Virusvarning som visar på samma angrepp men inte försvinner

[Mats H]

Hej,

ett eller annat som hindrar dig/oss att komma framåt snabbt här.

Vi har förutsatt att du kör som admin, är det riktigt?

Felsäkert läge stänger ju av de flesta tjänster och program som finns i Windows, vilket betyder att ngt hindrar dig att köra programmen, i normalt läge.

 

Vi kan prova om RootKit Unhooker går att köra nu.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

 

Dubbelklicka på Rootkit Unhooker för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

Mvh

Mats H

[Renfield]

Eftersom jag är den ende användaren är jag väl administratör automatiskt? Hur gör jag annars för att bli det?

[Mats H]

Hej,

om det är enda kontot på datorn så har du adminrättigheter.!

Bra tack!

Hur går det med RootKit Unhooker?

Körbart?

Mvh

Mats H

[Cecilia]

Tyvärr kan jag inte öppna filen. Det kommer en varning med texten "error loading/opening driver". Jag har försökt flera gånger (och stängt av alla program) trots att jag har det i felsäkert läge (i vanligt läge kom det upp samma varning om att jag inte har tillåtelse att öppna programmet).

Vad är det för program som är igång i felsäkert läge?

[Renfield]

Alla program ni har angett som jag har hämtat. Rootkit funkade inte där heller men gjorde det nu i vanligt läge.

[Renfield]

Det kom upp en varning här om att texten var för lång. Därför bifogar jag rapporten istället.

rapport.txt

[Mats H]

Hej,

vad är detta?

C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes ?

Tillverkare? Syns ej. Något du känner igen?

 

Ladda ned följande program till skrivbordet:

Verktyg som rensar avinstallation:

https://forums.comodo.com/install-setup-configuration-help-cis/cleanup-tool-for-comodo-internet-security-t36499.0.html

 

Comodo Internet Security, (2011 Premium). Intallationsfil.

http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer_x86.exe

Denna fil för senare bruk!

 

Kör först vanlig avinstallation av Comodo, via Kontrollpanelen\Program.

Efter omstart kör Verktyg som rensar avinstallation.

 

Starta om datorn i normalt läge, prova nu att köra Combofix och RootKit Unhooker.

Återkom med resultaten.

Mvh

Mats H

[Renfield]

Jag har ingen aning om vad det är för fil! Jag letade efter den men utan framgång.

Här är i alla fall loggen från combofix. När jag körde den första gången stannade datorn av och den blåa skärmen med ett felmeddelande kom upp. Samma sak andra gången när den var klar och jag skulle sätta igång virusskyddet. Kan det vara att datorn blir belastad av combo och därför måste avslutas?

ComboFix 10-10-02.02 - Thomas 2010-10-04 11:30:37.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1550 [GMT 2:00]

Running from: C:\Documents and Settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

 

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))

.

 

2010-10-03 23:14:42 . 2010-10-03 23:14:42 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2010-10-03 17:03:59 . 2010-10-03 17:03:59 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2010-10-02 23:06:36 . 2010-10-02 23:06:56 -------- d-----w- C:\Program Files\MagicDisc

2010-10-02 23:06:36 . 2009-02-24 16:42:14 116736 ----a-w- C:\WINDOWS\system32\drivers\mcdbus.sys

2010-10-01 22:31:06 . 2010-10-01 22:31:07 -------- d-----w- C:\Program Files\ESET

2010-10-01 18:55:08 . 2010-05-21 12:14:28 221568 ------w- C:\WINDOWS\system32\MpSigStub.exe

2010-09-30 19:51:21 . 2010-09-24 14:43:10 618128 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51:21 . 2010-09-24 14:42:58 644384 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26:02 . 2010-09-28 22:41:58 998400 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26:02 . 2010-09-28 22:41:56 834048 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05:52 . 2010-09-20 00:05:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\F-Secure

2010-09-15 18:03:44 . 2010-09-15 18:03:45 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

2010-09-14 09:05:15 . 2010-09-14 09:05:15 -------- d-----w- C:\Program Files\iPod

2010-09-14 09:05:14 . 2010-09-14 09:05:40 -------- d-----w- C:\Program Files\iTunes

2010-09-14 08:57:24 . 2010-09-14 08:57:24 73000 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04:59 . 2008-10-27 08:04:18 514384 ----a-w- C:\WINDOWS\system32\XAudio2_3.dll

2010-09-08 19:03:05 . 2010-09-08 19:03:05 -------- d-----w- C:\WINDOWS\Logs

2010-09-07 18:52:24 . 2010-09-14 00:32:59 -------- d-----w- C:\Program Files\The Adventure Company

2010-09-07 18:29:39 . 2010-09-07 18:29:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29:32 . 2010-09-07 18:49:05 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28:31 . 2010-09-07 18:28:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49:24 . 2010-09-05 22:49:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Tages

2010-09-05 09:26:55 . 2010-09-05 22:44:32 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Games

2010-09-04 23:04:49 . 2010-09-15 18:04:16 -------- d-----w- C:\Program Files\AGEIA Technologies

2010-09-04 23:04:49 . 2010-09-15 18:04:14 -------- d-----w- C:\WINDOWS\system32\AGEIA

2010-09-04 23:04:37 . 2010-09-04 23:04:37 281504 ----a-w- C:\WINDOWS\system32\drivers\atksgt.sys

2010-09-04 23:04:37 . 2010-09-04 23:04:37 25888 ----a-w- C:\WINDOWS\system32\drivers\lirsgt.sys

2010-09-04 21:58:30 . 2010-09-07 18:29:58 445936 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2010-09-04 21:58:27 . 2010-09-04 21:58:27 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools Pro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-03 23:36:23 . 2010-06-02 23:15:57 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\vlc

2010-10-03 23:13:19 . 2010-04-02 20:44:37 -------- d-----w- C:\Program Files\COMODO

2010-10-03 23:09:57 . 2010-04-02 20:45:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\COMODO

2010-10-03 22:08:07 . 2010-04-21 21:26:49 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\BitTorrent

2010-10-03 18:50:46 . 2010-05-24 16:17:40 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\dvdcss

2010-10-02 12:13:40 . 2010-05-25 20:52:33 -------- d-----w- C:\Program Files\Common Files\CyberLink

2010-10-02 12:13:40 . 2010-05-25 20:51:30 -------- d-----w- C:\Program Files\CyberLink

2010-10-02 12:12:49 . 2010-05-25 21:25:56 53319 ----a-w- C:\Documents and Settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-09-30 00:10:03 . 2010-04-02 21:33:59 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\QuickScan

2010-09-29 09:48:25 . 2010-04-02 20:29:42 -------- d-----w- C:\Program Files\Microsoft Silverlight

2010-09-22 20:38:21 . 2010-04-02 19:14:22 -------- d--h--w- C:\Program Files\InstallShield Installation Information

2010-09-14 09:06:58 . 2010-04-02 21:39:46 -------- d-----w- C:\Program Files\QT Lite

2010-09-14 09:05:14 . 2010-08-13 09:51:09 -------- d-----w- C:\Program Files\Common Files\Apple

2010-09-06 22:42:00 . 2010-04-02 21:44:32 -------- d-----w- C:\Program Files\Elaborate Bytes

2010-09-04 23:06:28 . 2010-09-04 23:06:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\InstallShield

2010-09-04 23:02:42 . 2010-04-02 19:11:20 -------- d-----w- C:\Program Files\Common Files\InstallShield

2010-09-04 09:00:00 . 2010-09-04 09:00:00 -------- d-----w- C:\Program Files\ASIO4ALL v2

2010-09-04 08:46:54 . 2010-09-04 08:46:54 -------- d-----w- C:\Program Files\M-Audio MobilePre

2010-09-01 09:03:44 . 2010-04-21 21:26:45 -------- d-----w- C:\Program Files\BitTorrent

