DDS
DDS (Ver_09-06-26.01) - NTFSx86
Run by Rasmus at 11:18:35,75 on 13-07-2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1030.18.1023.263 [GMT 2:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\wf2k.exe
c:\programmer\winfast\wftvfm\wfwiz.exe
c:\programmer\microsoft intellipoint\point32.exe
c:\windows\rthdcpl.exe
c:\programmer\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\programmer\java\jre6\bin\jusched.exe
c:\programmer\eset\eset nod32 antivirus\egui.exe
c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
c:\windows\system32\ctfmon.exe
c:\programmer\spybot - search & destroy\teatimer.exe
c:\programmer\steam\steam.exe
c:\programmer\windows media player\wmpnscfg.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
c:\programmer\magicdisc\magicdisc.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\programmer\microsoft office\office12\onenotem.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmer\videolan\vlc\vlc.exe
C:\WINDOWS\system32\cidaemon.exe
c:\programmer\mozilla firefox\firefox.exe
c:\documents and settings\rasmus\skrivebord\dds.pif
============== Pseudo HJT Report ===============
uStart Page =
hxxp://eu.ask.com?o=15087&l=disuSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
hxxp://www.google.com/ieuURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mWinlogon: Shell=Explorer.exe c:\windows\config\lsass.exe
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\programmer\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\programmer\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programmer\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Adobe PDF Reader Link Helper: {b782ede4-ccb3-4e3e-981f-96c68116f38c} - c:\windows\system32\AcroIEHelpe5.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\programmer\textware\quickfind\plugins\IEHelp.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\MsnMsgr.Exe" /background
uRun: [NVIDIA nTune] "c:\programmer\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmer\fælles filer\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\programmer\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\programmer\windows media player\WMPNSCFG.exe
mRun: [WinFoxV2] c:\windows\system32\WF2K.EXE
mRun: [WinFast2KLoadDefault] rundll32.exe c:\windows\system32\wf2kcpl.dll,DllLoadDefaultSettings
mRun: [WinFast Schedule] c:\programmer\winfast\wftvfm\WFWIZ.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [IntelliPoint] "c:\programmer\microsoft intellipoint\point32.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\programmer\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBKeyScan] "c:\programmer\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [egui] "c:\programmer\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\rasmus\menuen~1\progra~1\start\magicd~1.lnk - c:\programmer\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\rasmus\menuen~1\progra~1\start\screen~1.lnk - c:\programmer\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - c:\programmer\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\programmer\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\programmer\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\programmer\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programmer\partygaming\partypoker\RunApp.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://c:\programmer\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\programmer\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} -
hxxp://webnode1.xstream.dk/radiostation ... awflow.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cabDPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
hxxp://www.nvidia.com/content/DriverDow ... eqlab2.cabDPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
hxxp://download.divx.com/player/DivXBrowserPlugin.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
hxxp://messenger.zone.msn.com/binary/ZI ... b56649.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
hxxp://messenger.zone.msn.com/binary/Me ... b56907.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/get/sh ... wflash.cabDPF: {D8575CE3-3432-4540-88A9-85A1325D3375} -
hxxps://netbank.danskebank.dk/html/acti ... afekey.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
hxxp://l.yimg.com/jh/games/web_games/po ... der_v6.cabFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmer\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programmer\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rasmus\applic~1\mozilla\firefox\profiles\jfeux6ma.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.dkFF - prefs.js: keyword.URL -
hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=FF - plugin: c:\programmer\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programmer\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-12-4 93848]
R2 ekrn;ESET Service;c:\programmer\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 WFIOCTL;WFIOCTL;c:\programmer\winfast\wftvfm\WFIOCTL.sys [2007-2-10 9446]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-2-10 9600]
S0 ati1mdxx;ati1mdxx;c:\windows\system32\drivers\ati1mdxx.sys --> c:\windows\system32\drivers\ati1mdxx.sys [?]
S0 ati3mtxx;ati3mtxx;c:\windows\system32\drivers\ati3mtxx.sys --> c:\windows\system32\drivers\ati3mtxx.sys [?]
