FE6A0 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 45B515249F9A768D09C59E978B770780 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-27 . 3D68B723527C3C39717C3748C71016E4 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . A45B00E0410E44E7177A403ECAD4B12A . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . A45B00E0410E44E7177A403ECAD4B12A . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 5B48D00DB4C1D0C3D3AF83A984A13020 . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 4E3D092A2600B8888F1874E7C9A7E0B7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . B0C3B7A16FC7779566843E9EE1912649 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 0C1CDB3D46E1EAADF16269FA7DFAF490 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-27 . B9730010E7364F87234D23CE0E05F0C3 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . 7B3770DB760FBBA068454EAFCAA89772 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 7B3770DB760FBBA068454EAFCAA89772 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-27 . 3A03D6433E4E5FD3430DD3431FC6AC54 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 4C92DB1CD4ABC8A986896FCD3070B4CE . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 4C92DB1CD4ABC8A986896FCD3070B4CE . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-27 . 3C83A9029BC93E4CDCF7975DECFDAE5D . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 1D9BD1CAA1E4CF63370F201DF742DC7D . 1034752 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 1D9BD1CAA1E4CF63370F201DF742DC7D . 1034752 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 91E15A22E62A11014DB521FB589B6093 . 1034240 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 9D7A9E7F4A89AA43D108C4E4C153B561 . 1034240 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-27 . DA77B9561CC9AC54584C86CAB36EBF25 . 1033216 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 1E8F91A7CD08BDB7482746F97365E12E . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 1E8F91A7CD08BDB7482746F97365E12E . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-26 . 651265C93696757DE3EAB1D70156C331 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . FC4844E89ED0CFAA8CE3DFC4030F65A7 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . FC4844E89ED0CFAA8CE3DFC4030F65A7 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-27 . 19401E25CDDCD8EE1B38FCC8093E0C34 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 3FEE6C536D5BFC0F1B6BCA56F97D1F80 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 3FEE6C536D5BFC0F1B6BCA56F97D1F80 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-27 . 4A4A39BD4E4C77644E4912A9A6D039BB . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . DAC8A51BA067F38B74766900E6DEA66A . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . DAC8A51BA067F38B74766900E6DEA66A . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-27 . 9AF52B89ACD5DCC707A1F7DE1720B419 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9C88478DFAFF22089045EE3B166C7809 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9C88478DFAFF22089045EE3B166C7809 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-27 . F8D3A7033A6D6684C3B97CB785DBC57C . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . CB8D8AB9CED50556501014F97A9FA270 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . CB8D8AB9CED50556501014F97A9FA270 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-27 . 8289923E26D00213080E3E3D7E219F4C . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 0FF4335FAFE269B3241267AF58C477A7 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 0FF4335FAFE269B3241267AF58C477A7 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 363B20C154BB8843945359D4ACDCFA61 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 5BD7B28E1E8B7526576E3F3C6092C3D4 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-27 . 6E0AB87BA0F67838154F8F451666C8AC . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 13BCBC0ACF9DC7F3192034BD858CC1AD . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 13BCBC0ACF9DC7F3192034BD858CC1AD . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-27 . 76F95C9DD5EE7860159C2B003296B515 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 7D53DC5DE342AF26401A3CBBBC8CAFB8 . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 7D53DC5DE342AF26401A3CBBBC8CAFB8 . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-26 . 89EBA3A24B687C5E5EA70545C810D99B . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . B1D1003D618961EB936A0717E74CB147 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . B1D1003D618961EB936A0717E74CB147 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-27 . 8DD7647D84C8E86C38DB2315721A8C35 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . 14C8EC0AA06A33CCC5407E4324F91312 . 296448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 14C8EC0AA06A33CCC5407E4324F91312 . 296448 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-26 . DE5B43EAFE4070FEBD050D2AA48776AF . 296448 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-27 . 6F99FE216DE8C4875DBB12937620DA0C . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-27 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-27 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 07:05 . D8A6C358FD655AAC570B2BE410B92F1E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 07:05 . D8A6C358FD655AAC570B2BE410B92F1E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:18 . 236DBD53577CA1E00A9FC8EA9A0FD851 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-27 12:00 . AD8603B42E0286A8F3BE0EB362578387 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 6C585D70D270607FF861D762494B25E2 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 6C585D70D270607FF861D762494B25E2 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-27 . 8AD2AF0C66A14A147CC70BDA7A2CF7DC . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-26 16:53 . DDD7010BD4A16B17E87FFB012CBA959D . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 07:05 . 1FE8446399F6044504F569014A2599B3 . 435712 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 07:05 . 1FE8446399F6044504F569014A2599B3 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-27 12:00 . 4EC4FD5468909322D3E5A9DA43C808A6 . 435712 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . D091AA5963C06AFEC8BFC3D5B1B24647 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . D091AA5963C06AFEC8BFC3D5B1B24647 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . CB13936C9596A498090E2388CEBFCABF . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . EABEA2114F67623B2ED6DE62B7278737 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-27 . 281DB51ADDF51C07F45096BD036A7086 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\bullguard.exe” [2010-02-18 304464]
“updateMgr”=“c:\programmer\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe” [2006-03-30 313472]
“Sony Ericsson PC Suite”=“c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe” [2009-09-24 434176]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2003-10-06 5058560]
“GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“nwiz”=“nwiz.exe” [2003-10-06 741376]
“REGSHAVE”=“c:\programmer\REGSHAVE\REGSHAVE.EXE” [2002-02-04 53248]
“Acrobat Assistant 7.0”=“c:\programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2008-04-23 483328]
“BullGuard”=“c:\programmer\BullGuard Ltd\BullGuard\bullguard.exe” [2010-02-18 304464]
“CanonSolutionMenu”=“c:\programmer\Canon\SolutionMenu\CNSLMAIN.exe” [2008-03-10 689488]
“CanonMyPrinter”=“c:\programmer\Canon\MyPrinter\BJMyPrt.exe” [2008-03-17 1848648]
“IJNetworkScanUtility”=“c:\programmer\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE” [2007-05-20 124512]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2008-09-06 413696]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“BigDog303”=“c:\windows\VM303_STI.EXE” [2005-06-23 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
“NvMediaCenter”=“c:\windows\system32\NVMCTRAY.DLL” [2003-10-06 49152]

