Just nu i M3-nätverket
Jump to content

security tool


Hans

Recommended Posts

Hej.

I går när jag surfade på Internet så dök det upp ett meddelande från "security tool" som informerade om att det fanns massor av virus och trojaner på datorn.

Det enda viruset dock är just security tool som jag inte kan få bort.Jag kan inte göra något med datorn då detta "program" spärrar allt.

Jag försökte med en systemåterställning men sidan öppnar inte, det går inte ens att stänga datorn med mindre att jag använder strömbrytaren.

Jag kör XP som fungerat perfekt sedan installation 2004.

Några tips därute?

 

Hans

Link to comment
Share on other sites

Hej,

vi kan börja med följande

Om något antivirus- eller antispionprogram har hittat något skadligt så klistra in en logg där det framgår vad som har hittats och vilka filer och mappar som är inblandade.

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

 

Sedan provar du att starta datorn i Felsäkert läge men nätverk, tryck F8 upprepade gånger under uppstart av datorn. Prova att ladda ned Malwarebytes, Malwarebytes' Anti-Malware och kör en snabbskanner, återkom med resultatet, följ programmets instruktioner, återkom med logg, hittas under fliken Loggar.

 

Om inget, eller att Malwarebytes inte fungerar, kör följande:

 

Spara RKill av Grinler på Skrivbordet. Ladda ner det från den första av dessa länkar:

http://download.bleepingcomputer.com/grinler/rkill.com

http://download.bleepingcomputer.com/grinler/rkill.pif

http://download.bleepingcomputer.com/grinler/rkill.scr

http://download.bleepingcomputer.com/grinler/rkill.exe

 

Starta Rkill (i Vista och Windows 7 genom att högerklicka på filen och välj Kör som administratör om det valet finns).

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Om det inte blev något svart fönster/ruta så ta bort den RKill-varianten och upprepa med nästa RKill.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Kör RKill flera gånger efter varandra tills du inte ser till det skadliga programmet längre, dock max 10 gånger. Fortsätt med resten sedan. Om du redan från början inte ser till det skadliga programmet så räcker det med 3 gånger.

 

Om inte någon av program-varianterna kan köra så berätta det.

Mvh

Mats H

Link to comment
Share on other sites

Hej Mats.

 

Det var ett snabbt svar.

Tyvärr är det inte mitt virusprogram som hittat ett virus utan det är ett bluffprogram som hindrar allt annat.

Jag skulle vilja veta om man kan köra en systemåterställning innan XP startat.

Hans

Link to comment
Share on other sites

Hej.

En systemåterställning kommer tyvärr inte att lösa ditt problem.

En systemåterställning kommer endast att kapsla in problemet och eventuellt förvärra din situation.

 

Du behöver endera börja ta bort viruset genom att gå igenom punkterna i mitt inlägg.

Det är en början av rensningsprocessen.

 

Ett annat alternativ är då ominstallation av Windows, med en formatering av din hårddisk först.

Alternativt fabriksåterställning, se din manual, om du inte har XP skiva. Kopiera dina dokument, bilder, film foto först till CD/DVD eller extern USB ansluten disk eller minne.

Kom ihåg att smitta kan överföras via dessa enheter till en frisk dator, därför bör du först vidta denna åtgärd.

Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade. Håll nere Shift-tangenten medan du stoppar in USB-minnet etc ända till Windows har detekterat att enheten är inne för att hindra att något program på enheten körs.

När allt är klart så avsluta programmet och starta om datorn.

 

Ett bra alternativ till ovanstående för filräddning är följande guide:

http://www.alltomwindows.se/forum/index.php/topic/21771-raedda-data-med-puppy-linux/page__p__158891__hl__%2Bpuppy+%2Blinux__fromsearch__1#entry158891

då riskerar du inte att föra över ngn smitta till en annan Windows dator.

 

Mvh

Mats H

Link to comment
Share on other sites

Hej Mats.

Innan jag läst ditt senaste svar så testade jag med F5 istället för F8 och kunde då komma in och köra i felsäkert läge.

När detta drog igång så fick jag frågan om jag ville göra en systemåterställning och det gjorde jag.

Efter detta så fungerar datorn, till synes, som vanligt.

Vet inte vad som kommer att hända när jag startar den nästa gång men om det går så tänker jag följa ditt första råd för att virussöka.

 

Fortsättning följer.

 

Hälsningar

Hans

Link to comment
Share on other sites

Hej,

valet är ditt, hoppas att det inte fanns ngt systemförändrande virus i din infektion.

Har du skannat datorn efteråt med t.ex. Malwarebytes eller ditt antivirusprogram?

Mvh

Mats H

Link to comment
Share on other sites

Jag vet en person som gjorde återställning och det gick bra, men det är inte rekomendera.

 

Här är en länk till Manuell borttagning.

Och en massa tips vad andra gjort.

http://www.xp-vista.com/spyware-removal/remove-security-tool-removal-instructions

 

Alla Antivirusprogram har nog med det som spyware(rogue anti-spyware program, kategori där sådana program är i).

Det kan hända att allt inte följer med så kolla med länken ovan och din logg.

 

Lycka till!

 

Tack för ni delar med er!

Link to comment
Share on other sites

Hej Mats och Cecilia

 

Jag har nu kört alla versioner av rkill och fått samma svar:

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Hans Low‚n on 2010-09-18 at 14:41:31.

 

 

Services Stopped:

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Documents and Settings\Hans Lowén\Skrivbord\rkill.com

 

 

Rkill completed on 2010-09-18 at 14:41:35.

 

Sen körde jag DDS och här är resultatet:

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Hans Low‚n at 14:54:12,76 on 2010-09-18

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.623 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\PMJ151LA.BIN

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program\F-Secure\Common\FSMA32.EXE

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\F-Secure\Common\FSLAUNCH.EXE

C:\Program\F-Secure\Common\FSLAUNCH.EXE

C:\Documents and Settings\Hans Lowén\Skrivbord\dds.scr

C:\Program\Delade filer\Java\Java Update\jucheck.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://swp2.vv.sebank.se/cgi-bin/pts3/pow/default.asp

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program\canon\easy-webprint\Toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\hans lowén\lokala inställningar\application data\google\update\GoogleUpdate.exe" /c

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg

mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [intelliPoint] "c:\program\microsoft intellipoint\point32.exe"

mRun: [TrueImageMonitor.exe] c:\program\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program\delade filer\acronis\schedule2\schedhlp.exe"

mRun: [OSSelectorReinstall] c:\program\delade filer\acronis\acronis disk director\oss_reinstall.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

mRun: [Net iD] c:\windows\system32\iid.exe

mRun: [itype] "c:\program\microsoft intellitype pro\itype.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\hanslo~1\start-~1\program\autost~1\outloo~1.lnk - c:\program\outlook express\msimn.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program\canon\easy-webprint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program\partypoker\PartyPoker.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://62.3.133.38/SE/24_3d_view_my_car_pop.jsp?noreloadredir

DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.se/static/download/pixacodndupload.cab

DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {5BF56AD2-E297-416E-BC49-000004080009} - hxxps://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.onskefoto.se/common/ImageUploader5.cab

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.onskefoto.se/photos/upload/ImageUploader4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/sv_SE/st/download/ddup/CNIMGUP_01_210102E.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

 

============= SERVICES / DRIVERS ===============

 

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2004-10-23 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2004-10-23 5248]

R2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2004-4-17 16384]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2004-4-17 47280]

R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter;c:\program\f-secure\anti-virus\fsgk32st.exe [2004-4-17 45056]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2004-4-17 37456]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2004-4-17 15984]

R2 FSpm;F-Secure Policy Manager;c:\program\f-secure\common\FSpm.sys [2004-4-17 65328]

R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [2004-6-26 14848]

R3 brfilt;Brother MFC-filterdrivrutin;c:\windows\system32\drivers\BrFilt.sys [2008-11-8 2944]

R3 BrSerWDM;Seriell Brother-drivrutin;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-8 60416]

R3 BrUsbMdm;Brother MFC USB - endast faxmodem;c:\windows\system32\drivers\BrUsbMdm.sys [2000-2-24 11008]

R3 BrUsbScn;Drivrutin för Brother MFC USB-skanner;c:\windows\system32\drivers\BrUsbScn.sys [2008-11-8 10368]

S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [2005-2-2 46216]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-2-12 135664]

S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2005-3-1 32768]

S3 F-Secure BackWeb LAN Access;F-Secure BackWeb LAN Access;c:\program\f-secure\backweb\7681197\program\fsbwlan.exe [2004-4-17 39936]

S3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2004-4-17 110668]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2005-11-29 6828]

 

=============== Created Last 30 ================

 

2010-09-16 22:26:04 0 d-----w- c:\windows\system32\wbem\Repository

2010-09-12 14:30:22 0 d-----w- c:\docume~1\hanslo~1\applic~1\MSA

 

==================== Find3M ====================

 

2010-09-18 12:52:18 84508 ----a-w- c:\windows\system32\perfc01D.dat

2010-09-18 12:52:18 446538 ----a-w- c:\windows\system32\perfh01D.dat

2010-09-18 12:46:46 8912896 ----a-w- c:\documents and settings\hans lowén\ntuser.dat

2010-06-30 12:33:09 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27:44 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02:52 1851904 ----a-w- c:\windows\system32\win32k.sys

2006-11-21 19:30:18 2668 ---ha-w- c:\program\MetaImage.dll

2010-01-06 12:09:55 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-08-31 13:30:45 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008083120080901\index.dat

2010-01-06 12:09:55 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012010010620100107\index.dat

 

============= FINISH: 14:54:55,37 ===============

 

 

Efter det har jag letat virus efter tips och förmåga men kan inte finna något problem.