S2 caerf;Center Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\rasmus\lokale~1\temp\nrg134.tmp --> c:\docume~1\rasmus\lokale~1\temp\NRG134.tmp [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2009-07-08 18:01 <DIR> --d----- c:\programmer\Trend Micro
2009-07-04 20:20 <DIR> --d----- c:\programmer\Steam
2009-07-02 11:01 12,794,013 a------- c:\windows\system32\SteamUI_894.pkg
2009-06-30 01:38 <DIR> --d----- c:\programmer\Maxis
2009-06-28 18:57 <DIR> --d----- C:\~MSSETUP.T
2009-06-28 16:15 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-26 14:06 82,380 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-06-26 14:04 <DIR> --d----- c:\programmer\fælles filer\Hewlett-Packard
2009-06-26 11:09 <DIR> --d----- c:\programmer\GPLGS
2009-06-26 11:09 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-26 11:08 <DIR> --d----- c:\programmer\Acro Software
2009-06-20 00:19 <DIR> --d----- c:\windows\system32\SteamApps
2009-06-13 13:15 <DIR> --dsh--- c:\windows\ftpcache
==================== Find3M ====================
2009-07-11 20:43 34 a------- c:\documents and settings\rasmus\jagex_runescape_preferences.dat
2009-05-22 16:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 09:40 4,096 a------- c:\windows\system32\01.tmp
2009-05-12 22:52 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-05-12 22:52 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-10-31 19:13 22,328 a------- c:\docume~1\rasmus\applic~1\PnkBstrK.sys
2007-09-18 22:06 81,920 a------- c:\docume~1\rasmus\applic~1\ezpinst.exe
2007-09-18 22:06 47,360 a------- c:\docume~1\rasmus\applic~1\pcouffin.sys
2007-03-29 23:27 774,144 a------- c:\programmer\RngInterstitial.dll
2008-12-01 23:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2008-12-01 15:11 49,152 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008112420081201\index.dat
2008-12-08 08:00 98,304 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120120081208\index.dat
2008-12-08 17:55 49,152 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120820081209\index.dat
2008-12-10 00:29 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008120920081210\index.dat
2008-12-10 19:56 98,304 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008121020081211\index.dat
============= FINISH: 11:18:55,59 ===============
attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 09-02-2007 23:29:34
System Uptime: 13-07-2009 11:02:26 (0 hours ago)
Motherboard: MSI | | MS-7309
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 153 GiB total, 68,844 GiB free.
D: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (UDF)
==== Disabled Device Manager Items =============
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standardtastaturer)
Name: Standard 101/102-tastatur eller Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&38D79619&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&38D79619&0
Service: i8042prt
==== System Restore Points ===================
RP35: 12-04-2009 19:39:38 - Installed GRID
RP36: 12-04-2009 20:11:24 - Installed DirectX
RP37: 14-04-2009 19:44:11 - Systemkontrolpunkt
RP38: 15-04-2009 20:21:56 - Systemkontrolpunkt
RP39: 17-04-2009 17:02:11 - Systemkontrolpunkt
RP40: 19-04-2009 15:32:50 - Systemkontrolpunkt
RP41: 21-04-2009 19:42:53 - Systemkontrolpunkt
RP42: 23-04-2009 13:03:21 - Systemkontrolpunkt
RP43: 24-04-2009 19:54:34 - Systemkontrolpunkt
RP44: 26-04-2009 12:49:24 - Systemkontrolpunkt
RP45: 29-04-2009 14:13:12 - Systemkontrolpunkt
RP46: 30-04-2009 16:48:25 - Systemkontrolpunkt
RP47: 01-05-2009 17:10:55 - Systemkontrolpunkt
RP48: 02-05-2009 17:13:45 - Systemkontrolpunkt
RP49: 03-05-2009 19:31:40 - Systemkontrolpunkt
RP50: 04-05-2009 22:12:04 - Systemkontrolpunkt
RP51: 06-05-2009 11:26:06 - Systemkontrolpunkt
RP52: 07-05-2009 12:13:25 - Systemkontrolpunkt
RP53: 08-05-2009 14:07:00 - Systemkontrolpunkt
RP54: 10-05-2009 01:57:22 - Systemkontrolpunkt
RP55: 11-05-2009 08:22:46 - Systemkontrolpunkt
RP56: 12-05-2009 09:21:21 - Systemkontrolpunkt
