Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

avencer.sys

Szandor

Startad av Szandor,
i Program - övriga

Rekommendera Poster

Cecilia

Cecilia

Postad
Postad
jag har ändrat alla mina koder på datorn samt på alla websidor jag har lösenord på.
Bra! :thumbsup:

 

subaxsel32.dll finns fortfarande kvar enligt loggen.

 

Det är nog dags för en djupare sökning. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Länk till kommentar
Dela på andra webbplatser
  • Svars 61
  • Skapad
  • Senaste svar
Szandor

Szandor

Postad
  • Trådskapare
Postad

Jag kör internet genom en nätverkskabel men använder mej av USB minnen för att flytta filer till och från datorn, kommer det bli ett problem med det här programmet eller kan jag lugnt köra på?

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Nu hittade jag subaxsel32.dll :D

 

Har kört virustotal på den å här är resultatet.

 

[log]File subaxsel32.dll received on 2010.01.21 16:06:42 (UTC)

Current status: finished

Result: 0/40 (0%)

Compact

Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.01.21 -

AhnLab-V3 5.0.0.2 2010.01.21 -

AntiVir 7.9.1.146 2010.01.21 -

Antiy-AVL 2.0.3.7 2010.01.21 -

Authentium 5.2.0.5 2010.01.21 -

Avast 4.8.1351.0 2010.01.21 -

AVG 9.0.0.730 2010.01.21 -

BitDefender 7.2 2010.01.21 -

CAT-QuickHeal 10.00 2010.01.21 -

ClamAV 0.94.1 2010.01.21 -

Comodo 3656 2010.01.21 -

DrWeb 5.0.1.12222 2010.01.21 -

eSafe 7.0.17.0 2010.01.20 -

eTrust-Vet 35.2.7250 2010.01.21 -

F-Prot 4.5.1.85 2010.01.20 -

F-Secure 9.0.15370.0 2010.01.21 -

Fortinet 4.0.14.0 2010.01.21 -

GData 19 2010.01.21 -

Ikarus T3.1.1.80.0 2010.01.21 -

Jiangmin 13.0.900 2010.01.21 -

K7AntiVirus 7.10.951 2010.01.20 -

Kaspersky 7.0.0.125 2010.01.21 -

McAfee 5867 2010.01.20 -

McAfee+Artemis 5867 2010.01.20 -

McAfee-GW-Edition 6.8.5 2010.01.21 -

Microsoft 1.5302 2010.01.21 -

NOD32 4791 2010.01.20 -

Norman 6.04.03 2010.01.20 -

nProtect 2009.1.8.0 2010.01.21 -

Panda 10.0.2.2 2010.01.21 -

PCTools 7.0.3.5 2010.01.21 -

Rising 22.31.03.04 2010.01.21 -

Sophos 4.50.0 2010.01.21 -

Sunbelt 3.2.1858.2 2010.01.21 -

Symantec 20091.2.0.41 2010.01.21 -

TheHacker 6.5.0.8.157 2010.01.21 -

TrendMicro 9.120.0.1004 2010.01.21 -

VBA32 3.12.12.1 2010.01.20 -

ViRobot 2010.1.21.2148 2010.01.21 -

VirusBuster 5.0.21.0 2010.01.20 -

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad
Jag kör internet genom en nätverkskabel men använder mej av USB minnen för att flytta filer till och från datorn, kommer det bli ett problem med det här programmet eller kan jag lugnt köra på?
Det är lugnt att köra på :thumbsup:

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Nu har jag kört ComboFix och här kommer loggen.

 

[log]ComboFix 10-01-20.07 - Lisa 2010-01-21 20:19:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2974.1828 [GMT 1:00]

Körs från: c:\users\Lisa\Desktop\Program\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2370639029-4216273864-2563567389-1001

c:\$recycle.bin\S-1-5-21-2370639029-4216273864-2563567389-500

c:\users\Lisa\AppData\Roaming\inst.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-12-21 till 2010-01-21 ))))))))))))))))))))))))))))))

.

 

2010-01-21 19:27 . 2010-01-21 19:28 -------- d-----w- c:\users\Lisa\AppData\Local\temp

2010-01-21 19:27 . 2010-01-21 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-21 16:51 . 2010-01-21 16:51 -------- d-----w- c:\users\Lisa\AppData\Local\Mozilla

2010-01-20 20:00 . 2010-01-20 20:00 -------- d-----w- c:\program files\VirusTotalUploader2

2010-01-20 15:59 . 2010-01-20 15:59 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-01-20 06:46 . 2010-01-20 06:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes

2010-01-20 06:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-20 06:46 . 2010-01-20 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-20 06:46 . 2010-01-20 06:46 -------- d-----w- c:\programdata\Malwarebytes

2010-01-20 06:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-19 17:34 . 2010-01-19 17:34 -------- d-----w- c:\users\Lisa\AppData\Roaming\Ubisoft

2010-01-19 17:02 . 2010-01-19 17:02 -------- d-----w- c:\programdata\Ubisoft

2010-01-19 15:47 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-01-19 15:34 . 2010-01-19 15:34 -------- d-----w- c:\users\Lisa\AppData\Roaming\InstallShield

2010-01-19 09:09 . 2010-01-19 09:09 -------- d-----w- c:\programdata\Office Genuine Advantage

2010-01-14 19:35 . 2010-01-14 19:35 -------- d-----w- c:\users\Lisa\AppData\Roaming\Red Alert 3

2010-01-14 14:51 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll

2010-01-14 14:51 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll

2010-01-14 14:51 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll

2010-01-14 14:51 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2010-01-14 14:51 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2010-01-14 14:51 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-01-14 09:33 . 2010-01-14 09:33 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\program files\SystemRequirementsLab