 

Jag gick även efter Spyhunters tips om var man skulle leta, bl.a i registret men fann inga spår efter Security Tool.

Jag kanske skall nämna att när Security Tool dök upp på skärmen så installerade jag naturligtvis inte det eller tryckte på någon OK-knapp.

Jag är ganska övertygad om att problemet är borta, men bara ganska.

I min jakt så tömde jag äver Temp Internet Files men lyckas inte bli av med flera hundra Cookies hur jag än försökte.

Jag har också 0,99GB i Temp-mappen, vågar man radera det?

 

Hälsningar

Hans

Link to comment
Share on other sites

Hej,

följande:

Vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

Link to comment
Share on other sites

Nu var det inte att utsätta någon för risk.

 

Men jag ansåg att man kunde ta bort manuellt, för en del Virusprogram gör det ochså.

Dom flesta virusprogram tar bort helt eller delvis sedan får man plocka manuellt.

 

Att det kom med ett program som man kanske inte ska lita på kan ju hända ibland.

Till o med Norton(symantec) redovisar dessa filer ang. security tools.

 

Det Mats gör är enastående och jag hitta en sådan sida ochså om att använda Rkill sedan Malwarebytes men den varifrån tidiga 2008 och man hade vid Vista lagt till Windows7.

Men även där ska man använda manuellbortagning.

 

 

Tack för ni delar med er!

Link to comment
Share on other sites

Nu var det inte att utsätta någon för risk.

 

Men jag ansåg att man kunde ta bort manuellt, för en del Virusprogram gör det ochså.

Dom flesta virusprogram tar bort helt eller delvis sedan får man plocka manuellt.

 

Att det kom med ett program som man kanske inte ska lita på kan ju hända ibland.

Till o med Norton(symantec) redovisar dessa filer ang. security tools.

 

Det Mats gör är enastående och jag hitta en sådan sida ochså om att använda Rkill sedan Malwarebytes men den varifrån tidiga 2008 och man hade vid Vista lagt till Windows7.

Men även där ska man använda manuellbortagning.

 

 

Tack för ni delar med er!

 

Hej,

denna sida innehåller pålitlig information i ämnet!

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Bläddra gärna igenom Bleeping Computer sidor, mycket bra.

För övrigt så har användandet av Combofix idag blivit en mer vanlig åtgärd eftersom dessa virus ej är en kod enbart som inte förändras.

Samt att en dator som använts en stund med en sådan infektion snabbt attraherar annat "otyg" ombord. Så man vet inte alltid vad som dyker upp.

Mvh

Mats H

Link to comment
Share on other sites

Hej Mats H

Körde Combofix som indikerade rootkit aktivitet och startade om datorn.

Inget hände på 5 minuter så jag tryckte på on-knappen, viloläge förbereds, inget händer.

Tryckte på reset och datorn startade om och Combofix fortsatte.

Loggen är som bilaga.

Säger inte mig så mycket men ni vet hur det skall se ut.

Uppskattar verkligen ert stöd och support.

 

Hälsningar

Hans

Link to comment
Share on other sites

Postar Combofix logg!

Mvh

Mats H

 

ComboFix 10-09-17.04 - Hans Lowén 2010-09-18 20:36:07.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.735 [GMT 2:00]

Körs från: c:\documents and settings\Hans Lowén\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\HANSLO~1\LOKALA~1\Temp\install_flash_player.exe

c:\documents and settings\Hans Lowén\Application Data\MSA

c:\documents and settings\Hans Lowén\Application Data\MSA\userid.dat

c:\windows\AutoRun.ini

c:\windows\daemon.dll

c:\windows\system\BCBSMP35.BPL

c:\windows\system32\win.ini

c:\windows\system32\zip32.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-08-18 till 2010-09-18 ))))))))))))))))))))))))))))))

.

 

2010-09-18 15:22 . 2010-09-18 15:22 -------- d-----w- c:\program\CCleaner

2010-09-16 22:26 . 2010-09-16 22:26 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 18:39 . 2003-04-24 12:00 84508 ----a-w- c:\windows\system32\perfc01D.dat

2010-09-18 18:39 . 2003-04-24 12:00 446538 ----a-w- c:\windows\system32\perfh01D.dat

2010-08-19 10:00 . 2004-08-03 07:50 -------- d-----w- c:\program\Wfwin

2010-06-30 12:33 . 2003-04-24 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-08-23 18:36 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2003-04-24 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2003-04-24 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2006-11-21 19:30 . 2006-11-21 19:26 2668 ---ha-w- c:\program\MetaImage.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"Google Update"="c:\documents and settings\Hans Lowén\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]

"nwiz"="nwiz.exe" [2005-12-10 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]

"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]

"TrueImageMonitor.exe"="c:\program\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-09 1165680]

"AcronisTimounterMonitor"="c:\program\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-09 1945960]

"Acronis Scheduler2 Service"="c:\program\Delade filer\Acronis\Schedule2\schedhlp.exe" [2007-02-09 149024]

"OSSelectorReinstall"="c:\program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2007-12-11 286720]

"PaperPort PTD"="c:\program\scansoft\paperp~1\pptd40nt.exe" [2001-08-16 26624]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"itype"="c:\program\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2010-03-30 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Hans Low‚n\Start-meny\Program\Autostart\

Outlook Express (2).lnk - c:\program\Outlook Express\msimn.exe [2004-6-7 60416]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Brother SmartUI PopUp.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Brother SmartUI PopUp.lnk

backup=c:\windows\pss\Brother SmartUI PopUp.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Phone Connection Monitor.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Phone Connection Monitor.lnk

backup=c:\windows\pss\Phone Connection Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Hans Lowén^Start-meny^Program^Autostart^Produktregistreringspåminnelse för Scansoft.lnk]

path=c:\documents and settings\Hans Lowén\Start-meny\Program\Autostart\Produktregistreringspåminnelse för Scansoft.lnk

backup=c:\windows\pss\Produktregistreringspåminnelse för Scansoft.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 02:10 409600 ----a-w- c:\program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-11 11:10 267048 ----a-w- c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2010-03-30 21:24 75320 ----a-w- c:\program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 16:05 1695232 ----a-w- c:\program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-30 21:24 202256 ----a-w- c:\program\Delade filer\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 14:45 313472 ----a-w- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

 

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2004-10-23 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2004-10-23 5248]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\FSfilter.sys [2004-04-17 47280]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\win2k\fsgk.sys [2004-04-17 37456]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\FSrec.sys [2004-04-17 15984]

R2 FSpm;F-Secure Policy Manager;c:\program\F-Secure\Common\FSpm.sys [2004-04-17 65328]

R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [2004-06-26 14848]

R3 brfilt;Brother MFC-filterdrivrutin;c:\windows\system32\drivers\BrFilt.sys [2008-11-08 2944]

R3 BrSerWDM;Seriell Brother-drivrutin;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-08 60416]

R3 BrUsbMdm;Brother MFC USB - endast faxmodem;c:\windows\system32\drivers\BrUsbMdm.sys [2000-02-24 11008]

R3 BrUsbScn;Drivrutin för Brother MFC USB-skanner;c:\windows\system32\drivers\BrUsbScn.sys [2008-11-08 10368]

S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2004-04-17 16384]

S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [2005-02-02 46216]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-02-12 135664]

S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2005-03-01 32768]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2005-11-29 6828]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-11 23:13]

 

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-11 23:13]

 

2010-09-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-602609370-725345543-1004.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-602609370-725345543-1004.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://swp2.vv.sebank.se/cgi-bin/pts3/pow/default.asp

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.se/static/download/pixacodndupload.cab

DPF: {5BF56AD2-E297-416E-BC49-000004080009} - hxxps://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/sv_SE/st/download/ddup/CNIMGUP_01_210102E.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

MSConfigStartUp-MsnMsgr - c:\program\MSN Messenger\MsnMsgr.Exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-09-18 20:43

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85A73290]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7593f28

\Driver\ACPI -> ACPI.sys @ 0xf74c0cb8

\Driver\atapi -> 0x85a73290

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

NDIS: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Coppe -> SendCompleteHandler -> NDIS.sys @ 0xf7345bb0

PacketIndicateHandler -> NDIS.sys @ 0xf7352a21

SendHandler -> NDIS.sys @ 0xf733087b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMJ151LA]

"ImagePath"="%SystemRoot%\PMJ151LA.BIN"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-746137067-602609370-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'lsass.exe'(1212)

c:\windows\system32\relog_ap.dll

.

