Just nu i M3-nätverket
Gå till innehåll
sidartha

Har virus men kan inte köra DDS

Rekommendera Poster

sidartha

Fick ett virus av en update fil till ett spel som gör att google chrome är obrukbar och kör jag DDS krachar datorn direkt.

Kör W7 64

 

Går heller inte att köra DDS i felsäkert läge.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Har du en länk till den skadliga filen du laddade ner? Då går det ju att undersöka den och ta reda på mer om vad den gör.

 

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en egen rad i rutan):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Den krashade igen efter att OTL scannat några sekunder.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

På vilket sätt kraschar datorn? Stänger den av sig, blir det blåskärm eller vad?

 

Har du en länk till den skadliga filen du laddade ner? Då går det ju att undersöka den och ta reda på mer om vad den gör, vilket gör det lättare att veta vad som behöver åtgärdas i din dator.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

På vilket sätt kraschar datorn? Stänger den av sig, blir det blåskärm eller vad?

 

Har du en länk till den skadliga filen du laddade ner? Då går det ju att undersöka den och ta reda på mer om vad den gör, vilket gör det lättare att veta vad som behöver åtgärdas i din dator.

 

 

Ja det blir blåskärm.

 

Filen är ligger inte uppe längre och är för stor för att laddas upp på virus total(233 mb).

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Ja det blir blåskärm.

 

Filen är ligger inte uppe längre och är för stor för att laddas upp på virus total(233 mb).

 

Så här sa eset när jag fick viruset men det verkar vara mer:

 

2010-12-16 20:38:22 Real-time file system protection file C:\Users\Danieli\AppData\Local\Temp\IXP001.TMP\300414~1.EXE a variant of Win32/Olmarik.AJN trojan cleaned by deleting Danieli-Dator\Danieli Event occurred on a new file created by the application: C:\Users\Danieli\Desktop\fallout new vegas\fnw4\Fallout.New.Vegas.Update.4.exe.

2010-12-16 20:38:21 Real-time file system protection file C:\Users\Danieli\AppData\Local\Temp\IXP002.TMP\300414~1.EXE a variant of Win32/Olmarik.AJN trojan cleaned by deleting - quarantined Danieli-Dator\Danieli Event occurred on a new file created by the application: C:\Users\Danieli\Desktop\fallout new vegas\fnw4\Fallout.New.Vegas.Update.4.exe.

2010-12-16 20:33:41 Real-time file system protection file C:\Users\Danieli\AppData\Local\Temp\IXP000.TMP\300414~1.EXE a variant of Win32/Olmarik.AJN trojan cleaned by deleting - quarantined Danieli-Dator\Danieli Event occurred on a new file created by the application: C:\Users\Danieli\Desktop\fallout new vegas\fnw4\Fallout.New.Vegas.Update.4.exe.

 

och

 

C:\Users\Danieli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-12303f6e » ZIP » vmain.class - probably a variant of Win32/Agent.FPEXZHL trojan

Redigerad av sidartha

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Det var bra information, Olmarik säger en del.

 

Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

 

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

 

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.

 

Spara RKill av Grinler på Skrivbordet. Ladda ner det från :

http://download.bleepingcomputer.com/grinler/rkill.com

 

Starta Rkill genom att dubbelklicka på den.

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Upprepa körningen av RKill några gånger.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Om det inte hjälper att köra ovanstående RKill några gånger för att få ett tillfälligt stopp på det skadliga programmet pröva med dessa varianter av RKill:

http://download.bleepingcomputer.com/grinler/eXplorer.exe

http://download.bleepingcomputer.com/grinler/iExplore.exe

 

Om du startar om datorn behöver du köra RKill på samma sätt igen.

 

Se om det går att köra DDS i normalt eller felsäkert läge nu.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Det var bra information, Olmarik säger en del.

 

Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

 

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

 

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv.