2010-01-13 18:15 . 2010-01-13 18:15 138240 ----a-w- c:\users\Lisa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2010-01-13 18:15 . 2010-01-13 18:15 138240 ----a-w- c:\users\Lisa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2010-01-13 18:15 . 2010-01-13 18:15 138240 ----a-w- c:\users\Lisa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2010-01-13 18:15 . 2010-01-13 18:15 138240 ----a-w- c:\users\Lisa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\users\Lisa\AppData\Roaming\SystemRequirementsLab

2010-01-13 03:43 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 03:43 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-11 12:59 . 2010-01-11 12:59 -------- d-----w- c:\users\Lisa\AppData\Roaming\Media Player Classic

2010-01-10 13:08 . 2010-01-10 13:08 594192 ----a-w- c:\programdata\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll

2010-01-10 13:07 . 2010-01-10 13:07 61440 ----a-w- c:\programdata\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll

2010-01-10 13:07 . 2010-01-10 13:07 57344 ----a-w- c:\programdata\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll

2010-01-10 13:07 . 2010-01-10 13:07 213089 ----a-w- c:\programdata\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll

2010-01-10 13:07 . 2010-01-10 13:07 430352 ----a-w- c:\programdata\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll

2010-01-10 13:05 . 2010-01-10 13:05 376832 ----a-w- c:\programdata\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll

2010-01-10 13:04 . 2010-01-10 13:04 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll

2010-01-10 13:04 . 2010-01-10 13:04 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll

2010-01-10 13:04 . 2010-01-10 13:04 897024 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll

2010-01-10 13:04 . 2010-01-10 13:04 921600 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll

2010-01-10 13:04 . 2010-01-10 13:04 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll

2010-01-10 13:04 . 2010-01-10 13:04 679936 ----a-w- c:\programdata\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll

2010-01-10 13:03 . 2010-01-10 13:03 233744 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll

2010-01-10 13:03 . 2010-01-10 13:03 495888 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll

2010-01-10 13:02 . 2010-01-10 13:02 561424 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll

2010-01-10 13:02 . 2010-01-10 13:02 1056768 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll

2010-01-10 13:02 . 2010-01-10 13:02 290941 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-01-10 13:02 . 2010-01-10 13:02 139264 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-01-10 13:02 . 2010-01-10 13:02 114688 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-01-10 13:02 . 2010-01-10 13:02 237840 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll

2010-01-10 13:02 . 2010-01-10 13:02 217360 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll

2010-01-10 13:02 . 2010-01-10 13:02 200704 ----a-w- c:\programdata\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll

2010-01-10 12:59 . 2010-01-10 12:59 32834 ----a-w- c:\programdata\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll

2010-01-10 12:58 . 2010-01-10 12:58 262416 ----a-w- c:\programdata\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll

2010-01-10 12:58 . 2010-01-10 12:58 655360 ----a-w- c:\programdata\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll

2010-01-10 12:58 . 2010-01-10 12:58 266512 ----a-w- c:\programdata\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll

2010-01-10 12:58 . 2010-01-10 12:58 679936 ----a-w- c:\programdata\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll

2010-01-10 12:58 . 2010-01-10 12:58 421888 ----a-w- c:\programdata\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll

2010-01-10 12:58 . 2010-01-10 12:58 225280 ----a-w- c:\programdata\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll

2010-01-10 12:58 . 2010-01-10 12:58 679936 ----a-w- c:\programdata\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll

2010-01-10 12:58 . 2010-01-10 12:58 254224 ----a-w- c:\programdata\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll

2010-01-10 12:58 . 2010-01-10 12:58 679936 ----a-w- c:\programdata\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-01-10 12:55 . 2010-01-10 12:55 327784 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll

2010-01-10 12:55 . 2010-01-10 12:55 303204 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll

2010-01-10 12:55 . 2010-01-10 12:55 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll

2010-01-10 12:52 . 2010-01-10 12:55 -------- d-----w- c:\programdata\MGS

2010-01-10 12:49 . 2010-01-10 12:49 -------- d-----w- C:\Microgaming

2010-01-03 18:33 . 2010-01-03 18:33 -------- d-----w- c:\program files\Support.com

2009-12-31 21:05 . 2009-12-31 21:05 -------- d-----w- c:\programdata\vsosdk

2009-12-29 14:57 . 2009-12-29 14:57 -------- d-----w- c:\users\Lisa\AppData\Roaming\F-Secure

2009-12-29 13:55 . 2009-12-29 13:55 -------- d-----w- c:\windows\Sun

2009-12-29 13:05 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-12-29 09:59 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-12-29 09:59 . 2009-12-29 09:59 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-12-29 09:59 . 2009-12-29 09:59 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-12-29 09:59 . 2009-12-29 09:59 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\program files\Lavasoft

2009-12-29 09:46 . 2009-12-29 11:38 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-29 09:45 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2009-12-29 09:45 . 2009-08-05 15:59 572512 ----a-w- c:\windows\system32\msvcp50.dll

2009-12-29 09:45 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2009-12-29 09:43 . 2009-12-29 09:43 -------- d-----w- c:\programdata\fssg

2009-12-29 09:42 . 2009-12-29 09:44 -------- d-----w- c:\programdata\f-secure

2009-12-28 20:23 . 2009-09-02 20:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2009-12-28 20:23 . 2009-09-02 20:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2009-12-28 16:26 . 2009-12-28 20:23 47360 ----a-w- c:\users\Lisa\AppData\Roaming\pcouffin.sys

2009-12-28 16:26 . 2009-12-28 16:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-12-28 16:26 . 2010-01-01 23:42 -------- d-----w- c:\users\Lisa\AppData\Roaming\Vso