RP57: 13-05-2009 10:18:53 - Systemkontrolpunkt
RP58: 14-05-2009 21:42:03 - Systemkontrolpunkt
RP59: 15-05-2009 22:19:25 - Systemkontrolpunkt
RP60: 16-05-2009 12:39:53 - Installed SigmaTel MSCN Audio Player
RP61: 16-05-2009 12:48:56 - Removed SigmaTel MSCN Audio Player
RP62: 18-05-2009 22:20:53 - Systemkontrolpunkt
RP63: 20-05-2009 17:27:27 - Systemkontrolpunkt
RP64: 21-05-2009 18:00:34 - Systemkontrolpunkt
RP65: 22-05-2009 16:56:29 - Installed Java(TM) 6 Update 13
RP66: 23-05-2009 19:01:02 - Removed GRID
RP67: 24-05-2009 20:33:46 - Systemkontrolpunkt
RP68: 25-05-2009 21:09:56 - Systemkontrolpunkt
RP69: 27-05-2009 07:45:17 - Systemkontrolpunkt
RP70: 28-05-2009 16:04:11 - Systemkontrolpunkt
RP71: 29-05-2009 18:21:24 - Systemkontrolpunkt
RP72: 31-05-2009 05:26:13 - Systemkontrolpunkt
RP73: 01-06-2009 14:40:24 - Systemkontrolpunkt
RP74: 02-06-2009 20:27:47 - Systemkontrolpunkt
RP75: 03-06-2009 21:30:08 - Systemkontrolpunkt
RP76: 04-06-2009 08:39:12 - Removed ESET NOD32 Antivirus
RP77: 04-06-2009 08:41:39 - Installed ESET NOD32 Antivirus
RP78: 05-06-2009 09:14:19 - Systemkontrolpunkt
RP79: 06-06-2009 14:42:12 - Installeret The Sims 3
RP80: 07-06-2009 17:03:46 - Installeret The Sims 3
RP81: 08-06-2009 17:09:20 - Systemkontrolpunkt
RP82: 09-06-2009 17:34:18 - Systemkontrolpunkt
RP83: 10-06-2009 21:19:16 - Systemkontrolpunkt
RP84: 12-06-2009 13:58:16 - Systemkontrolpunkt
RP85: 13-06-2009 13:20:33 - Removed Far Cry 2
RP86: 13-06-2009 13:23:53 - Installed Prototype(TM)
RP87: 13-06-2009 14:27:03 - Removed Prototype(TM)
RP88: 13-06-2009 14:28:14 - Installed Prototype(TM)
RP89: 14-06-2009 18:13:07 - Systemkontrolpunkt
RP90: 15-06-2009 21:27:52 - Systemkontrolpunkt
RP91: 16-06-2009 13:15:47 - Installed DirectX
RP92: 17-06-2009 13:44:19 - Systemkontrolpunkt
RP93: 17-06-2009 22:09:18 - Removed Prototype(TM)
RP94: 19-06-2009 13:00:38 - Systemkontrolpunkt
RP95: 20-06-2009 00:14:29 - Removed Steam
RP96: 20-06-2009 00:16:32 - Installed Steam
RP97: 21-06-2009 11:37:56 - Systemkontrolpunkt
RP98: 22-06-2009 14:01:37 - Systemkontrolpunkt
RP99: 23-06-2009 14:12:27 - Systemkontrolpunkt
RP100: 24-06-2009 16:57:41 - Systemkontrolpunkt
RP101: 25-06-2009 17:00:02 - Systemkontrolpunkt
RP102: 26-06-2009 11:08:55 - Printerdriveren CutePDF Writer er installeret
RP103: 26-06-2009 14:03:27 - Installed HP Photo and Imaging 2.0 - All-in-One
RP104: 26-06-2009 14:04:47 - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP105: 26-06-2009 14:07:12 - Installed hp psc 1200 series
RP106: 27-06-2009 15:49:53 - Systemkontrolpunkt
RP107: 28-06-2009 16:13:21 - Removed HP Photo and Imaging 2.0 - All-in-One
RP108: 28-06-2009 16:14:38 - Removed HP Photo and Imaging 2.0 - All-in-One Drivers
RP109: 28-06-2009 16:15:15 - Removed hp psc 1200 series
RP110: 29-06-2009 16:25:10 - Systemkontrolpunkt
RP111: 30-06-2009 22:38:30 - Systemkontrolpunkt
RP112: 02-07-2009 12:25:38 - Systemkontrolpunkt
RP113: 03-07-2009 15:41:35 - Systemkontrolpunkt
RP114: 04-07-2009 17:38:55 - Systemkontrolpunkt
RP115: 04-07-2009 20:15:59 - Removed Steam
RP116: 04-07-2009 20:17:15 - Removed Counter-Strike: Source
RP117: 04-07-2009 20:17:45 - Removed Counter-Strike: Source
RP118: 04-07-2009 20:20:52 - Installed Steam
RP119: 05-07-2009 20:46:28 - Systemkontrolpunkt
RP120: 06-07-2009 22:30:22 - Systemkontrolpunkt
RP121: 07-07-2009 22:30:49 - Systemkontrolpunkt
RP122: 08-07-2009 22:45:50 - Systemkontrolpunkt
RP123: 10-07-2009 19:35:01 - Systemkontrolpunkt
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Ask Toolbar
Autodesk DWF Viewer
Backburner
BitCometBeta [20080522]
CD-ORD
Cherry Dolls 1.0
Collab
Counter-Strike: Source
CutePDF Writer 2.7
Deckadance
Diablo II
Dungeon Keeper 2
ESET NOD32 Antivirus
Fallout 3
FL Studio 8
Garena
Google Toolbar for Internet Explorer
Graphmatica
Gyldendals Røde Ordbøger Dansk-Engelsk/Engelsk-Dansk Ordbog
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
HotKey
HP Memories Disc
hp psc 1200 series
IL-2 Sturmovik Series Ultimate Edition
IL Download Manager
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 5.1.2
LiveUpdate 1.90 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.97
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 5.4
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Software Update for Web Folders (Danish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
mIRC
Mozilla Firefox (3.0.11)
Mozilla Sunbird (0.9)
mplayer.com
MS Access 97 SP2
MSI Live Update 3
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Nero - Burning Rom
Nero BackItUp 2 Essentials
Nero Media Player
Nero OEM
NeroVision Express 2
neroxml
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA nTune
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
OpenAL
PDF Settings
PokerStars
RealArcade
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB929969)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB917734)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB960715)
SimCity 3000 World Edition
SONAR 7 Producer Edition
Sony ACID Pro 6.0
Sony Media Manager 2.2
SpellForce 2 - Shadow Wars
Spybot - Search & Destroy
Steam
Super nude patch II 2.8
System Requirements Lab
The Sims™ 3
Toxic Biohazard
ToxicIII
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Ventrilo Client
VLC media player 0.9.9
Vuze
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Billedgalleri
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast PVR
WinFast(R) Display Driver
WinFox V1.0 Setup
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
13-07-2009 11:04:33, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
13-07-2009 11:04:33, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
13-07-2009 11:04:33, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
13-07-2009 11:04:09, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11-07-2009 18:03:28, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11-07-2009 17:04:32, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
11-07-2009 17:04:32, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
11-07-2009 17:04:32, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
10-07-2009 17:47:21, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
10-07-2009 17:47:21, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
10-07-2009 17:47:21, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
10-07-2009 17:46:53, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09-07-2009 11:25:51, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
09-07-2009 11:25:51, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
09-07-2009 11:25:51, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
09-07-2009 11:25:21, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09-07-2009 00:25:50, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
08-07-2009 17:43:44, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
08-07-2009 17:43:44, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
08-07-2009 17:43:44, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
08-07-2009 17:43:14, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
08-07-2009 12:50:03, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
08-07-2009 12:50:03, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
08-07-2009 12:50:03, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
08-07-2009 12:49:41, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07-07-2009 13:18:44, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
07-07-2009 13:18:44, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
07-07-2009 13:18:44, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
07-07-2009 13:18:20, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
06-07-2009 13:42:32, error: Service Control Manager [7026] - Følgende boot-start- eller system-start-driver kunne ikke indlæses: i8042prt
06-07-2009 13:42:32, error: Service Control Manager [7023] - Tjenesten Center Microsoft blev afbrudt med følgende fejl: Det angivne modul blev ikke fundet.
06-07-2009 13:42:32, error: Service Control Manager [7000] - Tjenesten Ventrilo kunne ikke starte pga. følgende fejl: Den angivne fil blev ikke fundet.
06-07-2009 13:42:08, error: DCOM [10005] - Fejlen "%1058" opstod på DCOM under forsøg på at starte tjenesten wuauserv med argumenterne "" for at køre serveren: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
==== End Of File ===========================
Gmer
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-07-13 15:18:59
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 8584E630 ZwAssignProcessToJobObject
SSDT sptd.sys ZwCreateKey [0xF72BAC04]
SSDT sptd.sys ZwEnumerateKey [0xF72BAD48]
SSDT sptd.sys ZwEnumerateValueKey [0xF72BB0C0]
SSDT sptd.sys ZwOpenKey [0xF72BAAE2]
SSDT 8584DA60 ZwOpenProcess
SSDT 8584DE80 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF72BB18A]
SSDT sptd.sys ZwQueryValueKey [0xF72BB022]
SSDT sptd.sys ZwSetValueKey [0xF72BB212]
SSDT 8584E460 ZwSuspendProcess
SSDT 8584E280 ZwSuspendThread
SSDT 8584DC90 ZwTerminateProcess
SSDT 8584E0B0 ZwTerminateThread
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD8C78
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Udfs \UdfsCdRom 86A6CEB0
Device \FileSystem\Udfs \UdfsDisk 86A6CEB0
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\nvata \Device\00000070 86FD80E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F8B7C8
Device \Driver\Cdrom \Device\CdRom0 86DE4510
Device \FileSystem\Rdbss \Device\FsWrap 86C46EB0
Device \Driver\Cdrom \Device\CdRom1 86DE4510
Device \Driver\Cdrom \Device\CdRom2 86DE4510
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A86590
Device \Driver\NetBT \Device\NetbiosSmb 86A86590
Device \Driver\NetBT \Device\NetBT_Tcpip_{094F871E-E5C1-47F9-9085-F5AE573C81B0} 86A86590
Device \Driver\Disk \Device\Harddisk0\DR0 86FD8EB0
Device \Driver\nvata \Device\NvAta0 86FD80E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B07EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B07EB0
Device \FileSystem\Npfs \Device\NamedPipe 869E7728
Device \Driver\Ftdisk \Device\FtControl 86F8B7C8
Device \FileSystem\Msfs \Device\Mailslot 86C5BE60
Device \FileSystem\Cdfs \Cdfs 86A17D98
---- Threads - GMER 1.0.15 ----
Thread System [4:460] 8584C790
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] caerf <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@DisplayName Center Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf@Description Giver mulighed for adresseovers?ttelse, adressering, navnefortolkning og/eller tjenester til forebyggelse af uautoriseret brug for netv?rksadresser p? et hjemmenetv?rk eller mindre kontornetv?rk.
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\caerf\Parameters@ServiceDll C:\WINDOWS\system32\owjnfwb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1241238434
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1318536720
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1121503677
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@DisplayName Center Microsoft
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\caerf@Description Giver mulighed for adresseovers?ttelse, adressering, navnefortolkning og/eller tjenester til forebyggelse af uautoriseret brug for netv?rksadresser p? et hjemmenetv?rk eller mindre kontornetv?rk.
Reg HKLM\SYSTEM\ControlSet004\Services\caerf\Parameters
Reg HKLM\SYSTEM\ControlSet004\Services\caerf\Parameters@ServiceDll C:\WINDOWS\system32\owjnfwb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0x9E 0xC2 0x69 ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PA1AE1~1.MP3 3408000 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~1.MP3 4167056 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~2.MP3 2989372 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~3.MP3 6418690 bytes
File C:\Documents and Settings\Rasmus\Dokumenter\Musik\Musik\alt mit rock\papa roach\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\Papa Roach - Let'em Know [1999]\PAPARO~4.MP3 5435687 bytes
ADS C:\System Volume Information\_restore{F93DDD88-1481-43C6-A0CD-3ED05822FDB3}\RP77\A0029318.exe:ext.exe 25088 bytes executable
---- EOF - GMER 1.0.15 ----