2010-08-29 22:05:45 . 2010-08-29 21:33:14 1515134079 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46:59 . 2010-08-30 18:30:03 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46:59 . 2010-08-30 18:26:07 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46:59 . 2010-08-29 21:33:59 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47:25 . 2010-08-29 20:47:25 -------- d-----w- C:\Program Files\Ableton

2010-08-29 20:25:33 . 2010-04-30 09:30:37 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Ableton

2010-08-29 11:31:32 . 2010-08-29 11:31:32 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30:47 . 2010-08-29 11:30:47 10710528 ----a-w- C:\Documents and Settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30:46 . 2010-08-29 11:30:46 1534464 ----a-w- C:\Documents and Settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30:45 . 2010-08-29 11:30:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Line 6

2010-08-29 11:30:32 . 2010-08-29 11:30:32 606208 ----a-w- C:\WINDOWS\system32\REX Shared Library.dll

2010-08-29 11:30:32 . 2010-08-29 11:30:32 2771968 ----a-w- C:\WINDOWS\system32\ReWire.dll

2010-08-29 11:30:03 . 2010-04-07 17:44:21 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29:58 . 2010-08-29 11:29:58 8192 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29:58 . 2010-08-29 11:29:58 30208 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29:58 . 2010-08-29 11:29:58 14848 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28:20 . 2010-08-29 11:28:20 -------- d-----w- C:\Program Files\CodeMeter

2010-08-29 11:28:09 . 2010-04-29 21:56:01 -------- d-----w- C:\Program Files\Propellerhead

2010-08-25 20:27:39 . 2010-08-13 09:53:34 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04:26 . 2010-08-22 12:04:25 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37:00 . 2010-08-20 20:30:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57:29 . 2010-04-02 16:36:14 25128 ----a-w- C:\Documents and Settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49:58 . 2010-04-24 20:37:55 -------- d-----w- C:\Program Files\Common Files\Adobe

2010-08-20 19:48:53 . 2010-08-20 19:48:52 -------- d-----w- C:\Program Files\Adobe Media Player

2010-08-20 19:47:34 . 2010-08-20 19:47:34 -------- d-----w- C:\Program Files\Common Files\Adobe AIR

2010-08-17 13:17:06 . 2004-08-10 11:00:00 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe

2010-08-14 09:35:36 . 2010-08-14 09:35:36 -------- d-----w- C:\Program Files\Common Files\Java

2010-08-14 09:35:12 . 2010-05-09 14:40:01 -------- d-----w- C:\Program Files\Java

2010-08-13 09:53:06 . 2010-08-13 09:52:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52:38 . 2010-04-02 21:39:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer

2010-08-13 09:51:36 . 2010-08-13 09:51:36 -------- d-----w- C:\Program Files\Apple Software Update

2010-08-13 09:51:18 . 2010-08-13 09:51:17 -------- d-----w- C:\Program Files\Bonjour

2010-08-13 09:51:09 . 2010-08-13 09:51:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple

2010-08-12 12:16:02 . 2010-08-22 12:04:25 2979848 -c--a-w- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15:20 . 2010-05-28 10:26:51 15880 ----a-w- C:\WINDOWS\system32\lsdelete.exe

2010-08-12 12:15:20 . 2010-04-28 17:26:04 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys

2010-08-04 17:07:13 . 2010-08-04 17:07:13 61440 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 503808 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 499712 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 348160 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 12800 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49:15 . 2004-08-10 11:00:00 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll

2010-07-22 05:57:20 . 2010-04-02 20:01:54 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll

2010-07-17 03:00:04 . 2010-05-09 14:40:12 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2007-12-28 22:04:45 . 2010-09-15 22:23:29 1270409216 ----a-w- C:\Program Files\rld-shal.iso

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-02_17.38.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-04 09:12:54 . 2010-10-04 09:12:54 16384 C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 21:03:13 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 02:04:42 59392]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 10:59:18 24576]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 12:14:18 311350]

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-30 14:17:16 28739]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 05:56:14 139264]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 21:32:54 61440]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208]

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 20:10:47 402432]

"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2009-09-02 12:29:22 643592]

"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2010-08-10 03:15:54 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-01 06:32:00 421160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

 

C:\Documents and Settings\Thomas\Start Menu\Programs\Startup\

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2010-10-3 576000]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [2010-04-28 19:26:04 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 04:01:00 1680704]

R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [2010-04-24 22:41:46 233472]

R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [2010-04-24 22:41:46 36608]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 14:15:19 1356952]

S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 10:58:52 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;C:\WINDOWS\system32\drivers\MAudioMobilePre.sys [2010-09-04 10:27:11 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);C:\WINDOWS\system32\DRIVERS\mausbmp.sys --> C:\WINDOWS\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [2010-04-24 22:41:58 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [2010-04-24 22:41:58 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [2010-04-24 22:41:58 121856]

S3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 13:37:14 517096]

S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2010-09-04 23:58:30 445936]

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-04 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15:19 . 2010-09-28 19:08:42]

 

2010-10-01 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 19:45:42 . 2010-03-06 01:44:40]

 

2010-09-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: C:\Program Files\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: C:\Program Files\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

[Mats H]

Hej,

hela loggen kom tydligen inte med från Combofix, prova att klistra in den igen.

 

Kan du ladda upp följande filer på Virustotal:

C:\WINDOWS\system32\FsUsbExService.Ex

C:\WINDOWS\system32\FsUsbExDisk.Sys

 

Virustotal hittas här:

http://www.virustotal.com/index.html

Klicka på fliken Upload a File, använd Bläddraknappen för att hitta filerna.

När du hittat den, tryck Send File.

Klistra in länkarna till svaren från Virustotal här i din tråd, färdiganalyserade.

Mvh

Mats H

[Renfield]

Från rootkit:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB914D000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xBF1CD000 C:\WINDOWS\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)

0xBF572000 C:\WINDOWS\System32\ativvaxx.dll 2670592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x96DE2000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 872448 bytes

0xB9E4E000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)

0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xB9D35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xAA124000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB8FCC000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xAA22F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x94535000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xBF182000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x946E5000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes

0x9467C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB906F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0x94B27000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9D08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB910E000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 176128 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)

0x93876000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xAA194000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xAA207000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x94B54000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xAA1E1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB90EA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB90C7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xAA1BF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9DFE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB9052000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)

0xB9CEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9E36000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB9E1E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB9DD5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB90B0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x94BCC000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)

0x94A9A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB9139000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAA288000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xB9DC2000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB9DEC000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB909F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0x96EB7000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)

0x98675000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA248000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA158000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xAB131000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)

0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xB7FA0000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0x938E1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0xBA258000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB9513000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA2D8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xBA148000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)

0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA278000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xBA2A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB7F90000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA268000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA288000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA2E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0x93E9D000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes

0xA9941000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA238000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB7FC0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA318000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xB7FB0000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)

0xA875E000 C:\WINDOWS\system32\drivers\MA763004.sys 32768 bytes (M-Audio, M-Audio MobilePre)

0xABD31000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xAA2E3000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA420000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA428000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xBA410000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xAB2A1000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xBA430000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xBA450000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA458000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA418000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xABD41000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA400000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xA0736000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes

0xABD39000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA340000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xBA448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0x977C0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xAA30F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA55C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0x9D870000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0x99B1C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB8FB8000 C:\WINDOWS\System32\DRIVERS\ELhid.sys 12288 bytes (Intel Corporation, -)

0xAA31F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xAA317000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB9C5D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB903E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA64E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA606000 C:\WINDOWS\system32\DRIVERS\ELacpi.sys 8192 bytes (Intel Corporation, -)

0xBA65E000 C:\WINDOWS\System32\DRIVERS\ELkbd.sys 8192 bytes (Intel Corporation, -)