2009-12-28 16:25 . 2009-09-02 20:58 217127 ----a-w- c:\windows\system32\drv43260.dll

2009-12-28 16:25 . 2009-09-02 20:58 208935 ----a-w- c:\windows\system32\drv33260.dll

2009-12-28 16:25 . 2009-09-02 20:58 176165 ----a-w- c:\windows\system32\drv23260.dll

2009-12-28 16:25 . 2009-09-02 20:58 102439 ----a-w- c:\windows\system32\sipr3260.dll

2009-12-28 16:25 . 2009-09-02 20:58 65602 ----a-w- c:\windows\system32\cook3260.dll

2009-12-28 16:25 . 2009-12-28 20:23 -------- d-----w- c:\program files\VSO

2009-12-28 15:45 . 2009-12-29 09:21 -------- d-----w- c:\users\Lisa\AppData\Local\QuickPlay

2009-12-24 13:52 . 2009-12-28 15:45 -------- d-----w- c:\users\Lisa\AppData\Roaming\CyberLink

2009-12-24 13:52 . 2009-12-24 13:53 -------- d-----w- c:\users\Public\CyberLink

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-21 19:13 . 2009-10-26 18:25 1076 ----a-w- c:\windows\bthservsdp.dat

2010-01-21 19:11 . 2009-10-31 10:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\uTorrent

2010-01-20 20:00 . 2010-01-20 20:00 -------- d-----w- c:\program files\VirusTotalUploader2

2010-01-20 15:59 . 2009-12-29 09:59 372280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-01-20 15:59 . 2009-12-29 09:58 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-01-20 06:44 . 2009-11-24 21:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-01-19 15:35 . 2009-03-11 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-19 09:14 . 2009-03-11 12:46 613290 ----a-w- c:\windows\system32\perfh01D.dat

2010-01-19 09:14 . 2009-03-11 12:46 124052 ----a-w- c:\windows\system32\perfc01D.dat

2010-01-19 09:14 . 2009-03-11 12:40 83026 ----a-w- c:\windows\system32\perfc014.dat

2010-01-19 09:14 . 2009-03-11 12:40 459286 ----a-w- c:\windows\system32\perfh014.dat

2010-01-19 09:14 . 2009-03-11 12:34 87248 ----a-w- c:\windows\system32\perfc00B.dat

2010-01-19 09:14 . 2009-03-11 12:34 442572 ----a-w- c:\windows\system32\perfh00B.dat

2010-01-19 09:14 . 2009-03-11 12:28 83736 ----a-w- c:\windows\system32\perfc006.dat

2010-01-19 09:14 . 2009-03-11 12:28 470296 ----a-w- c:\windows\system32\perfh006.dat

2010-01-19 00:25 . 2009-10-26 10:55 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-14 10:12 . 2009-10-27 06:32 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 04:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-07 09:59 . 2009-12-29 09:58 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-01-05 22:18 . 2009-11-17 12:58 -------- d-----w- c:\users\Lisa\AppData\Roaming\vlc

2010-01-05 18:46 . 2009-11-08 17:25 -------- d-----w- c:\users\Lisa\AppData\Roaming\U3

2010-01-03 18:33 . 2009-11-20 14:11 -------- d-----w- c:\program files\Telia

2010-01-02 09:32 . 2009-12-19 19:20 -------- d-----w- c:\users\Lisa\AppData\Roaming\dvdcss

2010-01-01 23:42 . 2009-12-28 16:26 -------- d-----w- c:\users\Lisa\AppData\Roaming\Vso

2009-12-31 21:05 . 2009-12-31 21:05 -------- d-----w- c:\programdata\vsosdk

2009-12-29 09:59 . 2009-12-29 09:56 -------- d-----w- c:\programdata\Lavasoft

2009-12-29 09:59 . 2009-12-29 09:59 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2009-12-29 09:59 . 2009-12-29 09:59 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll

2009-12-29 09:58 . 2009-12-29 09:58 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2009-12-29 09:58 . 2009-12-29 09:58 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2009-12-29 09:58 . 2009-12-29 09:58 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-12-29 09:58 . 2009-12-29 09:58 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-12-29 09:58 . 2009-12-29 09:58 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-12-29 09:57 . 2009-12-29 09:57 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-28 20:23 . 2009-12-28 16:25 -------- d-----w- c:\program files\VSO

2009-12-24 13:52 . 2009-03-11 14:12 -------- d-----w- c:\programdata\CyberLink

2009-12-14 17:00 . 2009-11-02 15:22 -------- d-----w- c:\users\Lisa\AppData\Roaming\Nokia

2009-12-10 02:14 . 2009-10-26 10:56 -------- d-----w- c:\programdata\Microsoft Help

2009-12-07 22:40 . 2009-12-07 22:10 -------- d-----w- c:\programdata\FarmFrenzy3

2009-12-07 14:10 . 2009-12-29 09:57 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2009-12-05 00:34 . 2009-03-11 14:45 -------- d-----w- c:\program files\Java

2009-12-03 23:15 . 2009-12-03 23:15 -------- d-----w- c:\program files\Birsi Inc

2009-11-26 17:13 . 2009-11-05 07:49 -------- d-----w- c:\users\Lisa\AppData\Roaming\Locktime

2009-11-26 17:13 . 2009-11-26 17:13 -------- d-----w- c:\programdata\Locktime

2009-11-25 09:57 . 2009-11-02 15:25 680 ----a-w- c:\users\Lisa\AppData\Local\d3d9caps.dat

2009-11-25 09:51 . 2009-11-25 09:51 -------- d-----w- c:\program files\Common Files\PCSuite

2009-11-25 09:51 . 2009-11-02 15:16 -------- d-----w- c:\program files\Common Files\Nokia

