olmarik.zc virusproblem

[JIMBOOZONE]

Hej!

Jag liksom många andra med mig har fått det lite besvärliga viruset olmarik.zc i datorn....

Jag har bara hunnit kika lite grann på det här på forumet, och kanske har jag missat någon bra tråd om hur jag skall finna bot på detta problem!?

Som det är nu så startar datorn om och ger mig blåskärm efter ca 10-15 sek när jag loggat in. Jag kan logga in i felsäkert läge, men kan inte köra NOD32 för att scanna.....

Tydligen så skall det vara möjligt att köra en del hjälpprogram för att fixa detta, men jag har inte kunnat se om det körs i felsäkert läge, eller i "normalt" läge. Normalläget funkar inte för mig som det är nu.... Eller?

Någon som har en idé om det kan vara möjligt att ev scanna datorn via en extern HDD med tex linux samt antivirusprogram på?

Jag hittade ett viruskiller-program på NOD32 hemsida, men kan inte köra det, då processen blir stoppad av viruset antar jag.

 

Tacksam för idéer eller hjälp!

[JIMBOOZONE]

Hej igen!

Fyller på med lite mer info.

 

NOD32 säger:

 

OBJECT:

C:\windows\System32\Drivers\TCPIP.SYS

THREAT:

Win32\Olmarik.ZC trojan

 

Error while cleaning

 

 

[Cecilia]

Det mesta går att köra i felsäkert läge av de rensningsprogram jag brukar föreslå. Till att börja med kan vi se vad DDS visar, så att jag får en överblick av vad som händer i datorn. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[JIMBOOZONE]

Hej!

 

Tackar för responsen!

i´m on it!

Laddar ner programmet nu och flyttar det till min infekterade laptop nu! Jag återkommer när det är gjort!

(jag har just nu ingen internetåtkomst från laptopen pga viruset...)

jag hoppas att det skall fungera att göra så?

 

jag återkommer snarast!

[Cecilia]

Det går utmärkt att flytta program och loggar mellan datorerna med hjälp av USB-minne.

 

Dock eftersom det finns skadliga program som sprids den vägen kör Flash Disinfector i den friska datorn innan du ansluter USB-minnet igen. Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade. Håll nere Shift-tangenten medan du stoppar in USB-minnet etc ända till Windows har detekterat att enheten är inne för att hindra att något program på enheten körs.

När allt är klart så avsluta programmet och starta om datorn.

 

Har de iPods etc som kan tänkas vara smittade anslutits till någon annan dator?

[JIMBOOZONE]

Attach.txtHej igen!

 

Hoppas att det blev rätt nu....

 

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by JIMMY at 18:47:44,06 on 2010-11-14

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3061.2082 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

C:\windows\SYSTEM32\Rezip.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\AnyPC Client\APLangApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\JIMMY\Desktop\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [steam] "c:\program files\steam\steam.exe" -silent

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptbehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://molnet.tranas.se/wa/AccessClientLoader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\fv4rxgmc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll

FF - component: c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll

FF - component: c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-12 64288]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-5 10752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]

R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-2-7 44312]

R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2010-1-5 311296]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-6 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-7 29472]

R3 KMWDFilter1X;KM DRIVER;c:\windows\system32\drivers\RP24GV1.sys [2009-10-28 16896]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-1-6 66080]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-2-15 322336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]

S2 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2010-3-6 34296]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-7 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-7-17 101248]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-6 125696]

S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]

 

=============== Created Last 30 ================

 

2010-11-14 11:31:58 -------- d-----w- c:\users\jimmy\appdata\roaming\Malwarebytes

2010-11-14 11:31:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-14 11:31:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-14 11:31:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-14 11:31:47 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-08 17:08:04 -------- d-----w- C:\Antivirus REMOVAL TOOLS 2010

2010-11-07 10:48:38 -------- d-----w- c:\users\jimmy\appdata\local\ESET

2010-11-06 18:57:02 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{de2d7d95-06b5-4cbb-acf8-93d2acb10a4f}\mpengine.dll

2010-10-29 10:17:23 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-29 10:17:23 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-29 10:17:23 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-29 10:17:23 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-29 10:17:17 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-24 11:24:51 48648 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\Markup.dll

2010-10-24 11:24:47 346944 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll

2010-10-23 12:14:04 -------- d-----w- c:\program files\AdvancedDVDPlayer

2010-10-17 10:59:38 -------- d-----w- c:\program files\Oberon Media

 

==================== Find3M ====================

 

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

 

============= FINISH: 18:48:30,61 ===============

[JIMBOOZONE]

Nej, ingen ipod el dylikt,

men jag kör programmet du länkade i alla fall.

Använder en usbsticka nu i ärendet.... :-)

[Cecilia]

Har Malwarebytes' Anti-Malware (MBAM) hittat något? I så fall klistra in loggen/loggarna där det framgår vad den hittade för något.

 

2010-11-08 17:08:04 -------- d-----w- C:\Antivirus REMOVAL TOOLS 2010

Är det ett falskt antivirusprogram eller har du hämtat det från Symantec?

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix, helst i normalt men felsäkert är okej om normalt inte fungerar, och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

[JIMBOOZONE]

Som du säkert noterade så har jag installerat programmet malwarebytes tidigare idag, och jag fick 2 filer som hade "cure" som enda alternativ.

Detta alternativ utfördes och en omstart krävdes.....

Efter det så körde jag en scan till, och inget påträffades. Filerna var tcpip.sys som "fixades" av malware-programmet

 

Hoppas att det inte försvårade detta ärende?

 

// J

[JIMBOOZONE]

hihi, du hann emellan!

 

Jag skall se om jag hittar loggen... ett ögonblick!

[JIMBOOZONE]

Angående antivirusprogrammet så är det nod32 antivirus 4, som är hämtad på internet under en prövotid som har 23 dagar kvar i skrivande stund.

 

men jag hittade lite här....

 

skickar med loggarna

mbam-log-2010-11-14 (15-25-49).txt

mbam-log-2010-11-14 (12-37-07).txt

[Cecilia]

Keygens

 

Inget om tcpip.sys i de två loggarna. Har du kört MBAM något mer eller var det något annat program där det fanns cure och gällde tcpip.sys?

 

Glöm inte bort ComboFix.

[JIMBOOZONE]

Hej igen!

 

Här kommer loggen från combofix!

ComboFix.txt

[JIMBOOZONE]

ups, sorry!

 

Körde tdsskiller där......

men kan inte hitta några loggar där......?

Men jag kommer ihåg att det stog så.

ngefär så här, dock lite förkortad......

C:\win32........\tcpip.sys

"Will be cured after reboot"

Och efter den rebooten så fanns de inte mer

 

Ang. keygens så har jag noterat detta och kommer att ta den diskussionen med vederbörande......

 

// J

[Cecilia]

Ang. keygens så har jag noterat detta och kommer att ta den diskussionen med vederbörande......Bild

 

Loggen från TDDSKiller bör du hitta i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

Ser ut som att ComboFix tog bort lite väl mycket. Mappen c:\windows\SEC verkar i ditt fall innehålla bilder från Samsung och inget skadligt. Men det kan vi återställa sedan.

 

2010-11-08 17:08 . 2010-11-08 17:08 -------- d-----w- C:\Antivirus REMOVAL TOOLS 2010

Har du kommit till någon klarhet i vad som finns i den mappen?

 

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Högerklicka på SystemLook-filen och välj "Kör som administratör" för att köra den.

 

Kopiera alla rader i rutan

:file
c:\windows\System32\drivers\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen (och i Windows 7 även på en hög nivå):

Vista: Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

Windows 7: Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen

[JIMBOOZONE]

Hej igen!

 

Ber om ursäkt för att jag "försvann" igår, men plikten kallade.

Ville bara lägga upp loggarna från tdsskiller nu, sen skall jag se om jag hinner med en haltimme till med datorn idag.

Skall försöka att få tiden att räcka till imorgon för att få lite ordning igen.

 

Tack i alla fall för den hjälp du givit mig hittills i detta bekymmer med viruset.

Jag är MYCKET tacksam för detta!

 

Här kommer loggarna!

 

// J

TDSSKiller.2.4.7.0_14.11.2010_18.10.24_log.txt

TDSSKiller.2.4.7.0_14.11.2010_18.14.12_log.txt

[JIMBOOZONE]

Ups,

Glömde att nämna att den mappen som du efterfrågar är den mappen som jag sparat ner programmen i som jag använt mig av här! Combofix, tdsskiller etc.

 

Hoppas att det inte finns virus där!!

 

// J

[JIMBOOZONE]

En annan fundering också....

Jag är lite konfunderad över detta:

 

NOD32 är fortfarande RÖTT i ikonen nere till höger, samt att det dyker upp lite meddelanden där lite nu och då.

(har tyvärr inte hunnit läsa dem , då jag i min andra dator varit så upptagen med detta bekymmer, och att försöka lösa problemet....)

 

Sedan, när jag har funderat lite på hur det hela har uppträtt, så blir jag lite misstänksam mot just det faktum att när jag i början klickade på meddelandet som kom upp, tog det inte många sekunder innan det blev blåskärm....?

Påbörjade scanningar m.m. avbröts efter bara 10-15 sek pga blåskärm och omstart......

 

Det har jag inte gjort nu, och jag har kunnat scanna samt jobba lite med de programmen som du rekommenderat mig att använda.

 

Kan det vara/ har varit ett fake-alarm som spökar?

Dock så har det stått i meddelanderutan, som ovan nämnt, ang OLMARIK.ZC

KAN det ha varit så att det har varit mitt klickande på den varningsrutan som dök upp, som "triggade" ett eventuellt virus, och orsakat blåskärmen?

 

Eller har jag fortfarande kvar problemen?

 

Många funderingar!

 

// J

[JIMBOOZONE]

Kör systemlook i morgon tisdag!

[Cecilia]

Ups,

Glömde att nämna att den mappen som du efterfrågar är den mappen som jag sparat ner programmen i som jag använt mig av här! Combofix, tdsskiller etc.

 

Hoppas att det inte finns virus där!!

 

// J

Okej, då är det ju bra med den mappen.

[Cecilia]

Ber om ursäkt för att jag "försvann" igår, men plikten kallade.

Inget att be om ursäkt för, vi har båda två annat vi måste göra.

 

 

En annan fundering också....

Jag är lite konfunderad över detta:

 

NOD32 är fortfarande RÖTT i ikonen nere till höger, samt att det dyker upp lite meddelanden där lite nu och då.

(har tyvärr inte hunnit läsa dem , då jag i min andra dator varit så upptagen med detta bekymmer, och att försöka lösa problemet....)

 

Sedan, när jag har funderat lite på hur det hela har uppträtt, så blir jag lite misstänksam mot just det faktum att när jag i början klickade på meddelandet som kom upp, tog det inte många sekunder innan det blev blåskärm....?

Påbörjade scanningar m.m. avbröts efter bara 10-15 sek pga blåskärm och omstart......

 

Det har jag inte gjort nu, och jag har kunnat scanna samt jobba lite med de programmen som du rekommenderat mig att använda.

 

Kan det vara/ har varit ett fake-alarm som spökar?

Dock så har det stått i meddelanderutan, som ovan nämnt, ang OLMARIK.ZC

KAN det ha varit så att det har varit mitt klickande på den varningsrutan som dök upp, som "triggade" ett eventuellt virus, och orsakat blåskärmen?

 

Eller har jag fortfarande kvar problemen?

 

Många funderingar!

 

// J

Det vore bra att veta vad för meddelanden som dyker upp. Om det går ta gärna en skärmdump (PrintScreen eller Skärmklippverktyget) och bifoga till ditt svar.

 

Det finns skadliga program som innehåller funktioner för att skydda sig själv och det är möjligt att när det skadliga programmet upptäckte att det var något på gång som skulle kunna hitta det så fick det Windows att krascha. Men det kan ju också vara Nod32 som får problem när det försöker åtgärda och orsakar kraschen.

 

Ta och kör TDSSKiller igen för säkerhets skull.

[Cecilia]

Jag tar och klistrar in loggar för det blir lite jobbigt att hela tiden hålla på och ladda ner dem för att kunna läsa dem igen.

 

Första TDSSkiller-loggen:

2010/11/14 18:10:24.0725 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/14 18:10:24.0725 ================================================================================

2010/11/14 18:10:24.0725 SystemInfo:

2010/11/14 18:10:24.0725

2010/11/14 18:10:24.0725 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/14 18:10:24.0725 Product type: Workstation

2010/11/14 18:10:24.0725 ComputerName: JIMBOOZONE

2010/11/14 18:10:24.0725 UserName: JIMMY

2010/11/14 18:10:24.0725 Windows directory: C:\windows

2010/11/14 18:10:24.0725 System windows directory: C:\windows

2010/11/14 18:10:24.0725 Processor architecture: Intel x86

2010/11/14 18:10:24.0725 Number of processors: 4

2010/11/14 18:10:24.0725 Page size: 0x1000

2010/11/14 18:10:24.0725 Boot type: Normal boot

2010/11/14 18:10:24.0725 ================================================================================

2010/11/14 18:10:25.0146 Initialize success

2010/11/14 18:10:30.0201 ================================================================================

2010/11/14 18:10:30.0201 Scan started

2010/11/14 18:10:30.0201 Mode: Manual;

2010/11/14 18:10:30.0201 ================================================================================

2010/11/14 18:10:30.0856 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

2010/11/14 18:10:30.0918 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

2010/11/14 18:10:30.0981 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

2010/11/14 18:10:31.0074 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys

2010/11/14 18:10:31.0152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

2010/11/14 18:10:31.0199 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

2010/11/14 18:10:31.0246 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

2010/11/14 18:10:31.0324 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys

2010/11/14 18:10:31.0371 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

2010/11/14 18:10:31.0417 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

2010/11/14 18:10:31.0464 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

2010/11/14 18:10:31.0480 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

2010/11/14 18:10:31.0527 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

2010/11/14 18:10:31.0558 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

2010/11/14 18:10:31.0589 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

2010/11/14 18:10:31.0651 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys

2010/11/14 18:10:31.0683 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

2010/11/14 18:10:31.0729 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys

2010/11/14 18:10:31.0761 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

2010/11/14 18:10:31.0823 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

2010/11/14 18:10:31.0854 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

2010/11/14 18:10:31.0885 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

2010/11/14 18:10:31.0948 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

2010/11/14 18:10:32.0057 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys

2010/11/14 18:10:32.0151 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

2010/11/14 18:10:32.0197 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

2010/11/14 18:10:32.0244 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

2010/11/14 18:10:32.0291 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

2010/11/14 18:10:32.0322 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys

2010/11/14 18:10:32.0353 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

2010/11/14 18:10:32.0385 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

2010/11/14 18:10:32.0416 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

2010/11/14 18:10:32.0447 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

2010/11/14 18:10:32.0478 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

2010/11/14 18:10:32.0509 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

2010/11/14 18:10:32.0556 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys

2010/11/14 18:10:32.0587 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

2010/11/14 18:10:32.0619 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

2010/11/14 18:10:32.0650 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys

2010/11/14 18:10:32.0697 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys

2010/11/14 18:10:32.0743 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys

2010/11/14 18:10:32.0806 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys

2010/11/14 18:10:32.0853 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\drivers\btwavdt.sys

2010/11/14 18:10:32.0899 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

2010/11/14 18:10:32.0946 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys

2010/11/14 18:10:33.0009 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

2010/11/14 18:10:33.0055 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

2010/11/14 18:10:33.0102 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

2010/11/14 18:10:33.0133 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

2010/11/14 18:10:33.0211 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

2010/11/14 18:10:33.0243 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

2010/11/14 18:10:33.0289 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

2010/11/14 18:10:33.0336 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

2010/11/14 18:10:33.0383 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

2010/11/14 18:10:33.0430 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

2010/11/14 18:10:33.0492 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys

2010/11/14 18:10:33.0523 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

2010/11/14 18:10:33.0586 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

2010/11/14 18:10:33.0648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

2010/11/14 18:10:33.0711 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys

2010/11/14 18:10:33.0804 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\windows\system32\DRIVERS\eamon.sys

2010/11/14 18:10:33.0929 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

2010/11/14 18:10:34.0069 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\windows\system32\DRIVERS\ehdrv.sys

2010/11/14 18:10:34.0210 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

2010/11/14 18:10:34.0272 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\windows\system32\DRIVERS\epfwwfpr.sys

2010/11/14 18:10:34.0303 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

2010/11/14 18:10:34.0366 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

2010/11/14 18:10:34.0397 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

2010/11/14 18:10:34.0459 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

2010/11/14 18:10:34.0491 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

2010/11/14 18:10:34.0522 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

2010/11/14 18:10:34.0600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

2010/11/14 18:10:34.0631 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

2010/11/14 18:10:34.0662 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

2010/11/14 18:10:34.0725 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

2010/11/14 18:10:34.0756 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

2010/11/14 18:10:34.0818 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

2010/11/14 18:10:34.0865 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

2010/11/14 18:10:34.0959 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

2010/11/14 18:10:35.0021 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

2010/11/14 18:10:35.0083 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

2010/11/14 18:10:35.0115 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

2010/11/14 18:10:35.0146 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

2010/11/14 18:10:35.0208 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

2010/11/14 18:10:35.0255 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

2010/11/14 18:10:35.0286 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

2010/11/14 18:10:35.0333 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

2010/11/14 18:10:35.0395 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys

2010/11/14 18:10:35.0427 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

2010/11/14 18:10:35.0505 hwusbdev (ac6b4aabf92867584445d0c435b9248f) C:\windows\system32\DRIVERS\ewusbdev.sys

2010/11/14 18:10:35.0567 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

2010/11/14 18:10:35.0614 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys

2010/11/14 18:10:35.0661 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys

2010/11/14 18:10:35.0817 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys

2010/11/14 18:10:36.0035 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

2010/11/14 18:10:36.0113 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys

2010/11/14 18:10:36.0285 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys

2010/11/14 18:10:36.0425 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

2010/11/14 18:10:36.0472 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

2010/11/14 18:10:36.0519 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

2010/11/14 18:10:36.0565 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

2010/11/14 18:10:36.0581 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

2010/11/14 18:10:36.0628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

2010/11/14 18:10:36.0659 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

2010/11/14 18:10:36.0706 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

2010/11/14 18:10:36.0753 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

2010/11/14 18:10:36.0784 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

2010/11/14 18:10:36.0862 KMWDFilter1X (362272b08963d8356b66b0dd04382a0f) C:\windows\system32\DRIVERS\RP24GV1.sys

2010/11/14 18:10:36.0924 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\windows\system32\DRIVERS\KMWDFILTER.sys

2010/11/14 18:10:36.0955 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

2010/11/14 18:10:37.0002 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

2010/11/14 18:10:37.0096 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\windows\system32\DRIVERS\Lbd.sys

2010/11/14 18:10:37.0143 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

2010/11/14 18:10:37.0221 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

2010/11/14 18:10:37.0236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

2010/11/14 18:10:37.0252 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

2010/11/14 18:10:37.0283 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

2010/11/14 18:10:37.0314 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

2010/11/14 18:10:37.0377 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

2010/11/14 18:10:37.0392 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

2010/11/14 18:10:37.0439 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

2010/11/14 18:10:37.0486 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

2010/11/14 18:10:37.0533 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

2010/11/14 18:10:37.0564 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

2010/11/14 18:10:37.0611 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

2010/11/14 18:10:37.0657 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

2010/11/14 18:10:37.0689 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

2010/11/14 18:10:37.0720 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

2010/11/14 18:10:37.0751 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys

2010/11/14 18:10:37.0782 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys

2010/11/14 18:10:37.0813 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys

2010/11/14 18:10:37.0829 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

2010/11/14 18:10:37.0876 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

2010/11/14 18:10:37.0923 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

2010/11/14 18:10:37.0938 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

2010/11/14 18:10:37.0969 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

2010/11/14 18:10:38.0016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

2010/11/14 18:10:38.0047 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

2010/11/14 18:10:38.0063 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

2010/11/14 18:10:38.0094 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

2010/11/14 18:10:38.0110 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

2010/11/14 18:10:38.0141 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

2010/11/14 18:10:38.0172 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

2010/11/14 18:10:38.0203 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

2010/11/14 18:10:38.0266 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

2010/11/14 18:10:38.0297 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

2010/11/14 18:10:38.0328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

2010/11/14 18:10:38.0359 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

2010/11/14 18:10:38.0375 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

2010/11/14 18:10:38.0406 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

2010/11/14 18:10:38.0437 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

2010/11/14 18:10:38.0484 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

2010/11/14 18:10:38.0531 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

2010/11/14 18:10:38.0578 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

2010/11/14 18:10:38.0625 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

2010/11/14 18:10:38.0656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

2010/11/14 18:10:38.0703 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys

2010/11/14 18:10:38.0734 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

2010/11/14 18:10:38.0796 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys

2010/11/14 18:10:39.0046 nvlddmkm (104c0fe08dd64965cf788d91ccbb2cc6) C:\windows\system32\DRIVERS\nvlddmkm.sys

2010/11/14 18:10:39.0327 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys

2010/11/14 18:10:39.0358 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys

2010/11/14 18:10:39.0436 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

2010/11/14 18:10:39.0483 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

2010/11/14 18:10:39.0545 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

2010/11/14 18:10:39.0576 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

2010/11/14 18:10:39.0607 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

2010/11/14 18:10:39.0654 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

2010/11/14 18:10:39.0685 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

2010/11/14 18:10:39.0732 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

2010/11/14 18:10:39.0779 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

2010/11/14 18:10:39.0810 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

2010/11/14 18:10:39.0951 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

2010/11/14 18:10:39.0982 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

2010/11/14 18:10:40.0013 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

2010/11/14 18:10:40.0075 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

2010/11/14 18:10:40.0138 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

2010/11/14 18:10:40.0169 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

2010/11/14 18:10:40.0216 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

2010/11/14 18:10:40.0263 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

2010/11/14 18:10:40.0294 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

2010/11/14 18:10:40.0325 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

2010/11/14 18:10:40.0356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

2010/11/14 18:10:40.0387 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

2010/11/14 18:10:40.0419 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

2010/11/14 18:10:40.0465 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

2010/11/14 18:10:40.0497 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

2010/11/14 18:10:40.0512 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

2010/11/14 18:10:40.0543 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

2010/11/14 18:10:40.0575 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

2010/11/14 18:10:40.0637 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

2010/11/14 18:10:40.0699 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

2010/11/14 18:10:40.0731 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

2010/11/14 18:10:40.0777 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

2010/11/14 18:10:40.0824 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

2010/11/14 18:10:40.0871 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

2010/11/14 18:10:40.0933 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

2010/11/14 18:10:40.0996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

2010/11/14 18:10:41.0043 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

2010/11/14 18:10:41.0058 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

2010/11/14 18:10:41.0136 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

2010/11/14 18:10:41.0167 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

2010/11/14 18:10:41.0199 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys

2010/11/14 18:10:41.0245 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

2010/11/14 18:10:41.0292 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

2010/11/14 18:10:41.0339 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

2010/11/14 18:10:41.0370 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

2010/11/14 18:10:41.0386 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

2010/11/14 18:10:41.0448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

2010/11/14 18:10:41.0526 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys

2010/11/14 18:10:41.0557 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys

2010/11/14 18:10:41.0620 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys

2010/11/14 18:10:41.0698 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

2010/11/14 18:10:41.0760 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys

2010/11/14 18:10:41.0838 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

2010/11/14 18:10:41.0916 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys

2010/11/14 18:10:42.0010 Tcpip (d12b5ef3bea41afec2287a7f2cea1b48) C:\windows\system32\drivers\tcpip.sys

2010/11/14 18:10:42.0010 Suspicious file (NoAccess): C:\windows\system32\drivers\tcpip.sys. md5: d12b5ef3bea41afec2287a7f2cea1b48

2010/11/14 18:10:42.0025 Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/11/14 18:10:42.0057 TCPIP6 (d12b5ef3bea41afec2287a7f2cea1b48) C:\windows\system32\DRIVERS\tcpip.sys

2010/11/14 18:10:42.0057 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tcpip.sys. md5: d12b5ef3bea41afec2287a7f2cea1b48

2010/11/14 18:10:42.0072 TCPIP6 - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/11/14 18:10:42.0119 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

2010/11/14 18:10:42.0150 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

2010/11/14 18:10:42.0166 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

2010/11/14 18:10:42.0197 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

2010/11/14 18:10:42.0213 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

2010/11/14 18:10:42.0275 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

2010/11/14 18:10:42.0306 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

2010/11/14 18:10:42.0337 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

2010/11/14 18:10:42.0384 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys

2010/11/14 18:10:42.0415 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

2010/11/14 18:10:42.0462 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

2010/11/14 18:10:42.0493 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

2010/11/14 18:10:42.0540 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys

2010/11/14 18:10:42.0571 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

2010/11/14 18:10:42.0603 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys

2010/11/14 18:10:42.0649 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys

2010/11/14 18:10:42.0681 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys

2010/11/14 18:10:42.0727 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

2010/11/14 18:10:42.0759 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

2010/11/14 18:10:42.0790 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS

2010/11/14 18:10:42.0821 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys

2010/11/14 18:10:42.0883 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys

2010/11/14 18:10:42.0946 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

2010/11/14 18:10:42.0993 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

2010/11/14 18:10:43.0024 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

2010/11/14 18:10:43.0055 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

2010/11/14 18:10:43.0102 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

2010/11/14 18:10:43.0117 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

2010/11/14 18:10:43.0149 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

2010/11/14 18:10:43.0180 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

2010/11/14 18:10:43.0227 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

2010/11/14 18:10:43.0258 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

2010/11/14 18:10:43.0305 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

2010/11/14 18:10:43.0336 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

2010/11/14 18:10:43.0367 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

2010/11/14 18:10:43.0398 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

2010/11/14 18:10:43.0476 waclient (34c9c38a42511bdf73ba82d8b1d03467) C:\windows\system32\drivers\waclient.sys

2010/11/14 18:10:43.0492 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

2010/11/14 18:10:43.0539 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2010/11/14 18:10:43.0554 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2010/11/14 18:10:43.0617 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

2010/11/14 18:10:43.0663 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

2010/11/14 18:10:43.0773 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

2010/11/14 18:10:43.0804 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

2010/11/14 18:10:43.0913 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

2010/11/14 18:10:43.0991 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

2010/11/14 18:10:44.0053 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

2010/11/14 18:10:44.0100 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

2010/11/14 18:10:44.0147 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

2010/11/14 18:10:44.0225 yukonw7 (4e2e09afdb9da5d0c2a3a01a903797a8) C:\windows\system32\DRIVERS\yk62x86.sys

2010/11/14 18:10:44.0599 ================================================================================

2010/11/14 18:10:44.0599 Scan finished

2010/11/14 18:10:44.0599 ================================================================================

2010/11/14 18:10:44.0615 Detected object count: 2

2010/11/14 18:11:29.0216 Tcpip (d12b5ef3bea41afec2287a7f2cea1b48) C:\windows\system32\drivers\tcpip.sys

2010/11/14 18:11:29.0216 Suspicious file (NoAccess): C:\windows\system32\drivers\tcpip.sys. md5: d12b5ef3bea41afec2287a7f2cea1b48

2010/11/14 18:11:30.0963 Backup copy found, using it..

2010/11/14 18:11:31.0228 C:\windows\system32\drivers\tcpip.sys - will be cured after reboot

2010/11/14 18:11:31.0228 Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure

2010/11/14 18:11:31.0353 TCPIP6 (d12b5ef3bea41afec2287a7f2cea1b48) C:\windows\system32\DRIVERS\tcpip.sys

2010/11/14 18:11:31.0353 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tcpip.sys. md5: d12b5ef3bea41afec2287a7f2cea1b48

2010/11/14 18:11:31.0680 Backup copy not found, trying to cure infected file..

2010/11/14 18:11:31.0696 Cure success, using it..

2010/11/14 18:11:31.0977 C:\windows\system32\DRIVERS\tcpip.sys - will be cured after reboot

2010/11/14 18:11:31.0977 Rootkit.Win32.TDSS.tdl3(TCPIP6) - User select action: Cure

2010/11/14 18:12:07.0982 Deinitialize success

 

----------------------------------------------------------------------

----------------------------------------------------------------------

ComboFix 10-11-13.01 - JIMMY 2010-11-14 19:56:32.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3061.2050 [GMT 1:00]

Körs från: c:\users\JIMMY\Desktop\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\FullRemove.exe

c:\users\JIMMY\AppData\Roaming\.#

c:\users\ZANDRA\AppData\Roaming\.#

c:\windows\SEC

c:\windows\SEC\172100logo.bmp

c:\windows\SEC\banner.png

c:\windows\SEC\Computer.png

c:\windows\SEC\Media _S_ Logo.png

c:\windows\SEC\Samsung.png

c:\windows\SEC\Samsung2.png

c:\windows\SEC\SamsungLogo.png

c:\windows\SEC\Thumbs.db

c:\windows\SEC\Wallpapers\Thumbs.db

c:\windows\SEC\Wallpapers\wallpaper.jpg

c:\windows\SEC\Wallpapers\wallpaper1.jpg

c:\windows\SEC\Wallpapers\Wallpaper2.jpg

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-10-14 till 2010-11-14 ))))))))))))))))))))))))))))))

.

 

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\users\JIMMY\AppData\Roaming\Malwarebytes

2010-11-14 11:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\programdata\Malwarebytes

2010-11-14 11:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 17:08 . 2010-11-08 17:08 -------- d-----w- C:\Antivirus REMOVAL TOOLS 2010

2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\JIMMY\AppData\Local\ESET

2010-11-06 18:57 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE2D7D95-06B5-4CBB-ACF8-93D2ACB10A4F}\mpengine.dll

2010-11-04 11:25 . 2010-11-04 11:26 -------- d-----w- c:\users\ZANDRA\AppData\Roaming\Winamp

2010-11-04 11:19 . 2010-11-04 11:23 -------- d-----w- c:\users\ZANDRA\AppData\Roaming\Azureus

2010-10-29 10:17 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-29 10:17 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-29 10:17 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-29 10:17 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-29 10:17 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-24 11:24 . 2010-10-24 11:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-10-24 11:24 . 2010-10-24 11:24 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-10-23 12:14 . 2010-10-23 12:16 -------- d-----w- c:\program files\AdvancedDVDPlayer

2010-10-17 10:59 . 2010-10-17 10:59 -------- d-----w- c:\program files\Oberon Media

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-14 17:12 . 2010-08-18 07:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-05 21:25 . 2010-02-07 20:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-10-19 09:41 . 2010-02-12 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-15 02:50 . 2010-09-28 18:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 04:30 . 2010-10-13 16:00 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28 . 2010-10-13 16:00 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22 . 2010-10-13 16:00 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48 . 2010-10-13 16:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-02 07:05 . 2010-09-02 07:05 1247744 ----a-w- c:\windows\system32\drivers\athr.sys

2010-09-01 04:23 . 2010-10-13 16:00 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34 . 2010-10-13 16:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32 . 2010-10-13 16:00 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32 . 2010-10-13 16:00 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46 . 2010-10-13 16:00 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 03:31 . 2010-10-13 16:00 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-27 03:30 . 2010-10-13 16:00 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-27 03:30 . 2010-10-13 16:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-26 04:39 . 2010-10-13 16:00 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36 . 2010-10-13 15:59 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36 . 2010-10-13 16:00 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33 . 2010-10-13 16:00 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32 . 2010-09-19 11:42 316928 ----a-w- c:\windows\system32\spoolsv.exe

2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

 

------- Sigcheck -------

 

[-] 2010-11-14 17:12 . 6CAF727753D98BAF2ABD8BBE3E1B8722 . 1286016 . . [------] . . c:\windows\System32\drivers\tcpip.sys

[-] 2010-11-14 17:12 . 6CAF727753D98BAF2ABD8BBE3E1B8722 . 1286016 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

[7] 2010-06-14 . A39EA325C081AD27461F630C8E3E56E0 . 1288576 . . [6.1.7600.20733] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys

[7] 2009-07-14 . 2CC3D75488ABD3EC628BBB9A4FC84EFC . 1285712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2009-12-31 10:53 2349080 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]

"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-18 202256]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

 

c:\users\ZANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]

R2 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2010-08-05 34296]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 KMWDFilter1X;KM DRIVER;c:\windows\system32\DRIVERS\RP24GV1.sys [2009-10-28 16896]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-12 1181328]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-02-15 322336]

 

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - KLMDB

*Deregistered* - klmd25

*Deregistered* - klmdb

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:42]

 

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:42]

 

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:42]

 

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:42]

 

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:42]

 

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:42]

 

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:42]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://molnet.tranas.se/wa/AccessClientLoader.cab

FF - ProfilePath - c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Toolbar-Locked - (no file)

SafeBoot-klmdb.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

 

 

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2010-11-14 20:03:53

ComboFix-quarantined-files.txt 2010-11-14 19:03

 

Före genomsökningen: 63 869 112 320 byte ledigt

Efter genomsökningen: 67 403 046 912 byte ledigt

 

- - End Of File - - C0064287F8F03A471B89E604D5E30DE6

[JIMBOOZONE]

Hej!

 

Nu så är jag tillbaka igen!

 

Körde systemlook nyss och här kommer loggen.

SystemLook.txt

[JIMBOOZONE]

SystemLook 04.09.10 by jpshortstuff

Log created at 17:04 on 16/11/2010 by JIMMY

Administrator - Elevation successful

 

========== file ==========

 

c:\windows\System32\drivers\tcpip.sys - File found and opened.

MD5: 6CAF727753D98BAF2ABD8BBE3E1B8722

Created at 07:06 on 18/08/2010

Modified at 17:12 on 14/11/2010

Size: 1286016 bytes

Attributes: --a----

No version information available.

 

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys - File found and opened.

MD5: 6CAF727753D98BAF2ABD8BBE3E1B8722

Created at 07:06 on 18/08/2010

Modified at 17:12 on 14/11/2010

Size: 1286016 bytes

Attributes: --a----

No version information available.

 

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys - File found and opened.

MD5: A39EA325C081AD27461F630C8E3E56E0

Created at 07:06 on 18/08/2010

Modified at 06:06 on 14/06/2010

Size: 1288576 bytes

Attributes: --a----

FileDescription: TCP/IP Driver

FileVersion: 6.1.7600.20733 (win7_ldr.100613-1554)

ProductVersion: 6.1.7600.20733

OriginalFilename: tcpip.sys

InternalName: tcpip.sys

ProductName: Microsoft® Windows® Operating System

CompanyName: Microsoft Corporation

LegalCopyright: © Microsoft Corporation. All rights reserved.

 

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys - File found and opened.

MD5: 2CC3D75488ABD3EC628BBB9A4FC84EFC

Created at 23:13 on 13/07/2009

Modified at 01:19 on 14/07/2009

Size: 1285712 bytes

Attributes: --a----

FileDescription: TCP/IP Driver

FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)

ProductVersion: 6.1.7600.16385

OriginalFilename: tcpip.sys

InternalName: tcpip.sys

ProductName: Microsoft® Windows® Operating System

CompanyName: Microsoft Corporation

LegalCopyright: © Microsoft Corporation. All rights reserved.

 

-= EOF =-

 

 

[JIMBOOZONE]

TDSSKiller hittar inget mer, och jag har kört det ett par gånger nu.

Så för hoppningsvis så är det ok.....