0xBA65C000 C:\WINDOWS\System32\DRIVERS\ELmon.sys 8192 bytes (Intel Corporation, -)

0xBA65A000 C:\WINDOWS\System32\DRIVERS\ELmou.sys 8192 bytes (Intel Corporation, -)

0xBA64C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA650000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA652000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA610000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA612000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA6BE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA7C3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA685000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x058D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 102400 bytes

0x06C50000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 1044480 bytes

0x06150000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 1150976 bytes

0x00D10000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 118784 bytes

0x038E0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 118784 bytes

0x05ED0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 118784 bytes

0x05770000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 135168 bytes

0x05680000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 151552 bytes

0x05B20000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 1740800 bytes

0x05CD0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 217088 bytes

0x056B0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 233472 bytes

0x00EE0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 28672 bytes

0x01110000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 28672 bytes

0x05820000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x00D40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x00D70000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x03BE0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04310000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x042C0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x042E0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04330000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04470000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04460000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04820000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04840000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x048E0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04910000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x048F0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04940000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04A90000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04AB0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04C40000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04CB0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04CD0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04E30000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04DA0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04DF0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04E40000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04F70000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x051B0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05410000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05400000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05540000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x055F0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x055E0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05620000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05610000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05630000 Hidden Image-->Branding.dll [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05660000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05730000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05750000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x05810000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 28672 bytes

0x04870000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 299008 bytes

0x01130000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89B9D318 ] PID: 548, 307200 bytes

0x00DB0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8912B020 ] PID: 1168, 307200 bytes

0x03850000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 36864 bytes

0x03880000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 36864 bytes

0x00D10000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x03920000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x03950000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x03AA0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x03C30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04810000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x048D0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04D70000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04E90000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04E80000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04EB0000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04EF0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x04F60000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x05600000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 36864 bytes

0x05D10000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 372736 bytes

0x068B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 372736 bytes

0x05550000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 413696 bytes

0x05900000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 413696 bytes

0x057A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 446464 bytes

0x00D40000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 45056 bytes

0x00DB0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 45056 bytes

0x04D80000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x00D30000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x00E10000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x03BF0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x04E00000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x04E50000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x04EE0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 45056 bytes

0x04480000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8912B020 ] PID: 1168, 454656 bytes

0x06830000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 462848 bytes

0x05840000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 503808 bytes

0x055C0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x04450000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x03C60000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x03C20000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x03C70000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x042D0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x04D60000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x04EA0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x04E60000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x05710000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x05F20000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 53248 bytes

0x06910000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 602112 bytes

0x04F30000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 61440 bytes

0x04EC0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 61440 bytes

0x04F20000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 61440 bytes

0x04FE0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 61440 bytes

0x065E0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 684032 bytes

0x00DC0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89B9D318 ] PID: 548, 69632 bytes

0x00D80000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 69632 bytes

0x03900000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 69632 bytes

0x04850000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 69632 bytes

0x04F90000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 69632 bytes

0x05080000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 69632 bytes

0x05E20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 700416 bytes

0x06470000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 724992 bytes

0x04C20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 77824 bytes

0x04E10000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 77824 bytes

0x04F00000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 77824 bytes

0x04F40000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 77824 bytes

0x06760000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 806912 bytes

0x06A80000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 823296 bytes

0x00D50000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 86016 bytes

0x04DB0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 86016 bytes

0x05640000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 86016 bytes

0x03A50000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 94208 bytes

0x04950000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 94208 bytes

0x04FB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8912B020 ] PID: 1168, 94208 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 04 - You'll Always Be Mine.mp3th You.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 06 - You Just Don't Understand.mp3ou.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 08 - Thinking Of Linking.mp3nd.mp3ou.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 09 - I'll Follow The Sun.mp3nd.mp3ou.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 12 - You Must Lie Everyday.mp3.mp3ou.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960\Beatles (Rehearsal) - The Quarryman - Bootleg Rehearsal Demo Tape 1960 - 16 - That'll Be The Day.mp3ches Begin.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Alternate Sgt. Pepper's Lonely Hearts Club Band - Disc 1\Beatles - Alternate Sgt.Pepper 1 - 02 - With A Little Help From My Friends (Regular - Take 11 RM 15).mp3p3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Alternate Sgt. Pepper's Lonely Hearts Club Band - Disc 1\Beatles - Alternate Sgt.Pepper 1 - 12 - Sgt. Pepper's Lonely Hearts Club Band (Reprise) (Take 9 RM 9).mp33

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 03 - Paperback Writer (Takes 1 & 2).mp3x).mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 04 - Nowhere Man (Live Candlestick Park).mp33.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 06 - Strawberry Fields Forever (Demo).mp3ark).mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 09 - Good Morning Good Morning (Demo).mp3ark).mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 11 - All You Need Is Love (Our World Tv).mp3).mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 12 - Your Mother Should Know (Take 8).mp3mp3).mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 13 - I Am The Walrus (Take 7 Monitor Mix).mp3.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 15 - Aerial Tour Instrumental (Mono Mix).mp33

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 17 - Hello Hello (Hello Goodbye) Take 1.mp333

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 18 - Blue Jay Way (Overdub Session).mp3.mp333

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967)\Beatles - Artifacts I Volume 3 (The Psychedelic Years 1966-1967) - 20 - Daddy's Little Sunshine Boy (Demo).mp333

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - The Original Decca Tapes - Decca Studios, 01.02.1962\Beatles - The Original Decca Tapes - 17 - The One After 909 (Rehearsal Early 1962 at the Cavern, Liverpool).MP3ol).MP3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - The Original Decca Tapes - Decca Studios, 01.02.1962\Beatles - The Original Decca Tapes - 18 - The One After 909 (Rehearsal Early 1962 at the Cavern, Liverpool).MP3ol).MP3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Unreleased 30th Ann. White Album Radio Special (1 of 2)\Beatles - Unreleased 30th Ann. White Album Radio Special (1 of 2) - 03 - Happy Birthday Michelle Love.mp3s.mp3

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Beatles - 122 Beatles Albums\Beatles - Unreleased 30th Ann. White Album Radio Special (1 of 2)\Beatles - Unreleased 30th Ann. White Album Radio Special (1 of 2) - 10 - Everybodys Got Something To Hide.mp33

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\27 VI-14_PERF-REP_bow_4-120.gigg

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\28 VI-14_PERF-REP_bow_8-120.gigg

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\31 VI-14_RUNS-LEGATO_major.gigig

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\32 VI-14_RUNS-LEGATO_minor.gigig

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\36 VI-14_PERF-LEG_grace_1-3.gigg

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\37 VI-14_GLISSANDI_octave.gigigg

!-->[Hidden] C:\Documents and Settings\Thomas\My Documents\Downloads\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.GiGA-DELiRiUM\Vienna.Symphonic.Orchestra.Pro.Performance.DVDR.Vol.1.GiGA-DELiRiUM\dlm-performance1\01 Violin ensemble - 14\44 VI-14_SOR_PERF-REP_slow.giggg

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->805044B2 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindConfigurationEntry, Type: Inline - RelativeJump 0x806A2812-->806A2823 [ntkrnlpa.exe]

[316]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[316]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[316]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[316]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[316]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[316]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[316]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[Renfield]

Är det här hela?

ComboFix 10-10-02.02 - Thomas 2010-10-04 11:30:37.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1550 [GMT 2:00]

Running from: C:\Documents and Settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

 

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))

.