2009-11-25 09:51 . 2009-11-02 14:55 -------- d-----w- c:\program files\Nokia

2009-11-25 09:50 . 2009-11-25 09:50 -------- d-----w- c:\program files\PC Connectivity Solution

2009-11-25 09:46 . 2009-11-25 09:46 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-25 09:46 . 2009-11-25 09:46 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-25 09:46 . 2009-11-25 09:46 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-25 09:46 . 2009-11-25 09:46 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-25 09:46 . 2009-11-25 09:46 -------- d-----w- c:\programdata\Installations

2009-11-25 09:46 . 2009-11-25 09:46 34500048 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_swe_web[1].exe

2009-11-24 22:14 . 2009-11-24 22:12 -------- d-----w- c:\users\Lisa\AppData\Roaming\Games

2009-11-24 22:11 . 2009-11-24 22:11 -------- d-----w- c:\programdata\InstallShield

2009-11-24 22:11 . 2009-11-24 22:11 -------- d-----w- c:\program files\AGEIA Technologies

2009-11-24 22:10 . 2009-11-24 22:10 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-11-24 22:10 . 2009-11-24 22:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-11-24 22:08 . 2009-03-11 13:17 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-24 22:05 . 2009-11-24 21:56 -------- d-----w- c:\users\Lisa\AppData\Roaming\DAEMON Tools Lite

2009-11-24 21:56 . 2009-11-24 21:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-24 21:56 . 2009-11-24 21:55 -------- d-----w- c:\programdata\DAEMON Tools Lite

2009-11-21 06:40 . 2009-12-09 09:47 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 09:47 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 06:34 . 2009-12-09 09:47 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 04:59 . 2009-12-09 09:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-17 02:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 12:31 . 2009-12-10 02:14 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-10 02:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-10 02:14 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-11-02 15:25 . 2009-10-26 11:06 79960 ----a-w- c:\users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-02 15:20 . 2009-11-02 15:20 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9233.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\001D\tmp9232.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\0014\tmp9232.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\000B\tmp9232.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9232.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\0006\tmp9232.tmp

2009-11-02 15:20 . 2009-11-02 15:20 103728 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9232.tmp

2009-11-02 15:15 . 2009-11-02 14:55 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2009-11-02 15:15 . 2009-11-02 14:55 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2009-11-02 15:15 . 2009-11-02 14:55 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe

2009-11-02 15:15 . 2009-11-02 14:55 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2009-11-02 15:15 . 2009-11-02 14:55 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe

2009-11-02 15:15 . 2009-11-02 14:55 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe

2009-11-02 14:55 . 2009-11-02 14:55 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe

2009-11-02 14:26 . 2009-11-02 14:26 33061 ----a-w- c:\windows\king-uninstall.exe

2009-10-31 18:36 . 2009-10-31 18:36 0 ----a-w- c:\users\Lisa\AppData\Roaming\wklnhst.dat

2009-10-29 09:17 . 2009-11-26 16:30 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-26 18:42 . 2009-10-26 18:42 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

2009-10-26 18:41 . 2009-10-26 18:41 53319 ----a-w- c:\programdata\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe

2009-10-26 18:41 . 2009-10-26 18:41 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe

2009-10-26 18:41 . 2009-10-26 18:41 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe

2009-10-26 18:40 . 2009-10-26 18:40 36864 ----a-w- c:\programdata\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe

2009-10-26 18:39 . 2009-10-26 18:39 53319 ----a-w- c:\programdata\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe

2009-10-26 18:39 . 2009-03-11 14:12 36864 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

2009-03-11 13:14 . 2009-03-11 12:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

"Google Update"="c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-27 135664]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"F-Secure Manager"="c:\program files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupTelia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-7-31 2059776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):b2,4c,81,aa,87,59,ca,01

 

R0 avencer;avencer;c:\windows\System32\drivers\avencer.sys [2009-10-27 43520]

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-12-29 33920]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-12-29 64288]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys [2009-12-29 68064]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-12-29 35680]

R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-12-29 71040]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsvista.sys [2009-12-29 12384]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2009-03-11 365952]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-03-11 222512]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys [2009-12-29 107104]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe [2009-12-29 55936]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-09-22 112128]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-11-24 691696]

S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-01-21 21504]

S3 GTUHSBUS;GT UHS BUS;c:\windows\System32\drivers\gtuhsbus.sys [2009-05-13 66560]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\System32\drivers\gtuhs51.sys [2009-05-13 107520]

S3 GTUHSSER;GT UHS SER;c:\windows\System32\drivers\gtuhsser.sys [2009-05-13 8064]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1181328]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2009-10-06 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2009-10-06 8320]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys [2009-12-29 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsrec.sys [2009-12-29 25184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2370639029-4216273864-2563567389-1000Core.job

- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 23:25]

 

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2370639029-4216273864-2563567389-1000UA.job

- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 23:25]

 

2009-12-26 c:\windows\Tasks\HPCeeScheduleForLisa.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-11 18:34]

 

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Lisa.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-20 15:07]

 

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Lisa.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-20 15:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\bdscx685.defaultFF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - plugin: c:\users\Lisa\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-21 20:28

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\exebibin.dll 3716 bytes

c:\windows\system32\extuvhex.dll 108 bytes

c:\windows\system32\libupuri

c:\windows\system32\madokvoc.dll 1626112 bytes executable

c:\windows\TEMP\TMP00000066B0D2BA9171CFA6A7 524288 bytes executable

 

scan completed successfully

hidden files: 5

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Sluttid: 2010-01-21 20:31:32

ComboFix-quarantined-files.txt 2010-01-21 19:31

 

Före genomsökningen: 161 020 936 192 byte ledigt

Efter genomsökningen: 161 377 443 840 byte ledigt

 

- - End Of File - - 502B89E4A850485474535D2B875B7983

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Vad finns det för något i mappen C:\ProgramData\Temp?

 

Uppdatera MBAM och skanna datorn igen med det. Om något hittas så klistra in den loggen.

 

Start - Program - Tillbehör - Kommandotolken

Skriv:

set DEVMGR_SHOW_DETAILS=1

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

start devmgmt.msc

 

Då kommer Enhetshanteraren upp och i den väljer du att den även skall visa dolda enheter. Se om det nu har dykt upp något som heter avencer.

 

Spara denna fil på Skrivbordet:

http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

Kör programmet.

När det är klart så skapas en loggfil Win32kDiag.txt på Skrivbordet. Klistra in den i ditt svar.

 

[log]Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.[/log]

 

[log]Spara Gmer på Skrivbordet från en av dessa sidor:

http://www.gmer.net/files.php välj Gmer application

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta programmet gmer.exe.

Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.[/log]

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Jag ska uppdatera dej lite om vad jag gjort än så länge.

Jag uppdaterade MBAM och körde det, inget påträffades.

 

Jag skrev in det som du sa åt mej och enhetshanteraren kom upp och jag valde att visa dolda enheter, men det fanns inget som hette avencer där och jag kollade överallt.

 

Jag sparade ner samtliga filer som du bad mej om.

När jag kör Win32Diag.exe så krashar datorn, jag har inte haft nöjet att se det själv eftersom jag håller på att greja ordning barnen till dagis, men ska kolla upp det när jag kommer hem ca: 11:30.

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Uppdatering:

 

Det är avencer.sys som orsakar kraschen när jag kör Win32kDiag.exe

Jag provade en gång till och det tog inte länge förrän bsd kom.

 

Win32kDiag varnade om att det inte kunde få privilegier och att den inte kunde komma åt en fil, nu kommer jag inte ihåg vad det exakt stog.

 

Och på bsd så stog det förutom att det var avencer som orsakat felet.

PAGE_FAULT_IN_NONPAGE_AREA

Jag tror det stog så, iaf var det den texten sedan om _ kom med på rätt ställen vete 17.

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Här kommer RootRepeal rapporten.

 

[log]ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/22 12:47

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

 

Drivers

-------------------

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x914BA000 Size: 45056 File Visible: No Signed: -

Status: -

 

Name: dump_msahci.sys

Image Path: C:\Windows\System32\Drivers\dump_msahci.sys

Address: 0x914C5000 Size: 40960 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xAF600000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: spaa.sys

Image Path: C:\Windows\System32\Drivers\spaa.sys

Address: 0x80697000 Size: 995328 File Visible: No Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{427c1828-0593-11df-b1c8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{1C685~1

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2965c278-04da-11df-bbe8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2965c285-04da-11df-bbe8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2965c28e-04da-11df-bbe8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{59703f1a-0731-11df-8fb6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{65a6e4a8-06c5-11df-96ac-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{65A6E~2

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{81950224-072e-11df-bfd6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{871111a8-05a1-11df-b9da-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{8711124a-05a1-11df-b9da-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ea8502a8-0278-11df-9c99-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ea8502ad-0278-11df-9c99-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\exebibin.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\extuvhex.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\libupuri

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\madokvoc.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\wbem\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_none_2d53319bd8bdd1a6\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_none_2de0cf8ef1d7d6cc\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6002.18005_none_c54df3292c7ad462\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6002.18005_none_f52661bc15faf3ee\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_c7595a2aa4b56e63\MICROS~1.TAR

Status: Locked to the Windows APProcesses

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1268 Status: Locked to the Windows API!

 

Stealth Objects

-------------------

Object: Hidden Module [Name: sv.dll]

Process: chrome.exe (PID: 5956) Address: 0x69630000 Size: 122880

 

Object: Hidden Module [Name: default.dll]

Process: chrome.exe (PID: 5956) Address: 0x67ee0000 Size: 450560

 

Object: Hidden Module [Name: sv.dll]

Process: chrome.exe (PID: 4248) Address: 0x69630000 Size: 122880

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x85ea71f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CREATE]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CLOSE]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_POWER]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_PNP]

Process: System Address: 0x85e961f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_CREATE]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_CLOSE]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_POWER]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: arc, IRP_MJ_PNP]

Process: System Address: 0x85e8e1f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]

Process: System Address: 0x85e851f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP]

Process: System Address: 0x85e931f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_CREATE]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_CLOSE]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_POWER]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: megasas, IRP_MJ_PNP]

Process: System Address: 0x85e971f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CREATE]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CLOSE]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_POWER]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_PNP]

Process: System Address: 0x85e891f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_CREATE]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_CLOSE]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_POWER]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: ql2300, IRP_MJ_PNP]

Process: System Address: 0x85e9c1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_CREATE]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_CLOSE]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_POWER]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: arcsas, IRP_MJ_PNP]

Process: System Address: 0x85e8f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CREATE]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CLOSE]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_POWER]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_PNP]

Process: System Address: 0x85e9e1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System Address: 0x85e861f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]

Process: System Address: 0x871d51f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_CREATE]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_CLOSE]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_POWER]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: adpu320, IRP_MJ_PNP]

Process: System Address: 0x85e8d1f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CREATE]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CLOSE]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_POWER]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_PNP]

Process: System Address: 0x85e991f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CREATE]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CLOSE]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_POWER]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_PNP]

Process: System Address: 0x85e9f1f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_CREATE]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_CLOSE]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_POWER]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: iirsp, IRP_MJ_PNP]

Process: System Address: 0x85e921f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_CREATE]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_CLOSE]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_POWER]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: adpahci, IRP_MJ_PNP]

Process: System Address: 0x85e8b1f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_CREATE]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_CLOSE]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_POWER]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: uliahci, IRP_MJ_PNP]

Process: System Address: 0x85ea31f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CREATE]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CLOSE]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_POWER]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: ql40xx, IRP_MJ_PNP]

Process: System Address: 0x85e9d1f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x870831f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CREATE]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CLOSE]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_POWER]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_PNP]

Process: System Address: 0x85ea01f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CREATE]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CLOSE]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_POWER]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: nfrd960, IRP_MJ_PNP]

Process: System Address: 0x85e9a1f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CREATE]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CLOSE]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_POWER]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_PNP]

Process: System Address: 0x85e951f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]

Process: System Address: 0x85e8c1f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CREATE]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CLOSE]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_POWER]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_PNP]

Process: System Address: 0x85ea21f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]

Process: System Address: 0x87c981f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_CREATE]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_CLOSE]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_CLEANUP]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: netbt獵灢Ѕ䑃灭쀀첟, IRP_MJ_PNP]

Process: System Address: 0x87c941f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_CREATE]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_CLOSE]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_POWER]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: UlSata, IRP_MJ_PNP]

Process: System Address: 0x85ea41f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_CREATE]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_CLOSE]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_POWER]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЅ獵灢ਘ蜤븨藨ࢸ蜤偅晲ᐬ蜣偅楰, IRP_MJ_PNP]

Process: System Address: 0x872361f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_CREATE]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_CLOSE]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_POWER]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: axarguf4П牄Ø详훐诰, IRP_MJ_PNP]

Process: System Address: 0x872411f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_CREATE]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_CLOSE]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_POWER]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: iteraid, IRP_MJ_PNP]

Process: System Address: 0x85e941f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]

Process: System Address: 0x85e831f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_CREATE]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_CLOSE]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_POWER]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: vsmraid, IRP_MJ_PNP]

Process: System Address: 0x85ea61f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_CREATE]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_CLOSE]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_POWER]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: MegaSR, IRP_MJ_PNP]

Process: System Address: 0x85e981f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_CREATE]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_CLOSE]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_POWER]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: adp94xx, IRP_MJ_PNP]

Process: System Address: 0x85e8a1f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_CREATE]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_CLOSE]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_POWER]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: LSI_SCSI, IRP_MJ_PNP]

Process: System Address: 0x85e871f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x871741f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_CREATE]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_CLOSE]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_POWER]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: Sym_hi, IRP_MJ_PNP]

Process: System Address: 0x85ea11f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CREATE]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CLOSE]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_POWER]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: sbp2port, IRP_MJ_PNP]

Process: System Address: 0x85ea81f8 Size: 121

 

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]

Process: System Address: 0x85e881f8 Size: 121

 

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85e881f8 Size: 121

 

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]

Process: System Address: 0x85e881f8 Size: 121

 

Object: Hidden Code [Driver: elxstor, IRP_MJ_CREATE]

Process: System Address: 0x85e901f8 Size: 121

 

Object: Hidden Code [Driver: elxstor, IRP_MJ_CLOSE]

Process: System Address: 0x85e901f8 Size: 121

 

Object: Hidden Code [Driver: elxstor, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85e901f8 Size: 121

 

Object: Hidden Code [Driver: elxstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]

ProcesShadow SSDT

-------------------

#: 573 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys" at address 0x9146a646

 

==EOF==

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Daemon Tools stör så mycket i loggarna och gör det svårt att hitta det rootkit som verkar finnas i datorn. Kan du tänka dig att avinstallera Daemon Tools medan rensningen pågår?

 

Förutom den vanliga avinstallationen av Daemon Tools i "Program och funktioner" så behövs en separat avinstallation av dess drivrutin. Den avinstallationen gör du genom att ladda ner rätt fil på den här sidan:

http://www.duplexsecure.com/en/downloads

Om du inte vet om att du har 64-bitars Vista så har du säkert 32-bitars och ska därmed ladda ner den översta filen.

 

Du startar det nedladdade programmet och väljer Uninstall.

När det är klart så startar du om datorn.

 

Kör sedan RootRepeal igen samt Gmer enligt följande:

 

[log]Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Packa upp filen till Skrivbordet.

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta programmet gmer.exe.

Om det kommer upp en fråga om "scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.[/log]

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Daemon Tools är avinstallerat och drivrutinen också.

 

Här är loggarna från Gmer och RootRepeal.

 

Gmer

[log]GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-24 09:57:29

Windows 6.0.6002 Service Pack 2

Running: y88117t5.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kgldrpow.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAE502300, 0x3B638, 0xE8000020]

.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAE545300, 0x1BEE, 0xE8000020]

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e7f7ca7

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e7f7ca7@0025cf8c039c 0x86 0xD7 0xD7 0x73 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x9E 0x87 0x75 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e7f7ca7 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e7f7ca7@0025cf8c039c 0x86 0xD7 0xD7 0x73 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x9E 0x87 0x75 ...

 

---- Files - GMER 1.0.15 ----

 

File C:\Windows\System32\exebibin.dll 3716 bytes

File C:\Windows\System32\extuvhex.dll 108 bytes

File C:\Windows\System32\libupuri 0 bytes

File C:\Windows\System32\libupuri\05A0A26397744FD362FB2BA97F6E1EFC1DA46757.rom 464 bytes

File C:\Windows\System32\libupuri\13F63D282A42BD1CBAA143EB7C220DAD88E3573D.rom 464 bytes

File C:\Windows\System32\libupuri\67A6C9B5422C1B43F02279B7CE3455903F6AD525.rom 464 bytes

File C:\Windows\System32\libupuri\9A0F49E0886F61630B0F34C45394D3D8E388CBDB.rom 464 bytes

File C:\Windows\System32\libupuri\9DB8B5F3083E1BC6A19FCD8A9179F7933C934DC9.rom 851 bytes

File C:\Windows\System32\libupuri\A6D04EC7FAEE35E5BF7C50F92FFEBF8AB208C4CD.rom 464 bytes

File C:\Windows\System32\libupuri\C8B08D14673A09E3FE7B4E1EEE460A94583DAC64.rom 464 bytes

File C:\Windows\System32\libupuri\DC2820AEDB1DB893096FE579DD0E48A332FDDFBF.rom 464 bytes

File C:\Windows\System32\libupuri\F4C636CE4589AA2E0E637C8EE71615C10115418F.rom 464 bytes

File C:\Windows\System32\libupuri\imgegbit 0 bytes

File C:\Windows\System32\libupuri\zapetole.ocx 821339 bytes

File C:\Windows\System32\madokvoc.dll 1626112 bytes executable

 

---- EOF - GMER 1.0.15 ----

[/log]

 

Rootrepeal

[log]ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/24 01:29

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

 

Drivers

-------------------

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x90B88000 Size: 45056 File Visible: No Signed: -

Status: -

 

Name: dump_msahci.sys

Image Path: C:\Windows\System32\Drivers\dump_msahci.sys

Address: 0x90B93000 Size: 40960 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xB3331000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{427c1828-0593-11df-b1c8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{1C685~1

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2965c285-04da-11df-bbe8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2965c28e-04da-11df-bbe8-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{58702e28-085c-11df-8c46-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{59703f1a-0731-11df-8fb6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{59703f92-0731-11df-8fb6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{59703f9e-0731-11df-8fb6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{5ad117cd-07c5-11df-85a4-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{65a6e4a8-06c5-11df-96ac-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{65A6E~2

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{81950224-072e-11df-bfd6-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{871111a8-05a1-11df-b9da-00247e7f7ca7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{8711124a-05a1-11df-b9da-00238be68ef7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\exebibin.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\extuvhex.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\libupuri

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\madokvoc.dll

Status: Invisible to the Windows API!

 

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\wbem\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18865_none_97905d71ecc34c82\$$DeleteMe.urlmon.dll.01ca9bd200a80810.0000

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18865_none_e4963913b7cc7315\$$DeleteMe.wininet.dll.01ca9bd200d07f70.0003

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_none_2d53319bd8bdd1a6\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_none_2de0cf8ef1d7d6cc\PRINTF~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18865_none_474fb235c4186a78\$$DeleteMe.ieframe.dll.01ca9bd200bb1310.0002

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6002.18005_none_c54df3292c7ad462\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\CONFIR~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~2.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~3.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~4.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI7FD4~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI49C3~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI2CD7~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI3A48~1.RES

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~2.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6002.18005_none_f52661bc15faf3ee\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DProcesses

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1240 Status: Locked to the Windows API!

 

Shadow SSDT

-------------------

#: 573 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys" at address 0x90b38646

 

==EOF==

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Jag gjorde en del sökningar på filer som Gmer hittade och den enda som gav utslag var madokvoc.dll och det var tre av 41 som sa att det var ett monitor-program från Spectorsoft för att övervaka min dator.

Jag skickar med sökningen här.

 

[log]File madokvoc.dll received on 2010.01.24 09:17:05 (UTC)

Current status: finished

Result: 3/41 (7.32%)

Compact

Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.01.24 Riskware.Monitor.Win32.SpectorPro!IK

AhnLab-V3 5.0.0.2 2010.01.23 -

AntiVir 7.9.1.146 2010.01.22 -

Antiy-AVL 2.0.3.7 2010.01.22 -

Authentium 5.2.0.5 2010.01.23 -

Avast 4.8.1351.0 2010.01.23 -

AVG 9.0.0.730 2010.01.23 -

BitDefender 7.2 2010.01.24 -

CAT-QuickHeal 10.00 2010.01.22 -

ClamAV 0.94.1 2010.01.22 -

Comodo 3690 2010.01.24 -

DrWeb 5.0.1.12222 2010.01.24 -

eSafe 7.0.17.0 2010.01.21 -

eTrust-Vet 35.2.7255 2010.01.22 -

F-Prot 4.5.1.85 2010.01.23 -

F-Secure 9.0.15370.0 2010.01.24 -

Fortinet 4.0.14.0 2010.01.24 -

GData 19 2010.01.24 -

Ikarus T3.1.1.80.0 2010.01.24 not-a-virus:Monitor.Win32.SpectorPro

Jiangmin 13.0.900 2010.01.24 -

K7AntiVirus 7.10.952 2010.01.22 -

Kaspersky 7.0.0.125 2010.01.24 -

McAfee 5870 2010.01.23 -

McAfee+Artemis 5870 2010.01.23 -

McAfee-GW-Edition 6.8.5 2010.01.24 -

Microsoft 1.5405 2010.01.24 -

NOD32 4800 2010.01.23 -

Norman 6.04.03 2010.01.23 -

nProtect 2009.1.8.0 2010.01.24 -

Panda 10.0.2.2 2010.01.23 -

PCTools 7.0.3.5 2010.01.24 -

Prevx 3.0 2010.01.24 -

Rising 22.31.06.04 2010.01.24 -

Sophos 4.50.0 2010.01.24 SpectorSoft

Sunbelt 3.2.1858.2 2010.01.23 -

Symantec 20091.2.0.41 2010.01.24 -

TheHacker 6.5.0.9.160 2010.01.24 -

TrendMicro 9.120.0.1004 2010.01.24 -

VBA32 3.12.12.1 2010.01.23 -

ViRobot 2010.1.23.2152 2010.01.23 -

VirusBuster 5.0.21.0 2010.01.23 -

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Inget skadligt så vitt jag förstår med programmet, men kan ju vara oönskat för det.

http://www.mywot.com/sv/scorecard/spectorsoft.com

http://www.spectorsoft.com/

Kommer datorn från ett företag så att de har varit intresserade av att se vad de anställda gör?