Sluttid: 2010-09-18 20:45:13

ComboFix-quarantined-files.txt 2010-09-18 18:45

 

Före genomsökningen: 210 863 878 144 byte ledigt

Efter genomsökningen: 211 402 493 952 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 4ADAEBD3F96822FE186F5AD0259E076F

Link to comment
Share on other sites

Hej,

vi får prova att köra ytterligare en Combofix.

Starta om datorn först.

Du behöver stänga av F-Secure.

I XP, Kontrollpanelen, Säkerhetscenter - Viruskydd, stäng av. Brandväggen skall lämnas på.

Kör en gång till. Posta loggen.

Som du riktigt konstaterade så finns det Rootkit, men vi ska ta ett tag med dem.

Så lycka till med nästa körning. Om ngt hakar upp sig, fråga här.

Bevakar din tråd!

Mvh

Mats H

Link to comment
Share on other sites

Hej.

Körde Malwarebytes Anti-Malware i natt, tog över 9 timmar.

Det fanns 30 infekterade filer men alla härstammade från PAL SpywareRemover.

 

Körde Combofix 2 gånger med samma resultat som första gången, det varnade Rootkit aktiviteter och ville starta om datorn.

Fick göra en reset för att den skulle starta om.

Fortfarande står det: Warning: possible MBR rootkit infection !

 

Skulle vara tacksam för mer info.

 

Här kommer loggarna på MBAM och Combofix.

 

Hälsningar

Hans

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4649

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-09-19 08:35:06

mbam-log-2010-09-19 (08-35-06).txt

 

Skanningstyp: Fullständig skanning (C:\|F:\|I:\|)

Antal skannade objekt: 278952

Förfluten tid: 9 timme(ar), 13 minut(er), 12 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 6

Infekterade filer: 30

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\EZMapIt (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Spyware Remover (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PAL Spyware Remover_is1 (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Program\PAL SPYREM (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\Other Security Applications (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\Quarantine (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\Reports (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Essential Security Programs (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Program\PAL SPYREM\spyrem.exe (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\CX8ROXUD\wcap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

F:\temp överfört 2-6-07\från nätet\spyrem_setup_c.exe (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\ee.ico (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\ee.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\klp.ico (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\klp.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\pct.ico (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\pct.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\PopupE.ico (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\popupe.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\psapi.dll (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\ref.dat (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\spyrem.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\spyremhlp.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\spyremreg.url (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\unins000.dat (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Program\PAL SPYREM\unins000.exe (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Order PAL Spyware Remover.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\PAL Spyware Remover Help.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\PAL Spyware Remover on the Web.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\PAL Spyware Remover.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Uninstall PAL Spyware Remover.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Essential Security Programs\PAL Evidence Eliminator.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Essential Security Programs\PAL Keylog PRO.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Essential Security Programs\PAL PC Tracker.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start-meny\Program\PAL Spyware Remover\Essential Security Programs\PAL Popup Eliminator.lnk (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hans Lowén\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program\MetaImage.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

 

 

ComboFix 10-09-17.04 - Hans Lowén 2010-09-19 10:19:02.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.734 [GMT 2:00]

Körs från: c:\documents and settings\Hans Lowén\Skrivbord\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\TEMP\IadHide3.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-08-19 till 2010-09-19 ))))))))))))))))))))))))))))))

.

 

2010-09-18 21:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-18 21:11 . 2010-09-19 06:34 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-09-18 21:11 . 2010-09-18 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-18 21:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-18 15:22 . 2010-09-18 15:22 -------- d-----w- c:\program\CCleaner

2010-09-16 22:26 . 2010-09-16 22:26 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-19 08:21 . 2003-04-24 12:00 84508 ----a-w- c:\windows\system32\perfc01D.dat

2010-09-19 08:21 . 2003-04-24 12:00 446538 ----a-w- c:\windows\system32\perfh01D.dat

2010-08-19 10:00 . 2004-08-03 07:50 -------- d-----w- c:\program\Wfwin

2010-08-17 13:17 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:46 . 2004-04-17 15:43 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:33 . 2003-04-24 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-08-23 18:36 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2003-04-24 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2003-04-24 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-09-18_18.43.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-19 08:17 . 2010-09-19 08:17 16384 c:\windows\Temp\Perflib_Perfdata_2c0.dat

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2010-06-18 17:47 . 2010-06-18 17:47 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2010-04-16 15:38 . 2010-04-16 15:38 406016 c:\windows\system32\dllcache\usp10.dll

+ 2010-03-30 10:24 . 2010-03-30 10:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2010-08-05 11:50 . 2010-08-05 11:50 4018176 c:\windows\Installer\103d1a.msp

+ 2010-08-20 11:50 . 2010-08-20 11:50 5518848 c:\windows\Installer\103cf8.msp

+ 2010-08-25 15:06 . 2010-08-25 15:06 6479360 c:\windows\Installer\103ce1.msp

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"Google Update"="c:\documents and settings\Hans Lowén\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]

"nwiz"="nwiz.exe" [2005-12-10 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]

"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]

"TrueImageMonitor.exe"="c:\program\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-09 1165680]

"AcronisTimounterMonitor"="c:\program\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-09 1945960]

"Acronis Scheduler2 Service"="c:\program\Delade filer\Acronis\Schedule2\schedhlp.exe" [2007-02-09 149024]

"OSSelectorReinstall"="c:\program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2007-12-11 286720]

"PaperPort PTD"="c:\program\scansoft\paperp~1\pptd40nt.exe" [2001-08-16 26624]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"itype"="c:\program\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2010-03-30 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Hans Low‚n\Start-meny\Program\Autostart\

Outlook Express (2).lnk - c:\program\Outlook Express\msimn.exe [2004-6-7 60416]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Brother SmartUI PopUp.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Brother SmartUI PopUp.lnk

backup=c:\windows\pss\Brother SmartUI PopUp.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Phone Connection Monitor.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Phone Connection Monitor.lnk

backup=c:\windows\pss\Phone Connection Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Hans Lowén^Start-meny^Program^Autostart^Produktregistreringspåminnelse för Scansoft.lnk]

path=c:\documents and settings\Hans Lowén\Start-meny\Program\Autostart\Produktregistreringspåminnelse för Scansoft.lnk

backup=c:\windows\pss\Produktregistreringspåminnelse för Scansoft.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 02:10 409600 ----a-w- c:\program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-11 11:10 267048 ----a-w- c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2010-03-30 21:24 75320 ----a-w- c:\program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 16:05 1695232 ----a-w- c:\program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-30 21:24 202256 ----a-w- c:\program\Delade filer\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 14:45 313472 ----a-w- c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

 

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2004-10-23 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2004-10-23 5248]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\FSfilter.sys [2004-04-17 47280]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\win2k\fsgk.sys [2004-04-17 37456]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\FSrec.sys [2004-04-17 15984]

R2 FSpm;F-Secure Policy Manager;c:\program\F-Secure\Common\FSpm.sys [2004-04-17 65328]

R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [2004-06-26 14848]

R3 brfilt;Brother MFC-filterdrivrutin;c:\windows\system32\drivers\BrFilt.sys [2008-11-08 2944]

R3 BrSerWDM;Seriell Brother-drivrutin;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-08 60416]

R3 BrUsbMdm;Brother MFC USB - endast faxmodem;c:\windows\system32\drivers\BrUsbMdm.sys [2000-02-24 11008]

R3 BrUsbScn;Drivrutin för Brother MFC USB-skanner;c:\windows\system32\drivers\BrUsbScn.sys [2008-11-08 10368]

S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2004-04-17 16384]

S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [2005-02-02 46216]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-02-12 135664]

S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2005-03-01 32768]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2005-11-29 6828]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-11 23:13]

 

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-02-11 23:13]

 

2010-09-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-602609370-725345543-1004.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-602609370-725345543-1004.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://swp2.vv.sebank.se/cgi-bin/pts3/pow/default.asp

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.se/static/download/pixacodndupload.cab

DPF: {5BF56AD2-E297-416E-BC49-000004080009} - hxxps://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/sv_SE/st/download/ddup/CNIMGUP_01_210102E.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-09-19 10:25

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85A617A8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7593f28

\Driver\ACPI -> ACPI.sys @ 0xf74c0cb8

\Driver\atapi -> 0x85a617a8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

NDIS: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Coppe -> SendCompleteHandler -> NDIS.sys @ 0xf7345bb0

PacketIndicateHandler -> NDIS.sys @ 0xf7334a0d

SendHandler -> NDIS.sys @ 0xf7348b40

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMJ151LA]

"ImagePath"="%SystemRoot%\PMJ151LA.BIN"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-746137067-602609370-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'lsass.exe'(1172)

c:\windows\system32\relog_ap.dll

.

Sluttid: 2010-09-19 10:27:54

ComboFix-quarantined-files.txt 2010-09-19 08:27

ComboFix2.txt 2010-09-19 07:22

ComboFix3.txt 2010-09-18 18:45

 

Före genomsökningen: 211 325 448 192 byte ledigt

Efter genomsökningen: 211 322 720 256 byte ledigt

 

- - End Of File - - C5C5BA09D622CDB37A48B4FACA1C9C40

Link to comment
Share on other sites

Hej,

vi kommer att granska dina senaste loggar under dagen, kan ta lite tid, så ha tålamod med oss!

Din dator är kraftigt infekterad av diverse otyg, och detta är till viss del, en följd av ett utdaterat F-Secure från 2004.

Troligen har du haft en del i datorn sedan tidigare med som F-Secure inte klarat att upptäcka, pga "ålderskäl", min personliga uppfattning.

Låt bli att använda datorn tills du får ett nytt svar från oss.

Så ska vi hitta lite motmedel.

Rensning är en tålamodskrävande process och tar tid.

Återkommer under dagen!

Du gör ett bra jobb.

Men installera inga program,eller ngt annat.

Varje förändring kan leda till nya bekymmer.

Mvh

Mats H

Link to comment
Share on other sites

Hej,

då kör vi vidare.

Spara Rootkit Unhooker på skrivbordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

Dubbelklicka på programmet för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth och avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Notera om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

 

Efter att du kört RootKit Unhooker och postat dess logg, kör du vidare med MBR Check.

 

Ladda ned från http://ad13.geekstogo.com/MBRCheck.exe på skrivbordet

 

* Dubbelklicka på MBRCheck.exe för att starta. (Vista och Win 7 högerklicka och välj kör som adminstratör).

* Ett svart fönster öppnar sig och en mängd med data syns

* En rapport som heter MBRcheck dyker upp på ditt skrivbord

* Öppna denna

* Högerklicka på skärmen och sedan> Select All/Markera allt

* Tryck Ctrl+C

* Kopiera in rapporten i din tråd.

Mvh

Mats H

Link to comment
Share on other sites

OK.

Här kommer

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3956736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 81.98 )

0xF5ABB000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3538944 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 )

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT:s kernel och system)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)

0xF49E7000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 593920 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xF735D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF22C7000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF471C000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 393216 bytes (Sensaura Ltd, Sensaura WDM 3D Audio Driver)

0xF72D0000 timntr.sys 393216 bytes (Acronis, Acronis True Image Backup Archive Explorer)

0xF43CA000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF23D2000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB94B1000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB8BD4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF74BA000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)

0xF439C000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)

0xB9ADB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7330000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB8771000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF2337000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF5297000 C:\WINDOWS\System32\DRIVERS\yukonwxp.sys 176128 bytes (Marvell Semiconductor Inc., NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter)

0xF2384000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF7433000 fasttx2k.sys 159744 bytes (Promise Technology, Inc., Promise Driver for Windows XP)

0xF74E8000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)

0xF23AC000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF481C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5552000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF4E92000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF2362000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806FF000 ACPI_HAL 134400 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7413000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF748A000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)

0xF72B5000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)

0xF729B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7472000 98304 bytes

0xF22AF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF745A000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF73EA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF452D000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB8FEC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF243E000 C:\WINDOWS\System32\Drivers\InCDfs.SYS 81920 bytes

0xF4F56000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Drivrutin för parallellport)

0xF596E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF242B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF4665000 C:\WINDOWS\System32\DRIVERS\bridge.sys 73728 bytes (Microsoft Corporation, MAC Bridge Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7401000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)

0xF74A9000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)

0xF44B4000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF45AF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF761F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA4C0000 C:\Program\F-Secure\Common\FSPM.SYS 65536 bytes (F-Secure Corporation, F-Secure Policy Manager)

0xF777F000 C:\WINDOWS\system32\DRIVERS\mf.sys 65536 bytes (Microsoft Corporation, Multifunction Enumerator)

0xF75CF000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF753F000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF75EF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Seriell drivrutin)

0xF779F000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF778F000 C:\WINDOWS\System32\Drivers\BrSerWdm.sys 61440 bytes (Brother Industries Ltd., Brother Serial driver (WDM version))

0xF6391000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF762F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Drivrutin för Redbook-ljudfilter)

0xB9191000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF774F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF754F000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF758F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF75DF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)

0xF6341000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF6361000 C:\WINDOWS\System32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xF756F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)

0xB9698000 C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys 49152 bytes (-, -)

0xF767F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF759F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF460F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)

0xF75FF000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF755F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF766F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF770F000 C:\Program\F-Secure\Anti-Virus\Win2K\FSgk.sys 40960 bytes (-, -)

0xF768F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Drivrutin för processor)

0xF752F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)

0xF772F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF76CF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF757F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF775F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF76AF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF463F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB8701000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF461F000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7917000 C:\WINDOWS\system32\drivers\ASAPIW2k.sys 32768 bytes (Pinnacle Systems GmbH, ASAPI)

0xF78CF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7817000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)

0xF78A7000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF78DF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF790F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7937000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)

0xF7897000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF792F000 C:\WINDOWS\System32\DRIVERS\InCDPass.sys 28672 bytes (Ahead Software, Ahead CD-RW Filter Driver)

0xF78F7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)

0xF77AF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF78AF000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF7877000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)

0xF78D7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF78BF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF788F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF78C7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF77B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF789F000 C:\WINDOWS\system32\DRIVERS\point32.sys 20480 bytes (Microsoft Corporation, Point32.sys)

0xF7857000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7867000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF782F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF791F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB9B24000 C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys 16384 bytes (-, -)

0xF7263000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF4384000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF42F8000 C:\WINDOWS\system32\drivers\pclepci.sys 16384 bytes (Pinnacle Systems GmbH, PCLEPCI)

0xF689D000 C:\WINDOWS\System32\DRIVERS\PMJ151NM.sys 16384 bytes (Matsushita Electric Industrial Co. ,Ltd,, Panasonic DVC Web Camera)

0xF7203000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF793F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF430C000 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys 12288 bytes (Brother Industries Ltd., Brother USB MDM Driver )

0xF4310000 C:\WINDOWS\System32\Drivers\BrUsbScn.sys 12288 bytes (Brother Industries Ltd., Brother USB SCN Driver)

0xF24BA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF4318000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB963C000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 12288 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)

0xF4314000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0xF687D000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF4304000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7A99000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7A33000 d347prt.sys 8192 bytes ( , SCSI miniport)

0xF7AAF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7A97000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7A9F000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 8192 bytes (Ahead Software AG, InCD File System Recognizer)

0xF7A2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A9B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7AA1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Parallellportsdrivrutin för VDM)

0xF7A9D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7A69000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A8D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7A31000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7BDE000 C:\WINDOWS\system32\drivers\aslm75.sys 4096 bytes

0xF7B95000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C2F000 C:\WINDOWS\System32\Drivers\Brfilt.sys 4096 bytes (Brother Industries Ltd., Brother Multi Function Filter driver)

0xF7BBC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7AF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)

0x855AD030 unknown_irp_handler 4048 bytes

0x854100C0 unknown_irp_handler 3904 bytes

0x86F0B258 unknown_irp_handler 3496 bytes

0x855AE280 unknown_irp_handler 3456 bytes

0x855AB2B0 unknown_irp_handler 3408 bytes

0x85BD3360 unknown_irp_handler 3232 bytes

0x855B33C0 unknown_irp_handler 3136 bytes

0x85C334C0 unknown_irp_handler 2880 bytes

0x86F066C8 unknown_irp_handler 2360 bytes

0x85E1C8B8 unknown_irp_handler 1864 bytes

0x85DBBC18 unknown_irp_handler 1000 bytes

0x85E0BC68 unknown_irp_handler 920 bytes

0x8553BE18 unknown_irp_handler 488 bytes

==============================================

>Stealth

==============================================

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x854B6440 ] TID: 228

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85573718 ] TID: 264, 795784 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x851E2B58 ] TID: 276

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85BBB020 ] TID: 280, 8781836 bytes

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A07020 ] TID: 284

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85383C60 ] TID: 292

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B1EC20 ] TID: 300

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84A35020 ] TID: 304

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x855A7170 ] TID: 336

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853A54E0 ] TID: 340

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853A9628 ] TID: 348

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85552DA8 ] TID: 356

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85407DA8 ] TID: 408

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84BDDAF8 ] TID: 420

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x851E4AE0 ] TID: 424

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x8520C978 ] TID: 444

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x854B4DA8 ] TID: 452

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BB17B8 ] TID: 460

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85364908 ] TID: 464

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85220668 ] TID: 472

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85B86958 ] TID: 480

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A8C8F8 ] TID: 500

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BD0C30 ] TID: 504

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BD6B20 ] TID: 520

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85384998 ] TID: 576

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B0F020 ] TID: 580

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x853A4280 ] TID: 604

0x80562520 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x8537D9C0 ] TID: 616

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85546DA8 ] TID: 624

0x80562520 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x85BD8C10 ] TID: 636

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853F1C88 ] TID: 652

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B69420 ] TID: 660

0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8538DDA8 ] TID: 672

0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8538DB30 ] TID: 676

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AAD540 ] TID: 684

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8547F958 ] TID: 704

0x80562520 Faked ServiceTable-->fsgk32st.exe [ ETHREAD 0x85BF3B80 ] TID: 720

0x80562520 Faked ServiceTable-->fsgk32st.exe [ ETHREAD 0x85AED620 ] TID: 728

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84AB3758 ] TID: 736

0x80562520 Faked ServiceTable-->fsgk32st.exe [ ETHREAD 0x854D8B90 ] TID: 744

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85BE2958 ] TID: 764

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85170B80 ] TID: 768

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853E18B8 ] TID: 780, 7209074 bytes

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x853D6920 ] TID: 800

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853984C8 ] TID: 804, 7012467 bytes

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85360DA8 ] TID: 808

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85360B30 ] TID: 812, 2097245 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853CE908 ] TID: 816

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85BECDA8 ] TID: 820, 3014763 bytes

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x854CFB98 ] TID: 824

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x854CF6F8 ] TID: 828, 34209800 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853E2DA8 ] TID: 836

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x849CE020 ] TID: 840, 34013192 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853744E0 ] TID: 844

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85A8EC10 ] TID: 848

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85378490 ] TID: 852

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853C7DA8 ] TID: 860

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x8547FDA8 ] TID: 864

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85545A00 ] TID: 868, 34209805 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x8547DB80 ] TID: 872

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85AA8DA8 ] TID: 876, 34209803 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85408DA8 ] TID: 880

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85408B30 ] TID: 884, 3801155 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BBAD80 ] TID: 888

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x854AEDA8 ] TID: 892

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BBAB08 ] TID: 896

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x8537B020 ] TID: 900, 6357111 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x854AEB30 ] TID: 904

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BE49A8 ] TID: 908, 7536761 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BE4730 ] TID: 912

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853B2DA8 ] TID: 916, 5374020 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x8537B3B0 ] TID: 920

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x8537B628 ] TID: 924, 3145776 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BEADA8 ] TID: 928

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BEAB30 ] TID: 932, 3145776 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85BEA8B8 ] TID: 936

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853FF890 ] TID: 940, 5439575 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85400B98 ] TID: 944

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x855A0DA8 ] TID: 948

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x854D17D0 ] TID: 952, 118 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85478728 ] TID: 968

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x854784B0 ] TID: 972

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x85357DA8 ] TID: 976

0x80562520 Faked ServiceTable-->TrueImageMonitor.exe [ ETHREAD 0x8525B8E0 ] TID: 992

0x80562520 Faked ServiceTable-->GoogleUpdate.exe [ ETHREAD 0x851F0DA8 ] TID: 1000, 952600 bytes

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853F1A10 ] TID: 1016

0x80562520 Faked ServiceTable-->fssm32.exe [ ETHREAD 0x853D1908 ] TID: 1020

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x854B6B58 ] TID: 1024

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8553F330 ] TID: 1052

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x855C5908 ] TID: 1064

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x85B24020 ] TID: 1068

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85B50830 ] TID: 1092

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x851ECA50 ] TID: 1100

0x80562520 Faked ServiceTable-->backWeb-7681197.exe [ ETHREAD 0x8523F358 ] TID: 1120

0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x853CC7B0 ] TID: 1136

0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85BD8200 ] TID: 1144

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x855A6138 ] TID: 1180

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85ACD020 ] TID: 1188

0x80562520 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x85BC4640 ] TID: 1196

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85254DA8 ] TID: 1208

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x854CE5B0 ] TID: 1216

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x854C2B98 ] TID: 1224

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85BF15A0 ] TID: 1228

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85555968 ] TID: 1232

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85BD4620 ] TID: 1236

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x853FD548 ] TID: 1240

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x854DA020 ] TID: 1244

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x855AFA00 ] TID: 1248, 6094949 bytes

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B0D830 ] TID: 1252

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x855B59B0 ] TID: 1264

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x855B2178 ] TID: 1272

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85807DA8 ] TID: 1292

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85BE1490 ] TID: 1296

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8554AB90 ] TID: 1304

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85592B70 ] TID: 1308

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8554F9F8 ] TID: 1312

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85AA0BB0 ] TID: 1324

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85BDE798 ] TID: 1328

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85543B98 ] TID: 1336

0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x84ACD020 ] TID: 1340

0x80562520 Faked ServiceTable-->PMJ151LA.BIN [ ETHREAD 0x851EC7D8 ] TID: 1348

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A8C390 ] TID: 1360

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A5DCD0 ] TID: 1364

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85B04020 ] TID: 1368

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85551A00 ] TID: 1372

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85553548 ] TID: 1376

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85BDDDA8 ] TID: 1392

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85384490 ] TID: 1416

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8558CDA8 ] TID: 1420

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B4BDA8 ] TID: 1424

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AAADA8 ] TID: 1428

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x8521F690 ] TID: 1432

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x854C5428 ] TID: 1436

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A8B020 ] TID: 1456

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857FFB80 ] TID: 1460

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85800020 ] TID: 1464

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85570258 ] TID: 1468

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854C6DA8 ] TID: 1480

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x852208E0 ] TID: 1492

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x852203F0 ] TID: 1496, 7602284 bytes

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x8521FB58 ] TID: 1504

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DFDA8 ] TID: 1508

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B0C5A0 ] TID: 1512

0x80562520 Faked ServiceTable-->backWeb-7681197.exe [ ETHREAD 0x85BB2748 ] TID: 1516

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DFB30 ] TID: 1524

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x8521F418 ] TID: 1528

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DF640 ] TID: 1536

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8536D4B8 ] TID: 1540, 7536761 bytes

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DF8B8 ] TID: 1544

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DF3C8 ] TID: 1548

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DEB58 ] TID: 1564

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A11020 ] TID: 1568

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853DE440 ] TID: 1572

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85201020 ] TID: 1576

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x853B7B58 ] TID: 1588

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85359908 ] TID: 1596, 6488165 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853D2B58 ] TID: 1604

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x853D28E0 ] TID: 1612

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853D2668 ] TID: 1616

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853B3DA8 ] TID: 1620

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x854D06B8 ] TID: 1624

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x854D0440 ] TID: 1628

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84C56770 ] TID: 1640

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853E0DA8 ] TID: 1644, 3276855 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853D7930 ] TID: 1648

0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x853F7B68 ] TID: 1652

0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x8536C8E0 ] TID: 1656

0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x853B3B30 ] TID: 1660

0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x85380B58 ] TID: 1664

0x80562520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x84BE5688 ] TID: 1668

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85596B58 ] TID: 1672

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8536EDA8 ] TID: 1684

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A8E450 ] TID: 1692

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853894E0 ] TID: 1704

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8554D908 ] TID: 1708

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x853996E8 ] TID: 1716

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853A8DA8 ] TID: 1720

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BE5898 ] TID: 1736

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854C9B98 ] TID: 1740

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x853AEDA8 ] TID: 1748

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x853F3B70 ] TID: 1752

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85AB2B80 ] TID: 1768

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8541AB30 ] TID: 1772

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85AB2908 ] TID: 1776

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85AB2468 ] TID: 1780

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8538FDA8 ] TID: 1808

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85571DA8 ] TID: 1828

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853E3DA8 ] TID: 1832, 3211264 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AD54F8 ] TID: 1844

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BD7DA8 ] TID: 1860

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8539E4A0 ] TID: 1864

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8536A478 ] TID: 1884

0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x849F8020 ] TID: 1900

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853A2958 ] TID: 1904

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x855B4A10 ] TID: 1908

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8536DB58 ] TID: 1924, 7209074 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853BEDA8 ] TID: 1928

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8524C9C0 ] TID: 1944

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A85290 ] TID: 1948

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x8541E968 ] TID: 1956

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BC13E8 ] TID: 1992

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84ADC020 ] TID: 2000

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x853C95A0 ] TID: 2008

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8539D4E0 ] TID: 2020

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BED760 ] TID: 2036

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B5AA58 ] TID: 2040

0x80562520 Faked ServiceTable-->backWeb-7681197.exe [ ETHREAD 0x853C2908 ] TID: 2052

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A9E720 ] TID: 2068

0x80562520 Faked ServiceTable-->BrmfRsmg.exe [ ETHREAD 0x8535C8E0 ] TID: 2084, 7929971 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8528B6D8 ] TID: 2092

0x80562520 Faked ServiceTable-->BrmfRsmg.exe [ ETHREAD 0x854D3910 ] TID: 2100

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x853C8B90 ] TID: 2132

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x854B9DA8 ] TID: 2136

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x85243488 ] TID: 2140

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853C2690 ] TID: 2144

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x853C2418 ] TID: 2148

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A9E9F8 ] TID: 2156

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8534D6B8 ] TID: 2180

0x80562520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x85217020 ] TID: 2192

0x80562520 Faked ServiceTable-->backWeb-7681197.exe [ ETHREAD 0x85349468 ] TID: 2196

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x853C84E0 ] TID: 2212

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x853C5DA8 ] TID: 2216

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x85343480 ] TID: 2220

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x8535FDA8 ] TID: 2224

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x853446B8 ] TID: 2228

0x80562520 Faked ServiceTable-->fch32.exe [ ETHREAD 0x85362B58 ] TID: 2236

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x8557BDA8 ] TID: 2240

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x8557BB30 ] TID: 2244

0x80562520 Faked ServiceTable-->incdsrv.exe [ ETHREAD 0x8557B8B8 ] TID: 2248, 2097184 bytes

0x80562520 Faked ServiceTable-->fch32.exe [ ETHREAD 0x8535F468 ] TID: 2252

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x851E6948 ] TID: 2260

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x85B68910 ] TID: 2264

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x85345478 ] TID: 2268

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x854B8B58 ] TID: 2284

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85237B58 ] TID: 2296

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x8535B6D0 ] TID: 2300

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85341690 ] TID: 2304

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x85219470 ] TID: 2312

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x85349DA8 ] TID: 2316, 7471205 bytes

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x85349B30 ] TID: 2320

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x853498B8 ] TID: 2324

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x85404DA8 ] TID: 2328

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x85404B30 ] TID: 2332

0x80562520 Faked ServiceTable-->FAMEH32.exe [ ETHREAD 0x853D9468 ] TID: 2336

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85259230 ] TID: 2340

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B6EAF0 ] TID: 2364

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85248658 ] TID: 2376, 7077987 bytes

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x8557EDA8 ] TID: 2380

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x85297DA8 ] TID: 2384

0x80562520 Faked ServiceTable-->backWeb-7681197.exe [ ETHREAD 0x85259B58 ] TID: 2392

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8525C470 ] TID: 2400

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x85070470 ] TID: 2404

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x851E8470 ] TID: 2408

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x8557AB80 ] TID: 2416

0x80562520 Faked ServiceTable-->scardsvr.exe [ ETHREAD 0x851F5B00 ] TID: 2432

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8521B150 ] TID: 2444

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x84C39020 ] TID: 2448

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85206B00 ] TID: 2460

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85ADE3D0 ] TID: 2464

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x855907E8 ] TID: 2484

0x80562520 Faked ServiceTable-->TrueImageMonitor.exe [ ETHREAD 0x851FE020 ] TID: 2516

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85297470 ] TID: 2520

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85219920 ] TID: 2524

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8540D6C8 ] TID: 2528

0x80562520 Faked ServiceTable-->TrueImageMonitor.exe [ ETHREAD 0x85AB5020 ] TID: 2540

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x85AA4478 ] TID: 2580

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x86EE97B0 ] TID: 2600

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85AB5918 ] TID: 2620, 36700164 bytes

0x80562520 Faked ServiceTable-->TimounterMonitor.exe [ ETHREAD 0x8520FB58 ] TID: 2628, 7929971 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85375DA8 ] TID: 2656

0x80562520 Faked ServiceTable-->FNRB32.exe [ ETHREAD 0x851EF610 ] TID: 2660

0x80562520 Faked ServiceTable-->FNRB32.exe [ ETHREAD 0x854B7B58 ] TID: 2668, 7471204 bytes

0x80562520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x84BE0468 ] TID: 2672

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85244DA8 ] TID: 2676

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x852448B8 ] TID: 2684

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x8522CDA8 ] TID: 2688

0x80562520 Faked ServiceTable-->FIH32.exe [ ETHREAD 0x85AA4B58 ] TID: 2708

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x8522F908 ] TID: 2712

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B9C6B8 ] TID: 2720

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853EADA8 ] TID: 2724

0x80562520 Faked ServiceTable-->GoogleUpdate.exe [ ETHREAD 0x851F2448 ] TID: 2732

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85C0FD00 ] TID: 2736

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85C0FA88 ] TID: 2740

0x80562520 Faked ServiceTable-->GoogleUpdate.exe [ ETHREAD 0x85035AF0 ] TID: 2748

0x80562520 Faked ServiceTable-->fsgk32.exe [ ETHREAD 0x853F86E0 ] TID: 2752

0x80562520 Faked ServiceTable-->fsav32.exe [ ETHREAD 0x855A4D38 ] TID: 2760

0x80562520 Faked ServiceTable-->fsav32.exe [ ETHREAD 0x855A4AC0 ] TID: 2764

0x80562520 Faked ServiceTable-->FNRB32.exe [ ETHREAD 0x8522B918 ] TID: 2768

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8533E7C8 ] TID: 2792

0x80562520 Faked ServiceTable-->fsav32.exe [ ETHREAD 0x853DA920 ] TID: 2796

0x80562520 Faked ServiceTable-->fsav32.exe [ ETHREAD 0x851D9DA8 ] TID: 2800

0x80562520 Faked ServiceTable-->fsav32.exe [ ETHREAD 0x851D96B8 ] TID: 2804

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x851DD750 ] TID: 2808

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A8A468 ] TID: 2812

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853758B8 ] TID: 2820

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x849C8DA8 ] TID: 2864

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x8540C618 ] TID: 2884

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85590398 ] TID: 2892

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x853B46C0 ] TID: 2896

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x8529EDA8 ] TID: 2900

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85365020 ] TID: 2904

0x80562520 Faked ServiceTable-->FNRB32.exe [ ETHREAD 0x85228DA8 ] TID: 2908

0x80562520 Faked ServiceTable-->FNRB32.exe [ ETHREAD 0x85228B30 ] TID: 2912

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A99468 ] TID: 2916

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B44908 ] TID: 2920

0x80562520 Faked ServiceTable-->Pptd40nt.exe [ ETHREAD 0x8558E470 ] TID: 2964

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x850FE3C0 ] TID: 2968

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A77890 ] TID: 2972

0x80562520 Faked ServiceTable-->scardsvr.exe [ ETHREAD 0x85024658 ] TID: 3040

0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x84A05020 ] TID: 3076

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85565168 ] TID: 3084

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x853EEB58 ] TID: 3124

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8538B020 ] TID: 3128

0x80562520 Faked ServiceTable-->GoogleUpdate.exe [ ETHREAD 0x85223020 ] TID: 3132

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8521A908 ] TID: 3172

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84BA6020 ] TID: 3192

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x850B9928 ] TID: 3208

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ACFDA8 ] TID: 3216

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8523E750 ] TID: 3224

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85038478 ] TID: 3248

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85042720 ] TID: 3252

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A85DA8 ] TID: 3260

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85029990 ] TID: 3276

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84BEBB68 ] TID: 3284

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F73658 ] TID: 3288

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8502B020 ] TID: 3308

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84FB4920 ] TID: 3328

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84AA2020 ] TID: 3336

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85025020 ] TID: 3344

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x84FB54A0 ] TID: 3348

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8503BB60 ] TID: 3352

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84984020 ] TID: 3360

0x80562520 Faked ServiceTable-->msimn.exe [ ETHREAD 0x84C65DA8 ] TID: 3388

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84FD0890 ] TID: 3408

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F3AB60 ] TID: 3412

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F36DA8 ] TID: 3416

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F36B30 ] TID: 3420

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F38DA8 ] TID: 3424

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F388E0 ] TID: 3428

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F326B8 ] TID: 3432

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F32440 ] TID: 3436

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84C14B58 ] TID: 3440

0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x84C143F0 ] TID: 3452

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84C13020 ] TID: 3456

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84C28020 ] TID: 3460

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x84C14020 ] TID: 3492

0x80562520 Faked ServiceTable-->iid.exe [ ETHREAD 0x85256AF0 ] TID: 3512

0x80562520 Faked ServiceTable-->iid.exe [ ETHREAD 0x84C11AD8 ] TID: 3516

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x84C07B58 ] TID: 3524

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8536BB88 ] TID: 3580

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x84BF5B58 ] TID: 3616

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x84F5B8A8 ] TID: 3632

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84AD49A8 ] TID: 3636

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8528C6B8 ] TID: 3648

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84A98488 ] TID: 3652

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A92B40 ] TID: 3688

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84C046C8 ] TID: 3704

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x84BFDDA8 ] TID: 3720

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85C28B58 ] TID: 3728

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85C28668 ] TID: 3736

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x849B6020 ] TID: 3788

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A5A220 ] TID: 3792

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x84AA6748 ] TID: 3812

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84989470 ] TID: 3828

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8521D020 ] TID: 3868

0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x84AA4488 ] TID: 3892

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x85232468 ] TID: 3896

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84F3DB78 ] TID: 3904

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x85C09020 ] TID: 3908

0x80562520 Faked ServiceTable-->FSMA32.exe [ ETHREAD 0x851E8B58 ] TID: 3912

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x850A8020 ] TID: 3916

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x85B4D6C8 ] TID: 3920

0x80562520 Faked ServiceTable-->FSM32.exe [ ETHREAD 0x85231B58 ] TID: 3924

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x8525CB58 ] TID: 3928

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84AAE720 ] TID: 3932

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A735E8 ] TID: 3940

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8558A020 ] TID: 3972

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85248AF0 ] TID: 3976

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84F79020 ] TID: 3980

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A77508 ] TID: 3988

0x80562520 Faked ServiceTable-->FSMB32.exe [ ETHREAD 0x85B18020 ] TID: 3992

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84FE62C0 ] TID: 4024

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B18B70 ] TID: 4028

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8525C8E0 ] TID: 4032

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8522D698 ] TID: 4036

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8524EB38 ] TID: 4048

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84FBB020 ] TID: 4084

0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84F3FB60 ] TID: 4092

Link to comment
Share on other sites

Och MBRCheck:

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001f5

 

Kernel Drivers (total 142):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0xF7A2F000 \WINDOWS\system32\KDCOM.DLL

0xF793F000 \WINDOWS\system32\BOOTVID.dll

0xF74E8000 d347bus.sys

0xF74BA000 ACPI.sys

0xF7A31000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF74A9000 pci.sys

0xF752F000 isapnp.sys

0xF753F000 ohci1394.sys

0xF754F000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF7AF7000 pciide.sys

0xF77AF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF755F000 MountMgr.sys

0xF748A000 ftdisk.sys

0xF77B7000 PartMgr.sys

0xF756F000 VolSnap.sys

0xF7472000

0xF7A33000 d347prt.sys

0xF745A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xF7433000 fasttx2k.sys

0xF757F000 disk.sys

0xF758F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF7413000 fltmgr.sys

0xF7401000 sr.sys

0xF73EA000 KSecDD.sys

0xF735D000 Ntfs.sys

0xF7330000 NDIS.sys

0xF72D0000 timntr.sys

0xF72B5000 snapman.sys

0xF729B000 Mup.sys

0xF759F000 agp440.sys

0xF75CF000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xF768F000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF5ABB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF596E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF78D7000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF5552000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF78DF000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF5297000 \SystemRoot\System32\DRIVERS\yukonwxp.sys

0xF75DF000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF78F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF75EF000 \SystemRoot\System32\DRIVERS\serial.sys

0xF7203000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF790F000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF4F56000 \SystemRoot\System32\DRIVERS\parport.sys

0xF75FF000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF7917000 \SystemRoot\system32\drivers\ASAPIW2k.sys

0xF761F000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF762F000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF4E92000 \SystemRoot\System32\DRIVERS\ks.sys

0xF792F000 \SystemRoot\System32\DRIVERS\InCDPass.sys

0xF7937000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF49E7000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF481C000 \SystemRoot\system32\drivers\portcls.sys

0xF6391000 \SystemRoot\system32\drivers\drmk.sys

0xF471C000 \SystemRoot\system32\drivers\ALCXSENS.SYS

0xF689D000 \SystemRoot\System32\DRIVERS\PMJ151NM.sys

0xF6361000 \SystemRoot\System32\DRIVERS\STREAM.SYS

0xF7B95000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF4665000 \SystemRoot\System32\DRIVERS\bridge.sys

0xF782F000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF6341000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF687D000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF452D000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF766F000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF767F000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF44B4000 \SystemRoot\System32\DRIVERS\psched.sys

0xF76AF000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF7857000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF7867000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF76CF000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF7877000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF7A69000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF43CA000 \SystemRoot\System32\DRIVERS\update.sys

0xF7263000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF439C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys

0xF772F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF774F000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF7A8D000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF788F000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xF4318000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF775F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7897000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF4314000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xF789F000 \SystemRoot\system32\DRIVERS\point32.sys

0xF78A7000 \SystemRoot\System32\DRIVERS\usbccgp.sys

0xF78AF000 \SystemRoot\System32\DRIVERS\usbprint.sys

0xF4310000 \SystemRoot\System32\Drivers\BrUsbScn.sys

0xF7C2F000 \SystemRoot\System32\Drivers\Brfilt.sys

0xF777F000 \SystemRoot\system32\DRIVERS\mf.sys

0xF430C000 \SystemRoot\System32\Drivers\BrUsbMdm.sys

0xF778F000 \SystemRoot\System32\Drivers\BrSerWdm.sys

0xF7A97000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C31000 \SystemRoot\System32\Drivers\Null.SYS

0xF7A99000 \SystemRoot\System32\Drivers\Beep.SYS

0xF78BF000 \SystemRoot\System32\drivers\vga.sys

0xF7A9B000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7A9D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7A9F000 \SystemRoot\System32\Drivers\InCDrec.SYS

0xF243E000 \SystemRoot\System32\Drivers\InCDfs.SYS

0xF78C7000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78CF000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF4304000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF242B000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF23D2000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xF23AC000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF2384000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF779F000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF2362000 \SystemRoot\System32\drivers\afd.sys

0xF463F000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF461F000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xF2337000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF42F8000 \??\C:\WINDOWS\system32\drivers\pclepci.sys

0xF22C7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF460F000 \SystemRoot\System32\Drivers\Fips.SYS

0xF45AF000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF22AF000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7AAF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF24BA000 \SystemRoot\System32\drivers\Dxapi.sys

0xF791F000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BBC000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xF7817000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0xF4384000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xB9ADB000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF7AA1000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xF7BDE000 \??\C:\WINDOWS\system32\drivers\aslm75.sys

0xB9B24000 \??\C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys

0xBA4C0000 \??\C:\Program\F-Secure\Common\FSPM.SYS

0xB963C000 \SystemRoot\System32\Drivers\MASPINT.SYS

0xB94B1000 \SystemRoot\System32\DRIVERS\srv.sys

0xB9698000 \??\C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys

0xF770F000 \??\C:\Program\F-Secure\Anti-Virus\Win2K\FSgk.sys

0xB8FEC000 \SystemRoot\system32\drivers\wdmaud.sys

0xB9191000 \SystemRoot\system32\drivers\sysaudio.sys

0xB8BD4000 \SystemRoot\System32\Drivers\HTTP.sys

0xB7D22000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 56):

0 System Idle Process

4 System

1048 C:\WINDOWS\system32\smss.exe

1108 csrss.exe

1148 C:\WINDOWS\system32\winlogon.exe

1192 C:\WINDOWS\system32\services.exe

1204 C:\WINDOWS\system32\lsass.exe

1380 C:\WINDOWS\system32\svchost.exe

1448 svchost.exe

1696 C:\WINDOWS\system32\svchost.exe

1756 svchost.exe

1984 svchost.exe

524 C:\WINDOWS\system32\spoolsv.exe

388 svchost.exe

516 C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

632 C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

664 C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

716 C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

748 C:\Program\F-Secure\Anti-Virus\fsgk32.exe

772 C:\Program\F-Secure\Anti-Virus\fssm32.exe

956 C:\Program\Ahead\InCD\incdsrv.exe

1036 C:\Program\Java\jre6\bin\jqs.exe

1072 C:\Program\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe

1124 C:\WINDOWS\system32\nvsvc32.exe

1288 C:\WINDOWS\PMJ151LA.BIN

1556 C:\WINDOWS\system32\svchost.exe

1932 C:\Program\F-Secure\Common\FSMA32.exe

1976 C:\Program\F-Secure\Common\FSMB32.exe

1724 C:\WINDOWS\system32\BrmfRsmg.exe

2168 C:\Program\F-Secure\Common\fch32.exe

2280 C:\Program\F-Secure\Common\FAMEH32.exe

2552 C:\Program\F-Secure\Common\FNRB32.exe

2692 C:\Program\F-Secure\Common\FIH32.exe

2700 C:\Program\F-Secure\Anti-Virus\fsav32.exe

2776 alg.exe

3556 C:\WINDOWS\explorer.exe

3848 C:\Program\F-Secure\Common\FSM32.exe

4016 C:\WINDOWS\system32\rundll32.exe

2368 C:\Program\Microsoft IntelliPoint\point32.exe

2424 C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

288 C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

1892 C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

2716 C:\Program\ScanSoft\PAPERP~1\Pptd40nt.exe

2924 C:\WINDOWS\system32\iid.exe

2976 C:\Program\Microsoft IntelliType Pro\itype.exe

3196 C:\Program\Delade filer\Java\Java Update\jusched.exe

1028 C:\Program\Delade filer\Real\Update_OB\realsched.exe

2076 C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2344 C:\Documents and Settings\Hans Lowén\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe

3020 C:\WINDOWS\system32\ctfmon.exe

3024 scardsvr.exe

4060 C:\Program\Outlook Express\msimn.exe

3372 C:\Program\Internet Explorer\iexplore.exe

2028 C:\Program\Internet Explorer\iexplore.exe

3212 C:\WINDOWS\system32\notepad.exe

2568 C:\Documents and Settings\Hans Lowén\Skrivbord\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\I: --> \\.\PhysicalDrive0 at offset 0x0000003a`6f746000 (NTFS)

 

PhysicalDrive0 Model Number: Maxtor7Y250P0, Rev: YAR41BW0

PhysicalDrive1 Model Number: WDCWD1800JB-00DUA0, Rev: 70.13G70

 

Size Device Name MBR Status

--------------------------------------------

233 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: EEC098E77D0529BD75F64F7B26552C1BA4417B73

167 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: EEC098E77D0529BD75F64F7B26552C1BA4417B73

 

 

Done!

 

Lycka till, nu går jag en sväng med hunden.

 

Hälsningar

Hans

Link to comment
Share on other sites

Hej,

då fortsätter vi med nästa kur.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

Efter att du postat TDSSKillers logg, kör en ny RootKit UNhooker, enligt denna instruktion.

 

Spara Rootkit Unhooker på skrivbordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

 

Dubbelklicka på Rootkit Unhooker för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

 

Mvh

Mats H

Link to comment
Share on other sites

OK.

Höll på att missa egtersom det var en ny sida.

Här är TDSS log:

 

2010/09/19 19:09:01.0437 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/19 19:09:01.0437 ================================================================================

2010/09/19 19:09:01.0437 SystemInfo:

2010/09/19 19:09:01.0437

2010/09/19 19:09:01.0437 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/19 19:09:01.0437 Product type: Workstation

2010/09/19 19:09:01.0437 ComputerName: HANS

2010/09/19 19:09:01.0437 UserName: Hans Lowén

2010/09/19 19:09:01.0437 Windows directory: C:\WINDOWS

2010/09/19 19:09:01.0437 System windows directory: C:\WINDOWS

2010/09/19 19:09:01.0437 Processor architecture: Intel x86

2010/09/19 19:09:01.0437 Number of processors: 2

2010/09/19 19:09:01.0437 Page size: 0x1000

2010/09/19 19:09:01.0437 Boot type: Normal boot

2010/09/19 19:09:01.0437 ================================================================================

2010/09/19 19:09:01.0828 Initialize success

2010/09/19 19:09:10.0750 ================================================================================

2010/09/19 19:09:10.0750 Scan started

2010/09/19 19:09:10.0750 Mode: Manual;

2010/09/19 19:09:10.0750 ================================================================================

2010/09/19 19:09:11.0468 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2010/09/19 19:09:11.0687 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/19 19:09:11.0765 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/19 19:09:11.0890 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/19 19:09:12.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/19 19:09:12.0281 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/19 19:09:12.0515 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/09/19 19:09:12.0640 ALCXWDM (bc5c55b49c4bd1fdfaaa128fe21f9fea) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/19 19:09:12.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/19 19:09:12.0937 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys

2010/09/19 19:09:13.0125 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys

2010/09/19 19:09:13.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/19 19:09:13.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/19 19:09:13.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/19 19:09:13.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/19 19:09:13.0593 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2010/09/19 19:09:13.0671 avera800 (1f092cde7e3855ee05d3497f477596c6) C:\WINDOWS\system32\Drivers\avera800.sys

2010/09/19 19:09:13.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/19 19:09:13.0890 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/09/19 19:09:13.0937 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2010/09/19 19:09:13.0968 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2010/09/19 19:09:14.0031 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/09/19 19:09:14.0078 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

2010/09/19 19:09:14.0140 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys

2010/09/19 19:09:14.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/19 19:09:14.0390 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/19 19:09:14.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/19 19:09:14.0578 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/19 19:09:14.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/19 19:09:14.0937 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

2010/09/19 19:09:15.0046 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

2010/09/19 19:09:15.0218 DCamUSB20 (ee8cc06a207bbe317168e2a0af5d6745) C:\WINDOWS\system32\Drivers\CsMini20.sys

2010/09/19 19:09:15.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/19 19:09:15.0421 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/19 19:09:15.0640 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/19 19:09:15.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/19 19:09:15.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/19 19:09:15.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/19 19:09:16.0140 F-Secure Filter (704cacd94794169efa2e43e913746591) C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys

2010/09/19 19:09:16.0171 F-Secure Gatekeeper (1658c72b6c96f3dcaa70d41bcf0b1b43) C:\Program\F-Secure\Anti-Virus\Win2K\FSgk.sys

2010/09/19 19:09:16.0218 F-Secure Recognizer (bb1daf5bcb2c6e4f22bb4be87e3f73aa) C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys

2010/09/19 19:09:16.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/19 19:09:16.0390 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/09/19 19:09:16.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/19 19:09:16.0578 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB0131.SYS

2010/09/19 19:09:16.0687 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/19 19:09:16.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/19 19:09:16.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/19 19:09:17.0312 FSpm (7f1c5075b89fcdd3cdc371f10ce15322) C:\Program\F-Secure\Common\FSPM.SYS

2010/09/19 19:09:17.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/19 19:09:17.0484 FTDIBUS (8672947aeec467dc5907ba024baf06ef) C:\WINDOWS\system32\drivers\ftdibus.sys

2010/09/19 19:09:17.0593 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/19 19:09:17.0859 FTLUND (e51ec9d232494c0713e0a0938dd9c893) C:\WINDOWS\system32\drivers\ftlund.sys

2010/09/19 19:09:17.0921 FTSER2K (1baea6f4a629abcbd87267c2c732c982) C:\WINDOWS\system32\drivers\ftser2k.sys

2010/09/19 19:09:18.0015 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/09/19 19:09:18.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/19 19:09:18.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/19 19:09:18.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/19 19:09:18.0609 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/19 19:09:18.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/19 19:09:18.0812 InCDfs (44c3e748a911ef97e6ad1103edebeecd) C:\WINDOWS\system32\drivers\InCDfs.sys

2010/09/19 19:09:18.0890 InCDPass (f65dfac6b026ce23273cfa10bd3e793a) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

2010/09/19 19:09:18.0953 InCDrec (99412b10dd170a186f6158c2009b81a8) C:\WINDOWS\system32\drivers\InCDrec.sys

2010/09/19 19:09:19.0140 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/19 19:09:19.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/19 19:09:19.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/19 19:09:19.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/19 19:09:19.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/19 19:09:19.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/19 19:09:19.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/19 19:09:19.0781 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/19 19:09:19.0875 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/19 19:09:19.0953 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/19 19:09:20.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/19 19:09:20.0234 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

2010/09/19 19:09:20.0312 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys

2010/09/19 19:09:20.0375 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/09/19 19:09:20.0437 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/19 19:09:20.0515 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/19 19:09:20.0625 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/19 19:09:20.0703 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/19 19:09:20.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/19 19:09:20.0859 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

2010/09/19 19:09:20.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/19 19:09:21.0109 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/19 19:09:21.0218 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2010/09/19 19:09:21.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/19 19:09:21.0375 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/19 19:09:21.0453 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/19 19:09:21.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/19 19:09:21.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/19 19:09:21.0687 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/19 19:09:21.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/19 19:09:21.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/19 19:09:22.0062 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/19 19:09:22.0156 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/19 19:09:22.0218 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/19 19:09:22.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/19 19:09:22.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/19 19:09:22.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/19 19:09:22.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/19 19:09:22.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/19 19:09:22.0828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/19 19:09:22.0906 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/19 19:09:22.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/19 19:09:23.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/19 19:09:23.0343 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/19 19:09:23.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/19 19:09:23.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/19 19:09:23.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/19 19:09:23.0750 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/19 19:09:23.0828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/19 19:09:23.0921 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/19 19:09:24.0015 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/19 19:09:24.0140 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/19 19:09:24.0218 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys

2010/09/19 19:09:24.0312 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/19 19:09:24.0703 PMJ151NM (d7cd8506ae89cca8cc21fa5f139fb465) C:\WINDOWS\system32\DRIVERS\PMJ151NM.sys

2010/09/19 19:09:24.0796 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/09/19 19:09:24.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/19 19:09:24.0937 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/19 19:09:25.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/19 19:09:25.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/19 19:09:25.0375 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/19 19:09:25.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/19 19:09:25.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/19 19:09:25.0578 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/19 19:09:25.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/19 19:09:25.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/19 19:09:25.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/19 19:09:25.0953 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/19 19:09:26.0093 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/19 19:09:26.0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/19 19:09:26.0250 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/19 19:09:26.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/19 19:09:26.0468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/19 19:09:26.0593 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys

2010/09/19 19:09:26.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/19 19:09:26.0906 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/19 19:09:27.0031 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/19 19:09:27.0125 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/19 19:09:27.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/19 19:09:27.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/19 19:09:27.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/19 19:09:27.0656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/19 19:09:27.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/19 19:09:27.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/19 19:09:27.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/19 19:09:28.0000 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2010/09/19 19:09:28.0109 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys

2010/09/19 19:09:28.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/19 19:09:28.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/19 19:09:28.0546 Usb20Scan (1823b0ed702146e171a9033ed2c09d74) C:\WINDOWS\system32\Drivers\CresScan.sys

2010/09/19 19:09:28.0625 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/09/19 19:09:28.0687 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/19 19:09:28.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/19 19:09:28.0843 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/19 19:09:28.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/19 19:09:29.0015 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/19 19:09:29.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/19 19:09:29.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/19 19:09:29.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/19 19:09:29.0468 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/19 19:09:29.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/19 19:09:29.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/19 19:09:29.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/19 19:09:30.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/19 19:09:30.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/19 19:09:30.0203 yukonwxp (4fd408e42b3e516732e607bed06f39fb) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys

2010/09/19 19:09:30.0281 ================================================================================

2010/09/19 19:09:30.0281 Scan finished

2010/09/19 19:09:30.0281 ================================================================================

2010/09/19 19:09:51.0781 Deinitialize success

Link to comment
Share on other sites

Har kört Rootkit Unhooker

Skall jag trycka på UnHook All?

Har sparat rapporten men den går inte att öppna, jag testade en gång till ifall jag gjort fel men jag har inget program som kan öppna den

Vad göra?

 

Hans

Link to comment
Share on other sites

Hej,

du har inte programmet Anteckningar?

Titta under KOntrollpanelen\Program\Tillbehör...

Om det inte finns där så var det ju lite konstigt.

Men prova då att bifoga filen till ett inlägg, med hjälp av Använd Full Redigerare,

alternativt skicka den via http://www.sprend.se/

Hitta filen med hjälp av Bläddraknappen, trycka Sprenda Filen, när klart, ser du en liten rad,

nederst i den blå rutan, Download länken, kopiera den och klistra in i ett inlägg.

Så ska jag prova att öppna loggfilen.

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...