c:\documents and settings\Gunvor\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\L.T.S\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-4-16 25214]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-3-11 6144]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-12-30 745472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@=“Service”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPVUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FXCDUpdater1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 21:46   57344   ——a-w-  c:\programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45   313472   ——a-w-  c:\programmer\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=

R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [10-10-2008 19:34 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [27-08-2004 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [30-12-2009 22:46 66048]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [01-02-2010 19:49 90112]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [18-09-2008 10:17 31640]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [10-10-2008 19:36 256792]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [30-12-2009 22:46 167808]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [30-12-2009 22:46 13532]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22-11-2009 09:49 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22-11-2009 09:49 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22-11-2009 09:49 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22-11-2009 09:49 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22-11-2009 09:49 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22-11-2009 09:49 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22-11-2009 09:50 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard   REG_MULTI_SZ     BgMainSvc BsFileScan BsMailProxy BsFire
.
Indhold af mappen ‘Planlagte Opgaver’

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{F87376E8-1A65-426F-B7C0-DE10D6EA9ABA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\bglsp.dll
Trusted Zone: soft32.com\www
Trusted Zone: sonyericsson.com\www
DPF: Microsoft XML Parser for Java
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Bjarne\Application Data\Mozilla\Firefox\Profiles\9hhi94l2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”,  1600);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”,        false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”,    2);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”,    1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”,  25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”,    5);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
- - - - TOMME GENVEJE FJERNET - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Sony Ericsson PC Suite - c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 11:34
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘lsass.exe’(1784)
c:\windows\system32\bglsp.dll

- - - - - - - > ‘explorer.exe’(232)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\brss01a.exe
c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\programmer\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-19 11:42:29 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-19 10:42
ComboFix2.txt 2007-10-29 19:38

Pre-Kørsel: 9.172.779.008 byte ledig
Post-Kørsel: 9.118.732.288 byte ledig

- - End Of File - - 67E2DA720C94155FD2BFC769E33DB2E8

    [ Ignorer ]   [ # 3 ]   
  Magic Emeritus
20.03.2010 05:10:10
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Hvordan kører tingene nu ?

    [ Ignorer ]   [ # 4 ]   
  bjravn
20.03.2010 11:34:18
Antal indlæg: 78

Maskinen kører ok. allerede efter Malware bytes havde ryddet op forsvandt problemet, men det ekstre cheek var for at kontrollere om der var kommet andet snavs med.
Er der ikke andet er det ok at lukke her.

    [ Ignorer ]   [ # 5 ]   
  Peder TeamSpywarefri
20.03.2010 11:43:25
Redaktør
Team Spywarefri
Antal indlæg: 12994

Tid til oprydning

Klik på START derefter Kør

Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /Uninstall, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.


Du bør oprette et nyt gendannelsespunkt for at fjerne eventuelle infektioner fra et gammelt gendannelsespunkt.
Den nemmeste og sikreste måde at gøre dette på er:

Gå til Start> Alle programmer> Tilbehør> Systemværktøjer> Systemgendannelse
Vælg Opret et gendannelsespunkt, og tryk Ok.

Næste, skal du gå til Start> Kør og skriv cleanmgr
Vælg drev c og lad den søge
Vælg Flere indstillinger, fanen
Vælg Systemgendannelse - Ryd op og tryk OK.
Dette vil fjerne alle gendannelsespunkter, undtagen det nye du lige har oprettet.

God fornøjelse grin

Jeg lukker tråden, du er velkommen igen.

 
‹‹ Virus - Personal Security     Facebook "you tube" virus ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves