Jag har fått virus W32.Myzor.FK@yf, kan någon hjälpa mig?

[Cecilia]

Pröva med det

 

Tillägg:

Uppdatera och kör MBAM så får vi se om den hittar något mer.

 

[inlägget ändrat 2008-12-13 19:38:33 av Cecilia]

[KAR1NS]

Det gick inte att ta bort filnamnet/filen i Gmer.. den säger att filen inte kunde hittas. Körde en scan med MBAM som inte hittade nåt, men jag bifogar loggen ändå:

 

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1497

Windows 6.0.6000

 

2008-12-13 19:47:13

mbam-log-2008-12-13 (19-47-13).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 45859

Förfluten tid: 4 minute(s), 11 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)[/log]

 

Jag fick en virusvarning från mitt antivirusprogram tidigare idag som sa att jag var infekterad med en form av Trojan Horse AO..nånting, och då kom även filnamnet som vi försöker få bort upp.

Hur ska jag fortsätta?

 

[Cecilia]

Om det inte hjälper så starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

Starta Enhetshanteraren på det här viset:

 

Start - Program - Tillbehör - Kommandotolken

Skriv:

set DEVMGR_SHOW_DETAILS=1

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

start devmgmt.msc

 

och välj att visa Dolda enheter i Visa-menyn. Leta efter 6EB156CCD506E37A

Högerklicka på den och välj Egenskaper. I det nya fönstret välj fliken Drivrutiner och där sätt Autostart till Inaktiverad.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mappen C:\Windows\System32\6EB156CCD506E37A om du hittar den.

Ta även bort filerna:

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289-439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

0.C7483456-A289-439d-8115-601632D005A0

om du hittar dem.

 

Starta om i vanligt läge.

 

[KAR1NS]

ooo vilken pers!! mycket har hänt nu. Jag startade om datorn io felsäkert läge, fick upp enhetshanteraren och hittade filnamnet 6EB156CCD506E37A ocg gick in i egenskaper. Det gick inte att inaktivera autostart.. det gick inte att markera eller använda dom fälten alls. som att dom var frysta.

i Egenskaper om filen stod det:

Enhetstyp: Drivrutiner som inte är plug & play-typ.

Tillverkare: Okänd

Plats: Okänd

 

Enhetsstatus: Den här maskinvaran är inte ansluten till datorn. (kod 45)

Du kan rätta till problemet genom att åter ansluta enheten till datorn. Klicka på "Sök efter lösningar" om du vill skicka information om enheten till Microsoft och kontrollera om det finns någon lösning.

 

Sedan gick jag vidare enligt din beskrivning och tog bort de filnamnen/filerna du skrev. Sedan startade jag om datorn. Allt gick bra fram tills jag loggade in, så kom en ruta upp med texten: En Otillåten ändring gjordes i Windows. Windows har upptäckt en ändring som resulterar i begränsad windows-funktionalitet. Använd länken nedan om du vill veta hur du åtgärdar problemet.

 

Jag startade om datorn med nero start-smart skivan i och tryckte på alternativet system restore eller liknande (det jag skulle vet jag att det var iallafall) men inget hände. så jag startade om datorn igen fast normalt den här gången. Då var jag tvungen att ange min produktnyckel till Vista. Jag gjorde detta men först sa den att jag behövde en ny produktnyckel. Sen gick den tillbaks igen och tack och lov startade datorn..forts

 

[KAR1NS]

jo..datorn och window startade normalt, jag gick in och kollade i C:/Windows/System32.. och filnamnet 6EB156CCD506E37A finns inte längre i den mappen. Men dom två andra filnamnen du angav finns tyvärr kvar.

oo..helt svettig nu ju! =) men tack för en oerhört bra guidning!

 

[KAR1NS]

har kört Gmer 2 gånger (för säkerhetsskull) men den visar inget längre. Det konstiga är att det inte ens kommer upp någon logg efter scanen.

Innan så kom det alltid upp ett varningsmeddelande i början av scanen som sa att Gmer hade hittat någon form av oönskad fil (den vi hela tiden har försökt få bort) Men sedan systemåterställningen så kommer inget sådant varningsmeddelande alls. Det måste ju ändå betyda något bra!? =)

 

[Cecilia]

Jag startade om datorn med nero start-smart skivan i och tryckte på alternativet system restore eller liknande (det jag skulle vet jag att det var iallafall) men inget hände.

Fick du välja något datum eller återställningspunkt? Vilket valde du i så fall?

 

Klistra in loggen från Gmer så får jag se hur den ser ut nu och så en ny OTViewIt-logg (extra-loggen behövs inte).

 

[KAR1NS]

Jag fick inte välja någon återställningspunkt, när jag tryckte på system restore kom det upp ett meddelande som sa något i stil med att "valet du gjort är redan aktiverat". jag provade flera gånger men samma meddelande kom upp varje gång, så jag valde att starta om datorn, ta ut skivan, och då kom jag till delen där jag var tvungen att skriva in Vista-produktnyckeln, sen startade windows som normalt.

 

Gmer ger mig ingen logg när den är färdig och den enda textraden jag fick upp i Gmerfönstret efter scannen var:

 

.text C:\Users\Karin\Desktop\gmer\gmer.exe(2152)ntdll.dll!NtCreateFile+3

7767F417 2 Bytes (9D,FA)

 

OTViewIT loggen:

 

[log]OTViewIt logfile created on: 2008-12-14 11:06:30 - Run 4

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Users\Karin\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16764)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,79% Memory free

3,98 Gb Paging File | 3,19 Gb Available in Paging File | 80,30% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 17,71 Gb Free Space | 19,21% Space Free | Partition Type: NTFS

Drive D: | 45,12 Gb Total Space | 28,01 Gb Free Space | 62,08% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARINS-DATOR

Current User Name: Karin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2007-11-03 15:11:38 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2006-11-02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe

[2008-08-31 10:49:46 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2008-07-29 20:11:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008-08-31 10:49:45 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe

[2006-11-02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2007-11-03 14:53:16 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2007-11-03 14:03:10 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

[2007-04-10 15:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2006-11-22 17:31:26 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[2008-11-27 10:37:24 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[2006-09-29 18:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

[2006-11-02 13:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

[2008-06-30 19:23:49 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[2006-11-02 13:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

[2006-11-02 10:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2006-11-02 10:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe

[2006-09-29 18:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[2008-12-14 11:04:57 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2007-02-02 14:59:54 | 00,565,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])

File not found -- -- (avg8emc [Auto | Running])

File not found -- -- (avg8wd [Auto | Running])

File not found -- -- (CertPropSvc [unknown | Stopped])

[2006-11-02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2006-11-02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2007-11-03 15:27:25 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2007-11-03 15:32:21 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])

[2006-11-02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

[2006-11-02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2007-11-03 15:05:52 | 00,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

File not found -- -- (gusvc [On_Demand | Stopped])

[2006-11-02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2006-11-02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (NMIndexingService [On_Demand | Stopped])

File not found -- -- (odserv [On_Demand | Stopped])

File not found -- -- (ose [On_Demand | Stopped])

[2006-11-02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2007-11-03 14:51:03 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006-11-02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2006-12-08 19:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler [Auto | Running])

[2006-11-02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

File not found -- -- (usnjsvc [On_Demand | Stopped])

[2006-11-02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

File not found -- -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

 

========== Driver Services ==========

 

[2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2007-11-03 15:51:55 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2007-11-03 15:21:31 | 00,057,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2007-11-03 15:51:56 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2006-11-02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])

[2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2007-02-01 10:55:10 | 00,690,176 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Running])

[2008-08-31 10:49:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008-07-29 20:11:20 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2008-07-29 20:11:28 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])

[2006-11-02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2006-11-02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2006-11-02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2008-06-30 18:34:10 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2007-11-03 15:51:55 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2006-11-02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2006-11-02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2006-11-02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2007-11-03 15:42:07 | 00,621,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2007-11-03 15:47:20 | 00,135,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2006-11-02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2006-11-02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2006-11-02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2008-12-07 22:05:09 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])

[2006-11-02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2007-11-03 15:18:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006-11-02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006-11-02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2007-08-08 11:07:42 | 00,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2007-07-12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])

[2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2007-04-10 18:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2006-11-02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2006-11-02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2007-06-13 22:47:12 | 00,048,256 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys -- (JRAID [Disabled | Stopped])

[2007-11-03 15:48:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])

[2006-11-02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2006-11-02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2008-06-30 18:39:02 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2006-11-02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2007-11-03 15:12:01 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008-08-27 01:48:36 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2007-11-03 15:51:55 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])

[2006-11-02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,016,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2006-11-02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2007-11-03 15:09:01 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2006-11-02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2006-11-02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [boot | Running])

[2007-07-02 16:37:10 | 00,131,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32 [Disabled | Stopped])

[2006-11-02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

[2007-07-02 16:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,109,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2006-11-02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2007-11-03 15:27:27 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2006-11-02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2007-02-02 15:09:42 | 02,385,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Running])

[2006-11-02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2006-11-02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2007-01-15 22:28:20 | 00,070,144 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])

[2007-12-10 14:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl [On_Demand | Stopped])

[2007-12-10 14:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt [On_Demand | Stopped])

[2007-12-10 14:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5 [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex [On_Demand | Stopped])

[2007-12-10 14:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic [On_Demand | Stopped])

[2006-11-02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2008-06-30 18:34:08 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2007-11-03 15:40:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2007-11-03 15:21:29 | 00,055,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2007-11-03 14:14:47 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2006-11-22 17:35:00 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2006-11-02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2008-06-30 18:24:14 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2008-06-30 18:24:14 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2006-11-02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2007-11-03 15:20:50 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2006-11-02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])

[2007-11-03 15:11:59 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2007-11-03 15:12:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2006-11-02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2007-11-03 15:21:30 | 00,061,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2007-11-03 15:09:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2006-11-02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2006-11-02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2006-11-02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2007-11-03 15:51:56 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2006-11-08 14:23:52 | 00,102,912 | ---- | M] (VIA Technologies inc,.ltd) -- C:\Windows\System32\drivers\viamraid.sys -- (viamraid [Disabled | Stopped])

[2007-11-03 15:21:30 | 00,052,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2006-11-02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [boot | Running])

[2006-11-02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2006-11-02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2008-06-30 18:34:08 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2007-11-03 15:50:56 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])

[2006-11-02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.google.com

"Start Page"=about:blank

"StartPageCache"=

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

::1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program\AVG\AVG8\avgssie.dll File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program\Google\GoogleToolbar2.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program\Winamp Toolbar\winamptb.dll File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found

"recinfo"=RecInfo.exe File not found

"recinfo630"=c:\RecInfo\RecInfo.exe ()

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" File not found

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" File not found

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe 20081201 (Fujitsu Siemens Computers)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableLUA"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\Software\Microsoft\Internet Explorer\MenuExt\]

&Winamp Search: C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008-03-19 23:21:40 | 00,000,748 | ---- | M] ()

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE File not found

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %SystemDrive%\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Skicka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Ski&cka till OneNote -- %SystemDrive%\Program\Microsoft Office\Office12\ONBttnIE.dll File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Program\Microsoft Office\Office12\REFIEBAR.DLL File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-3649726366-2639818933-518027415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

2 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{51779A28-0EAB-4735-A9B8-D8B696FE7AF4} (Servers: | Description: Sony Ericsson Device 3017 USB Ethernet Emulation (NDIS 5))

{A0167B27-407D-4468-A8D6-9AC52D50C0E2} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))

{BCE38CED-9B9D-420F-BDFB-ECE774217468} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2008-07-29 20:11:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

 

========== HKLM *SecurityProviders* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll

>[2006-11-02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

 

========== LSA *Security Packages* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2006-11-02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

autoexec.bat [REM Dummy file for NTVDM | ]

[2006-09-18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a65da9-6892-11dd-9432-00030d815e4c}\Shell\AutoRun\command]

""=G:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f81-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79987f83-5d9d-11dd-9a25-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e010-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd66e028-58d4-11dd-a7a4-00030d815e4c}\Shell\AutoRun\command]

""=F:\AutoRun.exe -- File not found

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]

""=WDSetup.exe

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008-12-14 11:04:54 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe

[2008-12-13 22:35:42 | 01,861,442 | -H-- | C] () -- C:\Users\Karin\AppData\Local\IconCache.db

[2008-12-13 21:17:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2008-12-13 21:16:19 | 00,894,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Karin\Desktop\WGAPluginInstall.exe

[2008-12-13 21:12:40 | 00,001,856 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008-12-13 21:12:40 | 00,001,856 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008-12-13 21:12:16 | 20,112,83456 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-13 19:48:06 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\OpenOffice.org

[2008-12-13 09:43:28 | 00,000,174 | -HS- | C] () -- C:\Users\Public\Desktop\desktop.ini

[2008-12-12 21:42:15 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2008-12-11 18:47:03 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll

[2008-12-11 18:46:58 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2008-12-11 18:46:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2008-12-11 18:46:56 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2008-12-11 18:46:48 | 11,320,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll

[2008-12-11 18:46:23 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2008-12-11 18:46:17 | 03,595,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2008-12-11 18:46:16 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2008-12-11 18:46:15 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2008-12-11 18:46:14 | 01,831,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2008-12-11 18:46:14 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2008-12-11 18:46:14 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2008-12-11 18:46:14 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll

[2008-12-11 18:46:14 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2008-12-11 18:46:14 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll

[2008-12-11 18:46:13 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2008-12-11 18:46:13 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2008-12-11 18:46:13 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2008-12-11 18:46:13 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2008-12-11 18:46:13 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2008-12-11 18:46:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2008-12-11 18:46:13 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll

[2008-12-11 18:46:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2008-12-11 18:46:13 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2008-12-11 18:46:13 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2008-12-11 18:46:13 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2008-12-11 18:46:13 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2008-12-11 18:46:08 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2008-12-11 18:46:07 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2008-12-11 18:46:07 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2008-12-11 18:46:06 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2008-12-11 18:46:06 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2008-12-11 18:46:06 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2008-12-11 18:46:06 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2008-12-11 18:46:06 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2008-12-07 22:05:11 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini

[2008-12-07 22:05:09 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll

[2008-12-07 22:05:09 | 00,811,008 | ---- | C] () -- C:\Windows\gmer.exe

[2008-12-07 22:05:09 | 00,085,969 | ---- | C] (GMER) -- C:\Windows\System32\drivers\gmer.sys

[2008-12-07 22:05:09 | 00,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd

[2008-12-07 22:04:42 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\gmer

[2008-12-07 22:04:13 | 00,747,873 | ---- | C] () -- C:\Users\Karin\Desktop\gmer.zip

[2008-12-07 18:42:37 | 00,000,999 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.0.lnk

[2008-12-07 18:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\JRE

[2008-12-07 18:40:55 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2008-12-07 18:39:35 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\OpenOffice.org 3.0 (sv) Installation Files

[2008-12-07 18:23:52 | 14,513,5720 | ---- | C] () -- C:\Users\Karin\Desktop\OOo_3.0.0_Win32Intel_install_wJRE_sv.exe

[2008-12-07 17:17:57 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\avenger

[2008-12-07 17:04:20 | 00,724,952 | ---- | C] () -- C:\Users\Karin\Desktop\avenger.zip

[2008-12-07 16:25:57 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2008-12-07 15:09:55 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe.part

[2008-12-07 12:54:01 | 03,061,078 | ---- | C] () -- C:\Users\Karin\Desktop\ComboFix.exe

[2008-12-07 12:48:03 | 00,001,399 | ---- | C] () -- C:\Users\Karin\Desktop\chkdsk.exe - genväg.lnk

[2008-12-07 12:21:49 | 00,001,763 | ---- | C] () -- C:\Users\Karin\Desktop\DVD Decrypter.lnk

[2008-12-07 12:21:49 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter

[2008-12-04 11:01:21 | 00,199,680 | ---- | C] () -- C:\Users\Karin\Desktop\DirLook.exe

[2008-12-03 22:16:09 | 00,003,132 | ---- | C] () -- C:\Windows\System32\tmp.reg

[2008-12-03 22:15:49 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-12-03 22:15:49 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-12-03 22:15:49 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe

[2008-12-03 22:15:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe

[2008-12-03 22:15:46 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe

[2008-12-03 22:15:45 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe

[2008-12-03 22:15:42 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe

[2008-12-03 22:15:40 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe

[2008-12-03 22:15:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe

[2008-12-03 22:15:40 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe

[2008-12-03 22:15:40 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe

[2008-12-03 22:15:40 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe

[2008-12-03 21:04:45 | 01,582,379 | ---- | C] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:59:42 | 00,000,000 | ---D | C] -- C:\Users\Karin\Desktop\SmitfraudFix

[2008-12-03 20:34:30 | 00,000,139 | ---- | C] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:36:36 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2008-12-03 19:36:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-12-03 19:36:34 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 19:36:32 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:36:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2008-12-03 19:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008-12-03 18:20:05 | 00,001,880 | ---- | C] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-03 18:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008-12-03 17:03:15 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2008-12-03 17:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla

[2008-12-02 21:58:29 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla

[2008-12-02 21:57:10 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008-12-02 21:27:05 | 00,000,136 | ---- | C] () -- C:\Users\Karin\Documents\My Documents.url

[2008-11-26 15:03:32 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2008-11-26 15:03:32 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2008-11-26 15:03:32 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2008-11-26 15:03:29 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2008-11-26 15:03:29 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2008-11-26 15:03:29 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2008-11-26 15:03:26 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2008-11-21 18:20:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Last.fm

[2008-11-21 18:19:25 | 00,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Last.fm

[2008-11-21 18:19:24 | 00,000,739 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk

[2008-11-21 18:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm

[2008-11-21 17:24:28 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll

[2008-11-21 17:24:28 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2008-11-21 17:24:28 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2008-11-21 17:24:28 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2008-11-21 17:23:59 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2008-11-21 17:23:59 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2008-11-21 17:23:59 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2008-11-21 17:23:46 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2008-11-21 17:23:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

 

========== Files - Modified Within 30 Days ==========

 

[2008-12-14 11:04:57 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe

[2008-12-14 10:59:00 | 00,000,254 | ---- | M] () -- C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2008-12-14 10:49:02 | 00,001,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008-12-14 10:49:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2008-12-14 10:49:01 | 00,001,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008-12-13 23:08:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2008-12-13 23:08:04 | 20,112,83456 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-13 22:35:42 | 01,861,442 | -H-- | M] () -- C:\Users\Karin\AppData\Local\IconCache.db

[2008-12-13 22:14:34 | 00,000,250 | ---- | M] () -- C:\Windows\gmer.ini

[2008-12-13 21:16:22 | 00,894,504 | ---- | M] (Microsoft Corporation) -- C:\Users\Karin\Desktop\WGAPluginInstall.exe

[2008-12-13 21:12:37 | 00,312,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2008-12-13 20:42:43 | 30,708,761 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2008-12-13 17:50:41 | 00,057,344 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-13 17:11:12 | 00,000,536 | ---- | M] () -- C:\Users\Karin\Documents\Mina delade mappar.lnk

[2008-12-13 09:49:06 | 01,258,162 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2008-12-13 09:49:06 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2008-12-13 09:49:06 | 00,472,414 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2008-12-13 09:49:06 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2008-12-13 09:49:06 | 00,081,514 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2008-12-13 09:43:28 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

[2008-12-13 09:43:28 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini

[2008-12-13 09:43:28 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2008-12-12 21:32:44 | 00,089,309 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2008-12-07 22:05:09 | 00,884,736 | ---- | M] () -- C:\Windows\gmer.dll

[2008-12-07 22:05:09 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys

[2008-12-07 22:05:09 | 00,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd

[2008-12-07 22:04:17 | 00,747,873 | ---- | M] () -- C:\Users\Karin\Desktop\gmer.zip

[2008-12-07 21:52:28 | 00,074,352 | ---- | M] () -- C:\Users\Karin\AppData\Local\GDIPFONTCACHEV1.DAT

[2008-12-07 18:42:37 | 00,000,999 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.0.lnk

[2008-12-07 18:38:37 | 14,513,5720 | ---- | M] () -- C:\Users\Karin\Desktop\OOo_3.0.0_Win32Intel_install_wJRE_sv.exe

[2008-12-07 17:04:31 | 00,724,952 | ---- | M] () -- C:\Users\Karin\Desktop\avenger.zip

[2008-12-07 15:10:01 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTViewIt.exe.part

[2008-12-07 12:54:30 | 03,061,078 | ---- | M] () -- C:\Users\Karin\Desktop\ComboFix.exe

[2008-12-07 12:49:32 | 00,001,399 | ---- | M] () -- C:\Users\Karin\Desktop\chkdsk.exe - genväg.lnk

[2008-12-07 12:21:49 | 00,001,763 | ---- | M] () -- C:\Users\Karin\Desktop\DVD Decrypter.lnk

[2008-12-04 11:01:22 | 00,199,680 | ---- | M] () -- C:\Users\Karin\Desktop\DirLook.exe

[2008-12-03 22:16:09 | 00,003,132 | ---- | M] () -- C:\Windows\System32\tmp.reg

[2008-12-03 21:04:59 | 01,582,379 | ---- | M] () -- C:\Users\Karin\Desktop\SmitfraudFix.exe

[2008-12-03 20:34:43 | 00,000,139 | ---- | M] () -- C:\Users\Karin\Desktop\eforum.url

[2008-12-03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008-12-03 19:36:34 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-03 18:20:05 | 00,001,880 | ---- | M] () -- C:\Users\Karin\Desktop\HijackThis.lnk

[2008-12-02 21:57:10 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2008-12-02 21:27:05 | 00,000,136 | ---- | M] () -- C:\Users\Karin\Documents\My Documents.url

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2008-11-29 17:58:21 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2008-11-21 18:19:24 | 00,000,739 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk

< End of report >

[/log]

 

[Cecilia]

Jag återkommer senare för jag måste diskutera din dator med andra.

 

[Cecilia]

Enligt loggen så verkar rootkit-drivrutinen vara borta nu i alla fall, men för säkerhets skull så byt namn på gmer-filen till något annat, t ex karins, och kör den igen.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Kan du hitta dessa två filer nu (det borde gå nu):

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

i så skanna dem på http://www.virustotal.com/ och klistra in resultatet.

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

[KAR1NS]

Jag döpte om Gmer.exe till GmerKARINS.exe. När jag gjorde scanen igen så kom det upp ett meddelande när den var klar att: Gmer found no sytem modifications. Senare, när jag höll på med andra saker kom ett meddelande upp som sa att: GmerKARINS.exe har kanske inte installerats på rätt sätt. Jag kunde gör att val att installera om det, eller ett val där jag försäkrade att Gmer var korrekt installerat. Jag klickade ner och ignorerade det meddelandet, jag gissar att det kom upp eftersom att jag bytte namn på filen?

 

Utforskaren har jag ställt in som du angav.

Jag hittar filerna nedan på datorn, men när jag browsar dem på virustotal.com och trycker på skicka fil så kommer det upp en helt vit ruta med texten: 0 bytes size received.

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

0.C7483456-A289-439d-8115-601632D005A0

 

 

Jag avinstallerade den gamla versionen av Java, nu ska bara den senaste versionen finnas kvar på datorn.

 

[Cecilia]

Byt tillbaks namnet till gmer.exe. Högerklicka på C:\WINDOWS\gmer_uninstall.cmd och välj Kör som administratör för att avinstallera Gmer. Starta om datorn och ladda ner det på nytt innan du kör det. Kom ihåg att köra Gmer genom att högerklicka och välja Kör som administratör.

 

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

0.C7483456-A289-439d-8115-601632D005A0

Går det att kopiera filerna (högerklick - Kopiera) och klistra in på Skrivbordet (högerklick på Skrivbordet)?

 

Hur fungerar datorn nu?

 

[KAR1NS]

Det går inte att avinstallera Gmer. När jag Högerklickar på C:\WINDOWS\gmer_uninstall.cmd och väljer kör som administratör så startar "programmet" men det kommer upp ett meddelande i kommandotolken som säger:

 

C:\Windows\system32>sc delete gmer

(SC) OpenService MISSLYCKADES 1060:

 

C:\Windows\system32>del system32\drivers\gmer.sys

Det går inte att hitta sökvägen.

 

C:\Windows\system32>del gmer.dll

Det går inte att hitta C:\Windows\system32\gmer.dll.

 

C:\Windows\system32>del gmer.exe

Det går inte att hitta C:\Windows\system32\gmer.exe.

 

C:\Windows\system32>pause

Tryck ned valfri tangent för att fortsätta...

 

När jag trycker ner en tangent stängs rutan ner och inget händer.

 

När jag försöker kopiera över filerna nedan till skrivbordet kommer ett meddelande upp som säger att jag inte kan flytta dem för att de används i ett annat program.

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

0.C7483456-A289-439d-8115-601632D005A0

 

Datorn fungerar förövrigt bra, jag har inte fått några virusvarningar det senaste och den är ganska snabb.

 

 

[Cecilia]

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp gmer i listan, dubbelklicka och välj Startmetod Inaktiverad.

Starta om datorn och se om det fungerar bättre med avinstallationen.

 

[KAR1NS]

Gmer finns inte med på listan i "Tjänster"-listan =/

Har startat om datorn och provat igen med samma resultat.

 

Installerade nyss ett nytt antivirus föresten.. McAfee Home Seurity Plus, så nu känner jag mig mer skyddad. Behöver jag avinstallera det gamla antivirusprogrammet (AVG8) ?

 

 

[Cecilia]

Okej, se om Gmer finns här då:

Starta Enhetshanteraren på det här viset:

 

Start - Program - Tillbehör - Kommandotolken

Skriv:

set DEVMGR_SHOW_DETAILS=1

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

start devmgmt.msc

 

och välj att visa Dolda enheter i Visa-menyn. Leta efter Tdssserv.

Högerklicka på den och välj Egenskaper. I det nya fönstret välj fliken Drivrutiner och där sätt Autostart till Inaktiverad.

Starta om datorn och se om det fungerar bättre med avinstallationen.

 

Man ska bara ha ett antivirusprogram igång för att inte riskera att få konstiga problem. Efter en normal avinstallation av AVG så kör deras AVG Remover för att få bort allt. http://www.avg.com/download-tools

 

 

[KAR1NS]

Hittar inte Tdssserv i Enhetshanteraren-listan, kollade i alla filkar. den finns inte där. hmm, vad gör jag nu?

 

Avinstallerade AVG8 och körde AVG Remover så nu ska allt vara borta.

 

 

[KAR1NS]

När jag går in i C:\WINDOWS\gmer_uninstall.cmd nu och tar kör som administratör kommer ytterligare en rad upp (förutom de jag skrev förut) i kommandotoken som säger:

 

Angiven tjänst är inte installerad.

 

 

[Cecilia]

Hittar inte Tdssserv i Enhetshanteraren-listan, kollade i alla filkar. den finns inte där. hmm, vad gör jag nu?

Förlåt, kopierade för mycket, gmer var det du skulle leta efter, men med tanke på vad du skriver sen med "Angiven tjänst är inte installerad." så behövs det nog inte.

 

C:\Windows\system32>del system32\drivers\gmer.sys

Det går inte att hitta sökvägen.

 

C:\Windows\system32>del gmer.dll

Det går inte att hitta C:\Windows\system32\gmer.dll.

 

C:\Windows\system32>del gmer.exe

Det går inte att hitta C:\Windows\system32\gmer.exe.

Kan du hitta och ta bort dessa tre filer:

C:\Windows\system32\drivers\gmer.sys

C:\Windows\system32\gmer.dll

C:\Windows\system32\gmer.exe

 

[KAR1NS]

Filerna du angav finns inte att hitta på datorn. Däremot hittar jag

gmer.exe här:

C:\Windows\gmer.exe

 

och gmer.dll här:

C:\Windows\gmer.dll

 

gmer.sys hittar jag inte.

I C:\Windows\system32 hittar jag inget med Gmer.

 

 

 

[Cecilia]

Ta bort de två gmer-filerna du hittade.

 

[KAR1NS]

borttagna! kvar i gmer-väg på datorn är C:\Windows\gmer.ini och

C:\Windows\gmer_uninstall.cmd

 

[Cecilia]

Ta bort de två också och så installerar och kör du gmer igen så håller jag tummarna för att det blir en logg.

 

[KAR1NS]

Jag tog bort dom, laddade hem Gmer igen och körde det.

Det körde mer "normalt" den här gången kändes det som. Fick ingen riktig logg, men jag kopierade det som kom upp i Rootkit/Malware rutan, hoppas att det kan vara till hjälp:

 

[log]GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-15 20:59:32

Windows 6.0.6000

 

 

---- System - GMER 1.0.14 ----

 

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8C4CF9BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8C4CF958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8C4CF96C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8C4CF9FC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8C4CFA3F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8C4CF930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8C4CF944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8C4CF9D2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8C4CFA67]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8C4CFA53]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8C4CF9AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8C4CF996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8C4CFA2B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8C4CFA12]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8C4CF9E8]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8C4CF982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntkrnlpa.exe!ZwYieldExecution 824B6042 5 Bytes JMP 8C4CF9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8253970F 5 Bytes JMP 8C4CFA43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 8253ABAA 5 Bytes JMP 8C4CFA57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 8253CD46 5 Bytes JMP 8C4CFA6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 8258FC90 5 Bytes JMP 8C4CF9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 825D155E 7 Bytes JMP 8C4CFA00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 825E1F20 5 Bytes JMP 8C4CFA16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 825E9A9F 7 Bytes JMP 8C4CF9D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 826135B6 5 Bytes JMP 8C4CF95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 82613601 7 Bytes JMP 8C4CF970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 82614A63 5 Bytes JMP 8C4CF934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 82614DC3 5 Bytes JMP 8C4CF948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 82616E77 5 Bytes JMP 8C4CF99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 8261BE5F 5 Bytes JMP 8C4CF9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 8261C259 5 Bytes JMP 8C4CFA2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateUserProcess 82623779 5 Bytes JMP 8C4CF986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00870F88

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 008700CE

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 008700B3

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 00870F37

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00870F52

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 0087001B

.text C:\Windows\system32\services.exe[640] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00870F6D

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00870FCA

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 008700A2

.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00870087

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00870F99

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00870051

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00870062

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00870036

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00870F26

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 00870FE5

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 0087000A

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 008C002C

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 008C003D

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 008C0FA1

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 008C005A

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 008C0011

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 008C0000

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 008C0FEF

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 008C0FB2

.text C:\Windows\system32\services.exe[640] WS2_32.dll!socket 77524358 5 Bytes JMP 009F0FE5

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00090F63

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 0009008E

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00090F48

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 00090EFE

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00090F19

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00090FCA

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!WinExec 762632DF 5 Bytes JMP 0009009F

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00090011

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00090073

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00090058

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 0009003D

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00090F91

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00090F80

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00090022

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 000900B0

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 00090FE5

.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00090000

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 000A0051

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 000A0062

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 000A0040

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 000A0F9F

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 000A0FDE

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 000A0014

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 000A0FEF

.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 000A0025

.text C:\Windows\system32\lsass.exe[652] WS2_32.dll!socket 77524358 5 Bytes JMP 00D90000

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 001D0082

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 001D0F83

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 001D00BF

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 001D0F68

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 001D00FF

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 001D0FEF

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!WinExec 762632DF 5 Bytes JMP 001D00E4

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 001D0FDE

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 001D00AE

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 001D0093

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 001D0F9E

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 001D005B

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 001D0FB9

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 001D004A

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 001D011A

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 001D0025

.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 001D000A

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 001E002C

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 001E0F86

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 001E0FAB

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 001E0F69

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 001E0FE5

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 001E001B

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 001E000A

.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 001E0FC8

.text C:\Windows\system32\svchost.exe[844] WS2_32.dll!socket 77524358 5 Bytes JMP 00240000

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00170F92

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 001700A2

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00170091

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 00170F41

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 001700CE

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00170FDE

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 762632DF 5 Bytes JMP 001700B3

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00170FCD

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00170F66

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00170F81

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 0017006C

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 0017004A

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 0017005B

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00170039

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 001700E9

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0017000A

.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00170FEF

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00180036

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00180047

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00180FAB

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00180F84

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 0018001B

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00180FE5

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00180000

.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00180FBC

.text C:\Windows\system32\svchost.exe[852] WS2_32.dll!socket 77524358 5 Bytes JMP 003F0FEF

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00420F77

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 0042009F

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00420084

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 004200BA

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00420F23

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00420FE5

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00420F3E

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00420036

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00420073

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00420062

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00420F88

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00420047

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00420FA5

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00420FCA

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00420EFE

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0042001B

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 0042000A

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00910F86

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00910F75

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00910F97

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00910F58

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00910FB9

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00910FD4

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00910FE5

.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00910FA8

.text C:\Windows\system32\svchost.exe[900] WS2_32.dll!socket 77524358 5 Bytes JMP 009F0FE5

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00050F80

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 00050F43

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00050F54

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 000500BF

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00050F28

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00050FE5

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!WinExec 762632DF 5 Bytes JMP 000500A4

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00050036

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 0005007F

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00050F6F

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00050F9B

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00050FB6

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00050058

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00050047

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 000500E4

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0005001B

.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00050000

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00110064

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00110FB2

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00110FD9

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00110FA1

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00110038

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00110011

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00110000

.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00110049

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00460F95

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 00460080

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00460F3A

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 004600AC

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 0046009B

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00460FDE

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00460F1F

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00460FCD

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00460F55

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00460F7A

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 0046006F

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00460FB2

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00460054

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00460039

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 004600BD

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0046000A

.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00460FEF

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00950FBE

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00950070

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00950049

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 0095008D

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 0095001B

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 0095000A

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00950FEF

.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00950038

.text C:\Windows\System32\svchost.exe[1060] WS2_32.dll!socket 77524358 5 Bytes JMP 00970000

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00F20FBE

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 00F200D1

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00F20F8B

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 00F200EC

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00F20F55

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00F20036

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00F20F66

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00F20047

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00F20F9C

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00F20FAD

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00F200A2

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00F20FE5

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00F20091

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00F2006C

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00F20F3A

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 00F2001B

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00F20000

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00F3005D

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00F30FB7

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00F30042

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00F3006E

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00F3000A

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00F30FD4

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00F30FE5

.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00F30027

.text C:\Windows\System32\svchost.exe[1084] WS2_32.dll!socket 77524358 5 Bytes JMP 01B90FEF

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 0149006E

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 01490F65

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 014900AB

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 014900D7

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 014900C6

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 01490FD4

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!WinExec 762632DF 5 Bytes JMP 01490F4A

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 01490025

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 01490090

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 0149007F

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 01490F94

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 01490FB9

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 01490051

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 01490040

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 01490F2F

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0149000A

.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 01490FEF

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 014A0040

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 014A0F98

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 014A0FB5

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 014A0067

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 014A0014

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 014A0FDE

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 014A0FEF

.text C:\Windows\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 014A0025

.text C:\Windows\system32\svchost.exe[1104] WS2_32.dll!socket 77524358 5 Bytes JMP 01580000

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00CE0F79

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 00CE0089

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00CE0F43

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 00CE00AE

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00CE0F17

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00CE0014

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00CE0F28

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00CE0025

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00CE0F5E

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00CE006E

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00CE005D

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00CE0F9E

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00CE0040

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00CE0FB9

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00CE0F06

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 00CE0FDE

.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00CE0FEF

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00D30F9C

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00D30F81

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00D30FB7

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00D30F64

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00D3000A

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00D30FDE

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00D30FEF

.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00D3001B

.text C:\Windows\system32\svchost.exe[1264] WS2_32.dll!socket 77524358 5 Bytes JMP 00D50FEF

.text C:\Windows\system32\svchost.exe[1264] WinInet.dll!InternetOpenA 75C7C865 5 Bytes JMP 00410000

.text C:\Windows\system32\svchost.exe[1264] WinInet.dll!InternetOpenW 75C7CE99 5 Bytes JMP 00410FDB

.text C:\Windows\system32\svchost.exe[1264] WinInet.dll!InternetOpenUrlA 75C80BCA 5 Bytes JMP 00410FCA

.text C:\Windows\system32\svchost.exe[1264] WinInet.dll!InternetOpenUrlW 75CCAEB9 5 Bytes JMP 0041001B

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00460F9E

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 004600AE

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00460F68

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 76261D27 1 Byte [ E9 ]

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW + 2 76261D29 3 Bytes [ F1, 1F, 8A ]

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 00460F3C

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00460FE5

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00460F57

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00460036

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00460093

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00460F8D

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00460FAF

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00460FC0

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00460062

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00460047

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 004600DD

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0046001B

.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00460000

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00910055

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00910FAF

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00910044

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00910F9E

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 0091001B

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 0091000A

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00910FE5

.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00910FD4

.text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!socket 77524358 5 Bytes JMP 00970FEF

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00230067

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 002300C2

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 0023009D

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 002300EE

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 002300DD

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 0023001B

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WinExec 762632DF 5 Bytes JMP 00230F61

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00230FD4

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 00230F72

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00230078

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00230040

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00230FA8

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00230F83

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00230FB9

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00230F3C

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 0023000A

.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00230FE5

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00340FA4

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00340F93

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 00340025

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00340056

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00340FDE

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00340FEF

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 0034000A

.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00340FB5

.text C:\Windows\system32\svchost.exe[1456] WS2_32.dll!socket 77524358 5 Bytes JMP 00360000

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 00220F6D

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 00220F52

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 00220098

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 002200D5

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 002200BA

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 00220FCA

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!WinExec 762632DF 5 Bytes JMP 002200A9

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 00220FB9

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 0022007D

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 00220062

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 00220F88

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 00220036

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 00220051

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 00220025

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 00220F2D

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 00220000

.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 00220FE5

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 00360FC3

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 00360069

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 0036004E

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 00360086

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 00360027

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 00360000

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 00360FE5

.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 00360FD4

.text C:\Windows\system32\svchost.exe[1740] WS2_32.dll!socket 77524358 5 Bytes JMP 003C0FEF

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!VirtualProtect 762618BF 5 Bytes JMP 03270F9B

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!GetStartupInfoW 7626191A 5 Bytes JMP 03270F4A

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!GetStartupInfoA 762619B8 5 Bytes JMP 03270F5B

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateProcessW 76261D27 5 Bytes JMP 032700D7

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateProcessA 76261D5C 5 Bytes JMP 032700BC

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateNamedPipeA 76262484 5 Bytes JMP 03270022

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!WinExec 762632DF 5 Bytes JMP 032700AB

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateNamedPipeW 7626EDFE 5 Bytes JMP 03270033

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreatePipe 7627B0AF 5 Bytes JMP 03270086

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!VirtualProtectEx 762860AB 5 Bytes JMP 03270F76

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!LoadLibraryExW 762895AF 5 Bytes JMP 03270069

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!LoadLibraryW 76289727 5 Bytes JMP 03270FC7

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!LoadLibraryExA 76289A76 5 Bytes JMP 03270FB6

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!LoadLibraryA 76289A9E 5 Bytes JMP 0327004E

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!GetProcAddress 762A4120 5 Bytes JMP 03270F25

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateFileW 762A866C 5 Bytes JMP 03270011

.text C:\Windows\Explorer.EXE[2592] kernel32.dll!CreateFileA 762A8CA4 5 Bytes JMP 03270000

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegCreateKeyW 76488229 5 Bytes JMP 032A0036

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegCreateKeyExA 76493941 5 Bytes JMP 032A0047

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegCreateKeyA 76493B9F 5 Bytes JMP 032A0FA1

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegCreateKeyExW 764A04A2 5 Bytes JMP 032A0F84

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegOpenKeyExA 764A0DDF 5 Bytes JMP 032A0FCA

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegOpenKeyW 764A7B8D 5 Bytes JMP 032A0000

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegOpenKeyA 764AEAEA 5 Bytes JMP 032A0FE5

.text C:\Windows\Explorer.EXE[2592] ADVAPI32.dll!RegOpenKeyExW 764B5ECD 5 Bytes JMP 032A0011

.text C:\Windows\Explorer.EXE[2592] WS2_32.dll!socket 77524358 5 Bytes JMP 032D0000

.text C:\Windows\Explorer.EXE[2592] WININET.dll!InternetOpenA 75C7C865 5 Bytes JMP 03210000

.text C:\Windows\Explorer.EXE[2592] WININET.dll!InternetOpenW 75C7CE99 5 Bytes JMP 03210011

.text C:\Windows\Explorer.EXE[2592] WININET.dll!InternetOpenUrlA 75C80BCA 5 Bytes JMP 0321002C

.text C:\Windows\Explorer.EXE[2592] WININET.dll!InternetOpenUrlW 75CCAEB9 5 Bytes JMP 03210FE5

.text C:\Users\Karin\Desktop\gmer\gmer.exe[5600] ntdll.dll!NtCreateFile + 3 773EF417 2 Bytes [ C6, FA ]

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

 

---- EOF - GMER 1.0.14 ----

[/log]

 

[Cecilia]

Det såg ju bra ut!

 

Se om det går att kopiera filerna

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

1.C7483456-A289439d-8115-601632D005A0

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-

0.C7483456-A289-439d-8115-601632D005A0

i felsäkert läge.