 

2010-10-03 23:14:42 . 2010-10-03 23:14:42 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2010-10-03 17:03:59 . 2010-10-03 17:03:59 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2010-10-02 23:06:36 . 2010-10-02 23:06:56 -------- d-----w- C:\Program Files\MagicDisc

2010-10-02 23:06:36 . 2009-02-24 16:42:14 116736 ----a-w- C:\WINDOWS\system32\drivers\mcdbus.sys

2010-10-01 22:31:06 . 2010-10-01 22:31:07 -------- d-----w- C:\Program Files\ESET

2010-10-01 18:55:08 . 2010-05-21 12:14:28 221568 ------w- C:\WINDOWS\system32\MpSigStub.exe

2010-09-30 19:51:21 . 2010-09-24 14:43:10 618128 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51:21 . 2010-09-24 14:42:58 644384 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26:02 . 2010-09-28 22:41:58 998400 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26:02 . 2010-09-28 22:41:56 834048 ----a-w- C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05:52 . 2010-09-20 00:05:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\F-Secure

2010-09-15 18:03:44 . 2010-09-15 18:03:45 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

2010-09-14 09:05:15 . 2010-09-14 09:05:15 -------- d-----w- C:\Program Files\iPod

2010-09-14 09:05:14 . 2010-09-14 09:05:40 -------- d-----w- C:\Program Files\iTunes

2010-09-14 08:57:24 . 2010-09-14 08:57:24 73000 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04:59 . 2008-10-27 08:04:18 514384 ----a-w- C:\WINDOWS\system32\XAudio2_3.dll

2010-09-08 19:03:05 . 2010-09-08 19:03:05 -------- d-----w- C:\WINDOWS\Logs

2010-09-07 18:52:24 . 2010-09-14 00:32:59 -------- d-----w- C:\Program Files\The Adventure Company

2010-09-07 18:29:39 . 2010-09-07 18:29:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29:32 . 2010-09-07 18:49:05 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28:31 . 2010-09-07 18:28:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49:24 . 2010-09-05 22:49:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Tages

2010-09-05 09:26:55 . 2010-09-05 22:44:32 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Games

2010-09-04 23:04:49 . 2010-09-15 18:04:16 -------- d-----w- C:\Program Files\AGEIA Technologies

2010-09-04 23:04:49 . 2010-09-15 18:04:14 -------- d-----w- C:\WINDOWS\system32\AGEIA

2010-09-04 23:04:37 . 2010-09-04 23:04:37 281504 ----a-w- C:\WINDOWS\system32\drivers\atksgt.sys

2010-09-04 23:04:37 . 2010-09-04 23:04:37 25888 ----a-w- C:\WINDOWS\system32\drivers\lirsgt.sys

2010-09-04 21:58:30 . 2010-09-07 18:29:58 445936 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2010-09-04 21:58:27 . 2010-09-04 21:58:27 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools Pro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-03 23:36:23 . 2010-06-02 23:15:57 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\vlc

2010-10-03 23:13:19 . 2010-04-02 20:44:37 -------- d-----w- C:\Program Files\COMODO

2010-10-03 23:09:57 . 2010-04-02 20:45:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\COMODO

2010-10-03 22:08:07 . 2010-04-21 21:26:49 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\BitTorrent

2010-10-03 18:50:46 . 2010-05-24 16:17:40 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\dvdcss

2010-10-02 12:13:40 . 2010-05-25 20:52:33 -------- d-----w- C:\Program Files\Common Files\CyberLink

2010-10-02 12:13:40 . 2010-05-25 20:51:30 -------- d-----w- C:\Program Files\CyberLink

2010-10-02 12:12:49 . 2010-05-25 21:25:56 53319 ----a-w- C:\Documents and Settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-09-30 00:10:03 . 2010-04-02 21:33:59 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\QuickScan

2010-09-29 09:48:25 . 2010-04-02 20:29:42 -------- d-----w- C:\Program Files\Microsoft Silverlight

2010-09-22 20:38:21 . 2010-04-02 19:14:22 -------- d--h--w- C:\Program Files\InstallShield Installation Information

2010-09-14 09:06:58 . 2010-04-02 21:39:46 -------- d-----w- C:\Program Files\QT Lite

2010-09-14 09:05:14 . 2010-08-13 09:51:09 -------- d-----w- C:\Program Files\Common Files\Apple

2010-09-06 22:42:00 . 2010-04-02 21:44:32 -------- d-----w- C:\Program Files\Elaborate Bytes

2010-09-04 23:06:28 . 2010-09-04 23:06:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\InstallShield

2010-09-04 23:02:42 . 2010-04-02 19:11:20 -------- d-----w- C:\Program Files\Common Files\InstallShield

2010-09-04 09:00:00 . 2010-09-04 09:00:00 -------- d-----w- C:\Program Files\ASIO4ALL v2

2010-09-04 08:46:54 . 2010-09-04 08:46:54 -------- d-----w- C:\Program Files\M-Audio MobilePre

2010-09-01 09:03:44 . 2010-04-21 21:26:45 -------- d-----w- C:\Program Files\BitTorrent

2010-08-29 22:05:45 . 2010-08-29 21:33:14 1515134079 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46:59 . 2010-08-30 18:30:03 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46:59 . 2010-08-30 18:26:07 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46:59 . 2010-08-29 21:33:59 29255168 ----a-w- C:\Documents and Settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47:25 . 2010-08-29 20:47:25 -------- d-----w- C:\Program Files\Ableton

2010-08-29 20:25:33 . 2010-04-30 09:30:37 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Ableton

2010-08-29 11:31:32 . 2010-08-29 11:31:32 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30:47 . 2010-08-29 11:30:47 10710528 ----a-w- C:\Documents and Settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30:46 . 2010-08-29 11:30:46 1534464 ----a-w- C:\Documents and Settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30:45 . 2010-08-29 11:30:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Line 6

2010-08-29 11:30:32 . 2010-08-29 11:30:32 606208 ----a-w- C:\WINDOWS\system32\REX Shared Library.dll

2010-08-29 11:30:32 . 2010-08-29 11:30:32 2771968 ----a-w- C:\WINDOWS\system32\ReWire.dll

2010-08-29 11:30:03 . 2010-04-07 17:44:21 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29:58 . 2010-08-29 11:29:58 8192 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29:58 . 2010-08-29 11:29:58 30208 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29:58 . 2010-08-29 11:29:58 14848 ----a-r- C:\Documents and Settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28:20 . 2010-08-29 11:28:20 -------- d-----w- C:\Program Files\CodeMeter

2010-08-29 11:28:09 . 2010-04-29 21:56:01 -------- d-----w- C:\Program Files\Propellerhead

2010-08-25 20:27:39 . 2010-08-13 09:53:34 -------- d-----w- C:\Documents and Settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04:26 . 2010-08-22 12:04:25 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37:00 . 2010-08-20 20:30:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57:29 . 2010-04-02 16:36:14 25128 ----a-w- C:\Documents and Settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49:58 . 2010-04-24 20:37:55 -------- d-----w- C:\Program Files\Common Files\Adobe

2010-08-20 19:48:53 . 2010-08-20 19:48:52 -------- d-----w- C:\Program Files\Adobe Media Player

2010-08-20 19:47:34 . 2010-08-20 19:47:34 -------- d-----w- C:\Program Files\Common Files\Adobe AIR

2010-08-17 13:17:06 . 2004-08-10 11:00:00 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe

2010-08-14 09:35:36 . 2010-08-14 09:35:36 -------- d-----w- C:\Program Files\Common Files\Java

2010-08-14 09:35:12 . 2010-05-09 14:40:01 -------- d-----w- C:\Program Files\Java

2010-08-13 09:53:06 . 2010-08-13 09:52:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52:38 . 2010-04-02 21:39:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer

2010-08-13 09:51:36 . 2010-08-13 09:51:36 -------- d-----w- C:\Program Files\Apple Software Update

2010-08-13 09:51:18 . 2010-08-13 09:51:17 -------- d-----w- C:\Program Files\Bonjour

2010-08-13 09:51:09 . 2010-08-13 09:51:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple

2010-08-12 12:16:02 . 2010-08-22 12:04:25 2979848 -c--a-w- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15:20 . 2010-05-28 10:26:51 15880 ----a-w- C:\WINDOWS\system32\lsdelete.exe

2010-08-12 12:15:20 . 2010-04-28 17:26:04 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys

2010-08-04 17:07:13 . 2010-08-04 17:07:13 61440 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 503808 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 499712 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 348160 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07:13 . 2010-08-04 17:07:13 12800 ----a-w- C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49:15 . 2004-08-10 11:00:00 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll

2010-07-22 05:57:20 . 2010-04-02 20:01:54 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll

2010-07-17 03:00:04 . 2010-05-09 14:40:12 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2007-12-28 22:04:45 . 2010-09-15 22:23:29 1270409216 ----a-w- C:\Program Files\rld-shal.iso

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-02_17.38.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-04 09:12:54 . 2010-10-04 09:12:54 16384 C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 21:03:13 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 02:04:42 59392]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 10:59:18 24576]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 12:14:18 311350]

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-30 14:17:16 28739]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 05:56:14 139264]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 21:32:54 61440]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208]

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 20:10:47 402432]

"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2009-09-02 12:29:22 643592]

"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2010-08-10 03:15:54 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-01 06:32:00 421160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

 

C:\Documents and Settings\Thomas\Start Menu\Programs\Startup\

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2010-10-3 576000]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [2010-04-28 19:26:04 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 04:01:00 1680704]

R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [2010-04-24 22:41:46 233472]

R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [2010-04-24 22:41:46 36608]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 14:15:19 1356952]

S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 10:58:52 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;C:\WINDOWS\system32\drivers\MAudioMobilePre.sys [2010-09-04 10:27:11 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);C:\WINDOWS\system32\DRIVERS\mausbmp.sys --> C:\WINDOWS\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [2010-04-24 22:41:58 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [2010-04-24 22:41:58 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [2010-04-24 22:41:58 121856]

S3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 13:37:14 517096]

S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2010-09-04 23:58:30 445936]

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-04 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15:19 . 2010-09-28 19:08:42]

 

2010-10-01 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 19:45:42 . 2010-03-06 01:44:40]

 

2010-09-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: C:\Program Files\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: C:\Program Files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: C:\Program Files\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

[Mats H]

Hej,

hur går det med körandet i normalt läge?

Fortfarande varningar från Windows när du ska köra?

 

Kan du ta denna fil till Virustotal,

C:\Documents and Settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

Mvh

Mats H

[Renfield]

Det har inte kommit upp någon varning från windows i vanliga läget än.

Här är länkarna:

https://www.virustotal.com/file-scan/report.html?id=b1df2b8d718cf7958e5e0b367859eefb45cc9042b1b88e0c4da884df2608b59a-1286198522

 

https://www.virustotal.com/file-scan/report.html?id=7cbc77c620aba75fef4ba8ad9c38766d50cd18106eba4693f162f2c5a7d46aa8-1286136762

[Renfield]

Ska jag installera om comodo nu?

[Cecilia]

För mig verkar det som att varningarna du fick förut hade med Comodo att göra eftersom de upphörde när du avinstallerade programmet. Eventuellt att det hade blivit olämpligt konfigurerat.

 

Vi skulle vilja se en hel ComboFix-logg innan du installerar Comodo. Ta bort den ComboFix du har och ladda ner den senaste versionen (samma länk som förut) samt kör på samma sätt som tidigare.

 

Du har väl inte missat andra halvan av Mats inlägg #62?

[Renfield]

Jo, den hade jag helt glömt bort! Här kommer resultatet:

https://www.virustotal.com/file-scan/report.html?id=d6a07e10c742dd509b8e38aa23fa6b5d4db774e96ee34f1549939eeddd4e6ed7-1285962071

[Renfield]

ComboFix 10-10-03.03 - Thomas 2010-10-04 20:32:02.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT 2:00]

Running from: c:\documents and settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

 

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))

.

 

2010-10-03 23:14 . 2010-10-03 23:14 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-03 17:03 . 2010-10-03 17:03 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-10-02 23:06 . 2010-10-02 23:06 -------- d-----w- c:\program files\MagicDisc

2010-10-02 23:06 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-01 22:31 . 2010-10-01 22:31 -------- d-----w- c:\program files\ESET

2010-10-01 18:55 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 19:51 . 2010-09-24 14:43 618128 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51 . 2010-09-24 14:42 644384 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26 . 2010-09-28 22:41 998400 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26 . 2010-09-28 22:41 834048 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05 . 2010-09-20 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iPod

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iTunes

2010-09-14 08:57 . 2010-09-14 08:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\windows\Logs

2010-09-07 18:52 . 2010-09-14 00:32 -------- d-----w- c:\program files\The Adventure Company

2010-09-07 18:29 . 2010-09-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29 . 2010-09-07 18:49 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28 . 2010-09-07 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49 . 2010-09-05 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages

2010-09-05 09:26 . 2010-09-05 22:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Games

2010-09-04 23:04 . 2010-09-15 18:04 -------- d-----w- c:\program files\AGEIA Technologies

2010-09-04 23:04 . 2010-09-15 18:04 -------- d-----w- c:\windows\system32\AGEIA

2010-09-04 23:04 . 2010-09-04 23:04 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-09-04 23:04 . 2010-09-04 23:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-09-04 21:58 . 2010-09-07 18:29 445936 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-09-04 21:58 . 2010-09-04 21:58 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Pro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-04 18:30 . 2010-04-21 21:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\BitTorrent

2010-10-04 17:59 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Thomas\Application Data\vlc

2010-10-03 23:13 . 2010-04-02 20:44 -------- d-----w- c:\program files\COMODO

2010-10-03 23:09 . 2010-04-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-10-03 18:50 . 2010-05-24 16:17 -------- d-----w- c:\documents and settings\Thomas\Application Data\dvdcss

2010-10-02 12:13 . 2010-05-25 20:52 -------- d-----w- c:\program files\Common Files\CyberLink

2010-10-02 12:13 . 2010-05-25 20:51 -------- d-----w- c:\program files\CyberLink

2010-10-02 12:12 . 2010-05-25 21:25 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-09-30 00:10 . 2010-04-02 21:33 -------- d-----w- c:\documents and settings\Thomas\Application Data\QuickScan

2010-09-29 09:48 . 2010-04-02 20:29 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-22 20:38 . 2010-04-02 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-14 09:06 . 2010-04-02 21:39 -------- d-----w- c:\program files\QT Lite

2010-09-14 09:05 . 2010-08-13 09:51 -------- d-----w- c:\program files\Common Files\Apple

2010-09-06 22:42 . 2010-04-02 21:44 -------- d-----w- c:\program files\Elaborate Bytes

2010-09-04 23:06 . 2010-09-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-09-04 23:02 . 2010-04-02 19:11 -------- d-----w- c:\program files\Common Files\InstallShield

2010-09-04 09:00 . 2010-09-04 09:00 -------- d-----w- c:\program files\ASIO4ALL v2

2010-09-04 08:46 . 2010-09-04 08:46 -------- d-----w- c:\program files\M-Audio MobilePre

2010-09-01 09:03 . 2010-04-21 21:26 -------- d-----w- c:\program files\BitTorrent

2010-08-29 22:05 . 2010-08-29 21:33 1515134079 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46 . 2010-08-30 18:30 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-30 18:26 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-29 21:33 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47 . 2010-08-29 20:47 -------- d-----w- c:\program files\Ableton

2010-08-29 20:25 . 2010-04-30 09:30 -------- d-----w- c:\documents and settings\Thomas\Application Data\Ableton

2010-08-29 11:31 . 2010-08-29 11:31 -------- d-----w- c:\documents and settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30 . 2010-08-29 11:30 10710528 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30 . 2010-08-29 11:30 1534464 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30 . 2010-08-29 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6

2010-08-29 11:30 . 2010-08-29 11:30 606208 ----a-w- c:\windows\system32\REX Shared Library.dll

2010-08-29 11:30 . 2010-08-29 11:30 2771968 ----a-w- c:\windows\system32\ReWire.dll

2010-08-29 11:30 . 2010-04-07 17:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29 . 2010-08-29 11:29 8192 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 30208 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 14848 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28 . 2010-08-29 11:28 -------- d-----w- c:\program files\CodeMeter

2010-08-29 11:28 . 2010-04-29 21:56 -------- d-----w- c:\program files\Propellerhead

2010-08-25 20:27 . 2010-08-13 09:53 -------- d-----w- c:\documents and settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04 . 2010-08-22 12:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37 . 2010-08-20 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57 . 2010-04-02 16:36 25128 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49 . 2010-04-24 20:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-20 19:48 . 2010-08-20 19:48 -------- d-----w- c:\program files\Adobe Media Player

2010-08-20 19:47 . 2010-08-20 19:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-14 09:35 . 2010-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 09:35 . 2010-05-09 14:40 -------- d-----w- c:\program files\Java

2010-08-13 09:53 . 2010-08-13 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52 . 2010-04-02 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Apple Software Update

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Bonjour

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-12 12:16 . 2010-08-22 12:04 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2010-05-28 10:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2010-04-28 17:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-04 17:07 . 2010-08-04 17:07 61440 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07 . 2010-08-04 17:07 503808 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07 . 2010-08-04 17:07 499712 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07 . 2010-08-04 17:07 348160 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07 . 2010-08-04 17:07 12800 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-02 20:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-05-09 14:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-12-28 22:04 . 2010-09-15 22:23 1270409216 ----a-w- c:\program files\rld-shal.iso

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-02_17.38.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-04 09:38 . 2010-10-04 09:38 16384 c:\windows\temp\Perflib_Perfdata_fc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-30 28739]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Thomas\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-3 576000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-04-28 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-04-24 233472]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-04-24 36608]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1356952]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-09-04 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys --> c:\windows\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-04-24 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-04-24 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-04-24 121856]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-09-04 445936]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - FSUSBEXDISK

*Deregistered* - Normandy

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:08]

 

2010-10-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 01:44]

 

2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(748)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3432)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-10-04 20:36:43

ComboFix-quarantined-files.txt 2010-10-04 18:36

ComboFix2.txt 2010-10-03 18:06

ComboFix3.txt 2010-10-02 19:13

ComboFix4.txt 2010-10-02 17:39

 

Pre-Run: 143 537 631 232 bytes free

Post-Run: 143 523 262 464 bytes free

 

- - End Of File - - 565CC088085956B7CCA7DDDC10EAFBBE

[Cecilia]

Jag ser inte till något skadligt i dina loggar längre. Men det är alltid bra med fler ögon så Mats kommer att kolla också, men eventuellt först i morgon.

 

Klistra in nya DDS-loggar får vi se hur de ser ut numera.

[Renfield]

Här är ddslog och attach

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Thomas at 23:59:49,99 on 2010-10-04

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1155 [GMT 2:00]

 

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\explorer.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Thomas\My Documents\Hämtade filer\dds(3).scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mRun: [QuickTime Task] "c:\program files\qt lite\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\thomas\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pminne~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270237399086

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270239398531

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\thomas\applic~1\mozilla\firefox\profiles\mrwkk0wk.default\

FF - component: c:\documents and settings\thomas\application data\mozilla\firefox\profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\thomas\application data\mozilla\firefox\profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\thomas\application data\mozilla\firefox\profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin6.dll

FF - plugin: c:\program files\qt lite\plugins\npqtplugin7.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-28 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-4-3 1680704]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-24 233472]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-24 36608]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-9-4 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys --> c:\windows\system32\drivers\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-4-24 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-4-24 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-4-24 121856]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

 

=============== Created Last 30 ================

 

2010-10-04 18:31:15 0 d-----w- C:\ComboFix

2010-10-03 23:14:42 0 d-----w- c:\windows\system32\wbem\Repository

2010-10-03 17:03:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-10-02 23:06:36 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-02 23:06:36 0 d-----w- c:\program files\MagicDisc

2010-10-02 17:33:44 0 d-sha-r- C:\cmdcons

2010-10-02 17:30:29 98816 ----a-w- c:\windows\sed.exe

2010-10-02 17:30:29 77312 ----a-w- c:\windows\MBR.exe

2010-10-02 17:30:29 256512 ----a-w- c:\windows\PEV.exe

2010-10-02 17:30:29 161792 ----a-w- c:\windows\SWREG.exe

2010-10-01 22:31:06 0 d-----w- c:\program files\ESET

2010-10-01 18:55:08 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-28 10:18:19 1409 ----a-w- c:\windows\system32\tmp6F27E.FOT

2010-09-22 20:38:22 73728 ----a-w- c:\windows\system32\ISUSPM.cpl

2010-09-20 00:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-09-15 22:06:18 1270409216 ----a-w- C:\rld-shal.iso

2010-09-15 18:03:44 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-09-14 09:05:15 0 d-----w- c:\program files\iPod

2010-09-14 09:05:14 0 d-----w- c:\program files\iTunes

2010-09-08 19:04:59 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2010-09-08 19:03:05 0 d-----w- c:\windows\Logs

2010-09-07 18:52:24 0 d-----w- c:\program files\The Adventure Company

2010-09-07 18:29:39 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Net

2010-09-07 18:29:32 0 d-----w- c:\docume~1\thomas\applic~1\DAEMON Tools Net

2010-09-07 18:28:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro

2010-09-05 22:49:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages

2010-09-04 23:04:49 0 d-----w- c:\windows\system32\AGEIA

2010-09-04 23:04:37 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-09-04 23:04:37 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

 

==================== Find3M ====================

 

2010-09-07 18:29:58 445936 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-29 11:30:32 606208 ----a-w- c:\windows\system32\REX Shared Library.dll

2010-08-29 11:30:32 2771968 ----a-w- c:\windows\system32\ReWire.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-12 12:15:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-12-28 22:04:45 1270409216 ----a-w- c:\program files\rld-shal.iso

 

============= FINISH: 0:00:06,53 ===============

Attach2.txt

[Mats H]

Hej,

jag vill att du kör detta CFscript i Combofix.

Ladda ned och spara på ditt skrivbord.

Förbered datorn på samma sätt som tidigare för ComboFix.

Stäng av samtliga program, du kan lämna brandväggen på.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut

Mvh

Mats H

 

CFScript.txt

[Renfield]

Datorn stannade upp två gånger och den blåa varningsskylten kom upp. I felsäkert läge funkade det dock:

ComboFix 10-10-04.02 - Thomas 2010-10-05 20:27:49.9.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1720 [GMT 2:00]

Running from: c:\documents and settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

Command switches used :: c:\documents and settings\Thomas\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

 

((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))

.

 

2010-10-03 23:14 . 2010-10-03 23:14 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-03 17:03 . 2010-10-03 17:03 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-10-02 23:06 . 2010-10-02 23:06 -------- d-----w- c:\program files\MagicDisc

2010-10-02 23:06 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-01 22:31 . 2010-10-01 22:31 -------- d-----w- c:\program files\ESET

2010-10-01 18:55 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 19:51 . 2010-09-24 14:43 618128 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51 . 2010-09-24 14:42 644384 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26 . 2010-09-28 22:41 998400 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26 . 2010-09-28 22:41 834048 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05 . 2010-09-20 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iPod

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iTunes

2010-09-14 08:57 . 2010-09-14 08:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\windows\Logs

2010-09-07 18:52 . 2010-09-14 00:32 -------- d-----w- c:\program files\The Adventure Company

2010-09-07 18:29 . 2010-09-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29 . 2010-09-07 18:49 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28 . 2010-09-07 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49 . 2010-09-05 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 11:22 . 2010-04-21 21:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\BitTorrent

2010-10-05 09:52 . 2010-04-21 21:26 -------- d-----w- c:\program files\BitTorrent

2010-10-04 21:39 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Thomas\Application Data\vlc

2010-10-03 23:13 . 2010-04-02 20:44 -------- d-----w- c:\program files\COMODO

2010-10-03 23:09 . 2010-04-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-10-03 18:50 . 2010-05-24 16:17 -------- d-----w- c:\documents and settings\Thomas\Application Data\dvdcss

2010-10-02 12:13 . 2010-05-25 20:52 -------- d-----w- c:\program files\Common Files\CyberLink

2010-10-02 12:13 . 2010-05-25 20:51 -------- d-----w- c:\program files\CyberLink

2010-10-02 12:12 . 2010-05-25 21:25 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-09-30 00:10 . 2010-04-02 21:33 -------- d-----w- c:\documents and settings\Thomas\Application Data\QuickScan

2010-09-29 09:48 . 2010-04-02 20:29 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-22 20:38 . 2010-04-02 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-15 18:04 . 2010-09-04 23:04 -------- d-----w- c:\program files\AGEIA Technologies

2010-09-14 09:06 . 2010-04-02 21:39 -------- d-----w- c:\program files\QT Lite

2010-09-14 09:05 . 2010-08-13 09:51 -------- d-----w- c:\program files\Common Files\Apple

2010-09-07 18:29 . 2010-09-04 21:58 445936 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-09-06 22:42 . 2010-04-02 21:44 -------- d-----w- c:\program files\Elaborate Bytes

2010-09-05 22:44 . 2010-09-05 09:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\Games

2010-09-04 23:06 . 2010-09-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-09-04 23:04 . 2010-09-04 23:04 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-09-04 23:04 . 2010-09-04 23:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-09-04 23:02 . 2010-04-02 19:11 -------- d-----w- c:\program files\Common Files\InstallShield

2010-09-04 21:58 . 2010-09-04 21:58 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Pro

2010-09-04 09:00 . 2010-09-04 09:00 -------- d-----w- c:\program files\ASIO4ALL v2

2010-09-04 08:46 . 2010-09-04 08:46 -------- d-----w- c:\program files\M-Audio MobilePre

2010-08-29 22:05 . 2010-08-29 21:33 1515134079 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46 . 2010-08-30 18:30 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-30 18:26 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-29 21:33 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47 . 2010-08-29 20:47 -------- d-----w- c:\program files\Ableton

2010-08-29 20:25 . 2010-04-30 09:30 -------- d-----w- c:\documents and settings\Thomas\Application Data\Ableton

2010-08-29 11:31 . 2010-08-29 11:31 -------- d-----w- c:\documents and settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30 . 2010-08-29 11:30 10710528 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30 . 2010-08-29 11:30 1534464 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30 . 2010-08-29 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6

2010-08-29 11:30 . 2010-08-29 11:30 606208 ----a-w- c:\windows\system32\REX Shared Library.dll

2010-08-29 11:30 . 2010-08-29 11:30 2771968 ----a-w- c:\windows\system32\ReWire.dll

2010-08-29 11:30 . 2010-04-07 17:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29 . 2010-08-29 11:29 8192 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 30208 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 14848 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28 . 2010-08-29 11:28 -------- d-----w- c:\program files\CodeMeter

2010-08-29 11:28 . 2010-04-29 21:56 -------- d-----w- c:\program files\Propellerhead

2010-08-25 20:27 . 2010-08-13 09:53 -------- d-----w- c:\documents and settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04 . 2010-08-22 12:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37 . 2010-08-20 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57 . 2010-04-02 16:36 25128 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49 . 2010-04-24 20:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-20 19:48 . 2010-08-20 19:48 -------- d-----w- c:\program files\Adobe Media Player

2010-08-20 19:47 . 2010-08-20 19:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-14 09:35 . 2010-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 09:35 . 2010-05-09 14:40 -------- d-----w- c:\program files\Java

2010-08-13 09:53 . 2010-08-13 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52 . 2010-04-02 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Apple Software Update

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Bonjour

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-12 12:16 . 2010-08-22 12:04 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2010-05-28 10:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2010-04-28 17:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-04 17:07 . 2010-08-04 17:07 61440 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07 . 2010-08-04 17:07 503808 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07 . 2010-08-04 17:07 499712 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07 . 2010-08-04 17:07 348160 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07 . 2010-08-04 17:07 12800 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-02 20:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-05-09 14:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-12-28 22:04 . 2010-09-15 22:23 1270409216 ----a-w- c:\program files\rld-shal.iso

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-02_17.38.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-05 18:34 . 2010-10-05 18:34 16384 c:\windows\temp\Perflib_Perfdata_2ac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-30 28739]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Thomas\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-3 576000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-04-28 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-04-24 233472]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1356952]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-04-24 36608]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-09-04 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys --> c:\windows\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-04-24 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-04-24 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-04-24 121856]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-09-04 445936]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - FSUSBEXDISK

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:08]

 

2010-10-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 01:44]

 

2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3084)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\dllhost.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-10-05 20:38:01 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-05 18:38

ComboFix2.txt 2010-10-05 11:11

ComboFix3.txt 2010-10-04 18:36

ComboFix4.txt 2010-10-03 18:06

ComboFix5.txt 2010-10-05 17:31

 

Pre-Run: 143 683 579 904 bytes free

Post-Run: 143 667 490 816 bytes free

 

- - End Of File - - CFC519739E6B198232EE37944D8C55E0

[Mats H]

Hej.

I C:\qoobox fins en logg från tidigare idag, ComboFix2.txt 2010-10-05 11:11.

Kan du posta den med?

Mvh

Mats H

[Mats H]

Hej,

Combofix scriptet tog ej, så manuellt borttag återstår.

Kan du ta bort dessa filer, använd felsäkert läge. Markera, tryck Shift och Delete

C:\Documents and Settings\Thomas\Application Data\BitTorrent\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar

C:\Program Files\rld-shal.iso

C:\rld-shal.iso

 

ESET loggen:

C:\Documents and Settings\Thomas\Application Data\BitTorrent\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar NSIS/TrojanDownloader.Agent.NCA trojan

C:\Program Files\rld-shal.iso probably a variant of Win32/Agent.JLJQET trojan

C:\rld-shal.iso probably a variant of Win32/Agent.JLJQET trojan

Mvh

Mats H

[Renfield]

Klockslaget stämde inte men det var nummer två:

ComboFix 10-10-04.02 - Thomas 2010-10-05 13:05:47.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1311 [GMT 2:00]

Running from: c:\documents and settings\Thomas\My Documents\Hämtade filer\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

 

((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))

.

 

2010-10-03 23:14 . 2010-10-03 23:14 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-03 17:03 . 2010-10-03 17:03 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-10-02 23:06 . 2010-10-02 23:06 -------- d-----w- c:\program files\MagicDisc

2010-10-02 23:06 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-01 22:31 . 2010-10-01 22:31 -------- d-----w- c:\program files\ESET

2010-10-01 18:55 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 19:51 . 2010-09-24 14:43 618128 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-30 19:51 . 2010-09-24 14:42 644384 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-29 19:26 . 2010-09-28 22:41 998400 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

2010-09-29 19:26 . 2010-09-28 22:41 834048 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-09-20 00:05 . 2010-09-20 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iPod

2010-09-14 09:05 . 2010-09-14 09:05 -------- d-----w- c:\program files\iTunes

2010-09-14 08:57 . 2010-09-14 08:57 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-08 19:04 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\windows\Logs

2010-09-07 18:52 . 2010-09-14 00:32 -------- d-----w- c:\program files\The Adventure Company

2010-09-07 18:29 . 2010-09-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Net

2010-09-07 18:29 . 2010-09-07 18:49 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Net

2010-09-07 18:28 . 2010-09-07 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2010-09-05 22:49 . 2010-09-05 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 11:05 . 2010-04-21 21:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\BitTorrent

2010-10-05 09:52 . 2010-04-21 21:26 -------- d-----w- c:\program files\BitTorrent

2010-10-04 21:39 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Thomas\Application Data\vlc

2010-10-03 23:13 . 2010-04-02 20:44 -------- d-----w- c:\program files\COMODO

2010-10-03 23:09 . 2010-04-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO

2010-10-03 18:50 . 2010-05-24 16:17 -------- d-----w- c:\documents and settings\Thomas\Application Data\dvdcss

2010-10-02 12:13 . 2010-05-25 20:52 -------- d-----w- c:\program files\Common Files\CyberLink

2010-10-02 12:13 . 2010-05-25 20:51 -------- d-----w- c:\program files\CyberLink

2010-10-02 12:12 . 2010-05-25 21:25 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-09-30 00:10 . 2010-04-02 21:33 -------- d-----w- c:\documents and settings\Thomas\Application Data\QuickScan

2010-09-29 09:48 . 2010-04-02 20:29 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-22 20:38 . 2010-04-02 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-15 18:04 . 2010-09-04 23:04 -------- d-----w- c:\program files\AGEIA Technologies

2010-09-14 09:06 . 2010-04-02 21:39 -------- d-----w- c:\program files\QT Lite

2010-09-14 09:05 . 2010-08-13 09:51 -------- d-----w- c:\program files\Common Files\Apple

2010-09-07 18:29 . 2010-09-04 21:58 445936 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-09-06 22:42 . 2010-04-02 21:44 -------- d-----w- c:\program files\Elaborate Bytes

2010-09-05 22:44 . 2010-09-05 09:26 -------- d-----w- c:\documents and settings\Thomas\Application Data\Games

2010-09-04 23:06 . 2010-09-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-09-04 23:04 . 2010-09-04 23:04 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-09-04 23:04 . 2010-09-04 23:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-09-04 23:02 . 2010-04-02 19:11 -------- d-----w- c:\program files\Common Files\InstallShield

2010-09-04 21:58 . 2010-09-04 21:58 -------- d-----w- c:\documents and settings\Thomas\Application Data\DAEMON Tools Pro

2010-09-04 09:00 . 2010-09-04 09:00 -------- d-----w- c:\program files\ASIO4ALL v2

2010-09-04 08:46 . 2010-09-04 08:46 -------- d-----w- c:\program files\M-Audio MobilePre

2010-08-29 22:05 . 2010-08-29 21:33 1515134079 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Setup.exe

2010-08-29 21:46 . 2010-08-30 18:30 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-30 18:26 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Crack\Live 8.1.1.exe

2010-08-29 21:46 . 2010-08-29 21:33 29255168 ----a-w- c:\documents and settings\Thomas\Application Data\BitTorrent\Ableton Suite 8.1.1 Full Cracked\Crack\Live 8.1.1.exe

2010-08-29 20:47 . 2010-08-29 20:47 -------- d-----w- c:\program files\Ableton

2010-08-29 20:25 . 2010-04-30 09:30 -------- d-----w- c:\documents and settings\Thomas\Application Data\Ableton

2010-08-29 11:31 . 2010-08-29 11:31 -------- d-----w- c:\documents and settings\Thomas\Application Data\PACE Anti-Piracy

2010-08-29 11:30 . 2010-08-29 11:30 10710528 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\L6TWXY.DLL

2010-08-29 11:30 . 2010-08-29 11:30 1534464 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXY\data\twx\L6TWX.DLL

2010-08-29 11:30 . 2010-08-29 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Line 6

2010-08-29 11:30 . 2010-08-29 11:30 606208 ----a-w- c:\windows\system32\REX Shared Library.dll

2010-08-29 11:30 . 2010-08-29 11:30 2771968 ----a-w- c:\windows\system32\ReWire.dll

2010-08-29 11:30 . 2010-04-07 17:44 -------- d-----w- c:\documents and settings\Thomas\Application Data\Propellerhead Software

2010-08-29 11:29 . 2010-08-29 11:29 8192 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 30208 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe

2010-08-29 11:29 . 2010-08-29 11:29 14848 ----a-r- c:\documents and settings\Thomas\Application Data\Microsoft\Installer\{26B46206-DF80-4DA2-AEAB-FF146320C344}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe

2010-08-29 11:28 . 2010-08-29 11:28 -------- d-----w- c:\program files\CodeMeter

2010-08-29 11:28 . 2010-04-29 21:56 -------- d-----w- c:\program files\Propellerhead

2010-08-25 20:27 . 2010-08-13 09:53 -------- d-----w- c:\documents and settings\Thomas\Application Data\Apple Computer

2010-08-22 12:04 . 2010-08-22 12:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-21 12:37 . 2010-08-20 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-08-20 19:57 . 2010-04-02 16:36 25128 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 19:49 . 2010-04-24 20:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-20 19:48 . 2010-08-20 19:48 -------- d-----w- c:\program files\Adobe Media Player

2010-08-20 19:47 . 2010-08-20 19:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-14 09:35 . 2010-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 09:35 . 2010-05-09 14:40 -------- d-----w- c:\program files\Java

2010-08-13 09:53 . 2010-08-13 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-13 09:52 . 2010-04-02 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Apple Software Update

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\program files\Bonjour

2010-08-13 09:51 . 2010-08-13 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-12 12:16 . 2010-08-22 12:04 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2010-05-28 10:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2010-04-28 17:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-04 17:07 . 2010-08-04 17:07 61440 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-sse.dll

2010-08-04 17:07 . 2010-08-04 17:07 503808 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcp71.dll

2010-08-04 17:07 . 2010-08-04 17:07 499712 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\jmc.dll

2010-08-04 17:07 . 2010-08-04 17:07 348160 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-508be564-n\msvcr71.dll

2010-08-04 17:07 . 2010-08-04 17:07 12800 ----a-w- c:\documents and settings\Thomas\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63a08553-n\decora-d3d.dll

2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-02 20:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 03:00 . 2010-05-09 14:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-12-28 22:04 . 2010-09-15 22:23 1270409216 ----a-w- c:\program files\rld-shal.iso

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-02_17.38.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-05 09:52 . 2010-10-05 09:52 16384 c:\windows\temp\Perflib_Perfdata_21c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-10 102400]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-30 28739]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Thomas\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-3 576000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-4-26 939920]

P†minnelser f”r Kalendern i Microsoft Works.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-04-28 64288]

R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2009-04-03 1680704]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-04-24 233472]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-04-24 36608]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1356952]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-09-04 158344]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys --> c:\windows\system32\DRIVERS\mausbmp.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-04-24 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-04-24 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-04-24 121856]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-09-04 445936]

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:08]

 

2010-10-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-EZRA-Thomas.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-20 01:44]

 

2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\mrwkk0wk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(748)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3276)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-10-05 13:11:21

ComboFix-quarantined-files.txt 2010-10-05 11:11

ComboFix2.txt 2010-10-04 18:36

ComboFix3.txt 2010-10-03 18:06

ComboFix4.txt 2010-10-02 19:13

ComboFix5.txt 2010-10-05 11:03

 

Pre-Run: 143 696 158 720 bytes free

Post-Run: 143 683 174 400 bytes free

 

- - End Of File - - 582683825E475B2CD99A2DD1428C8ADD

[Mats H]

Hej,

efter att du plockat bort filerna,

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

(Lavasoft Ad-Watch Live!).

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt.

 

Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Mvh

Mats H