Hittar du något i listan på program att avinstallera som kan höra ihop med något sådant?

 

Var det dessa filer du kollade upp?

File C:\Windows\System32\exebibin.dll 3716 bytes

File C:\Windows\System32\extuvhex.dll 108 bytes

File C:\Windows\System32\libupuri\imgegbit 0 bytes

File C:\Windows\System32\libupuri\zapetole.ocx 821339 bytes

File C:\Windows\System32\madokvoc.dll 1626112 bytes

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Datorn kommer inte från ett företag, utan är köpt från Telia.

Ja det var dom filerna.

 

Kan jag helt sonika radera den infekterade filen?

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Tyvärr så är det så att om man bara rakt av raderar filer som ligger djupt inne i Windows så kan man få en dator som inte startar sedan. Jag måste iväg nu men återkommer senare i eftermiddag. Studera noga vad som finns installerat i datorn och se om du kan hitta något som skulle kunna innehålla något som produkten från Spectorsoft, t ex pokerprogram innehåller ofta någon sorts spionprogram för att de ska kunna kolla att man inte fuskar.

 

C:\Windows\System32\libupuri\zapetole.ocx

ocx-filer brukar vara ActiveX-komponenter för Internet Explorer.

Internet-alternativ - Program - Hantera tillägg

där brukar man se installerade ActiveX-komponenter. Ser du något som du inte vet vad det är där?

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Jag hittade inget skumt i tilläggskomponenterna, och jag har raderat allt vi inte använder oss av samt ett poker program, men det installerade jag efter allt konstigt började hända i datorn.

 

Allt som finns nu i datorn är sånt som antingen följde med installationen eller så är det spel från kända leverantörer samt konverteringsprogram för mobiltelefoni eller bränn program till dvd-n.

 

Den känns nästan lättare nu, datorn :D

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Jag tror att det är bra att börja med en genomsökning med Sophos eftersom den reagerade på filen så kan vi se om den reagerar på någon mer fil.

http://www.sophos.com/products/free-tools/sophos-threat-detection-test.html

Jag har inte använt det själv så jag vet inte exakt hur man gör men det bör ju vara ganska rakt på och du bör få ut någon sorts logg eller resultat som du kan klistra in här.

 

Eftersom vi alla fall är inne på Sophos så kan vi se vad deras rootkit-program kan hitta och ta bort (det är rootkits som Gmer och RootRepeal hittar):

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Dom verkade jättebra dom där två programmen, men det går inte att skapa nån logg från dom.

Jag har kört bägge två och rootkit programmet sa att det fanns en del gömda filer, och antivirus programmet berättade att det fanns några virus samt lite annat (kommer inte ihåg vad just nu).

 

Jag trodde ju när det inte automatiskt kom upp nån logg att man kunde skapa en i efterhand så jag klickade ju på OK efter scaningen men då kom jag bara till första sidan där det stog att jag skulle klicka på Scan för att påbörja en ny scaning.

Antivirus programmet berättade för mej att det lagt virusen som den hittat i karantän, men det fanns inte ett enda virus i karantänen.

Kanske kan man bara utnyttja det till fullo om man betalar för sophos?

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Jag tror inte att Sophos Threat Detection tar bort något, däremot så ska man med rootkit-programmet kunna göra det. Tog det lång tid att söka igenom datorn med programmen? Kan du göra det en gång till och när det är klart ta en eller flera skärmdumpar (Print Screen) av resultatet?

Det går att bifoga bilder till ditt svar här, så länge vi är kvar i den gamla forumprogrammet så är det en bild per svar som gäller medan det i den nya går det med många bilder.

 

Kom ihåg att du får inga bevakningsmejl efter forumbytet utan att du ställer in det igen.

 

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Jag tror inte att Sophos Threat Detection tar bort något, däremot så ska man med rootkit-programmet kunna göra det. Tog det lång tid att söka igenom datorn med programmen? Kan du göra det en gång till och när det är klart ta en eller flera skärmdumpar (Print Screen) av resultatet?

Det går att bifoga bilder till ditt svar här, så länge vi är kvar i den gamla forumprogrammet så är det en bild per svar som gäller medan det i den nya går det med många bilder.

 

Kom ihåg att du får inga bevakningsmejl efter forumbytet utan att du ställer in det igen.

 

Hejsan.

Det tog lite tid innan jag kunde komma till det nya forumet :(

Det tog lite tid att söka igenom datorn.

Jag ska bort idag så jag kan söka igenom den antingen ikväll eller i morgon och då skickar jag med några skärmdumpar.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ja, flytten av forumet tog lite längre tid än tänkt och sedan blev det väldigt segt tyvärr.

 

Då väntar jag på skärmdumparna :)

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Igår innan jag gick och la mej så tänkte jag att sophos Antivirus kunde stå å gå under natten så jag kunde köra rootkit på morgonen.

Så antiviruset stängdes ner och alla andra program som var öppna samt att nätverkskabeln drogs ur.

Nu när jag kommer in på morgonen står antiviruset å nöter på 2%, den hade hittat ett virus Spectorsoft, men Sophos hade slutat fungera :(

 

Så jag får göra ett nytt försök, jag ska in till läkaren idag så jag låter Sophos få en chans till, jag låter den gå innan jag sticker.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Du måste nog låta nätverkskabeln sitta i för Sophos online-skanning behöver nog ha kontakt med Sophos webbplats.

Länk till kommentar
Dela på andra webbplatser
Szandor

Szandor

Postad
  • Trådskapare
Postad

Hmm ok.Här kommer skärmdumparna från Sophos antivirus.

Jag ska köra rootkit'en nu på morgonen.

Förlåt att det tagit sådan tid.

 

Hmmm det går inte att bifoga filer ???

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...