 

Spara RKill av Grinler på Skrivbordet. Ladda ner det från :

http://download.bleepingcomputer.com/grinler/rkill.com

 

Starta Rkill genom att dubbelklicka på den.

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Upprepa körningen av RKill några gånger.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Om det inte hjälper att köra ovanstående RKill några gånger för att få ett tillfälligt stopp på det skadliga programmet pröva med dessa varianter av RKill:

http://download.bleepingcomputer.com/grinler/eXplorer.exe

http://download.bleepingcomputer.com/grinler/iExplore.exe

 

Om du startar om datorn behöver du köra RKill på samma sätt igen.

 

Se om det går att köra DDS i normalt eller felsäkert läge nu.

 

Blir bluescreen när jag kör rkill även om jag lyckats köra tfc i felsäkert läge.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Då prövar vi med dessa i stället (om det går kör båda):

 

1.

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en egen rad i rutan):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

OTL logfile created on: 2010-12-18 18:25:24 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Danieli\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 258,73 Gb Total Space | 71,50 Gb Free Space | 27,64% Space Free | Partition Type: NTFS

Drive G: | 103,77 Gb Total Space | 35,61 Gb Free Space | 34,32% Space Free | Partition Type: NTFS

Drive K: | 232,88 Gb Total Space | 21,54 Gb Free Space | 9,25% Space Free | Partition Type: NTFS

 

Computer Name: DANIELI-DATOR | User Name: Danieli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010-12-18 05:15:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Danieli\Desktop\OTL.exe

PRC - [2010-11-29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010-08-23 17:58:06 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009-08-28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009-08-25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

PRC - [2009-07-14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

PRC - [2009-05-26 23:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program\ESET\ESET Smart Security\x86\ekrn.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-12-18 05:15:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Danieli\Desktop\OTL.exe

MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009-07-14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010-04-19 12:42:42 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009-05-14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV:64bit: - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV - [2010-11-29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010-08-01 12:50:54 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010-04-30 21:37:46 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2010-04-19 12:47:24 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010-04-19 12:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009-08-10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2009-08-10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2009-07-17 14:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV - [2009-07-14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)

SRV - [2009-07-14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-04-27 11:39:50 | 000,170,016 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2009-04-15 09:42:56 | 000,273,952 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2010-11-29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010-10-12 22:58:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010-07-30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2010-07-30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2010-07-30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2010-07-30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2010-02-24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2010-02-09 19:38:19 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009-11-11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009-11-05 18:12:33 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2009-11-05 18:00:23 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009-08-21 14:49:18 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2009-07-29 17:21:58 | 000,717,312 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-06-03 16:38:00 | 000,753,408 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw66x64.sys -- (hcw66xxx)

DRV:64bit: - [2009-05-23 00:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009-05-14 15:49:54 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2009-05-14 15:49:50 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)

DRV:64bit: - [2009-05-14 15:49:48 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2009-05-14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2009-05-14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)

DRV:64bit: - [2009-03-09 12:25:12 | 000,042,016 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)

DRV:64bit: - [2009-02-17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008-01-19 00:10:30 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2007-06-05 11:08:42 | 000,040,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2007-06-05 11:08:30 | 000,175,880 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHF51A.sys -- (SaiHF51A)

DRV:64bit: - [2007-06-05 11:08:30 | 000,034,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiUF51A.sys -- (SaiUF51A)

DRV - [2010-02-25 10:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009-08-19 21:12:24 | 000,222,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 D2 F4 A2 FC 54 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="'>http://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://google.se/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3331

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {216bcca3-b1c5-9ae7-cf4e-0dc3169b9775}:4.6.6.6

FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-04 18:49:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-05-21 23:44:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-09-12 00:19:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-12-15 20:09:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-15 20:09:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009-10-25 11:21:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-05-21 23:44:28 | 000,000,000 | ---D | M]

 

[2010-03-27 17:42:27 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\mozilla\Extensions

[2010-03-27 17:42:27 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2010-12-17 22:12:29 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\mozilla\Firefox\Profiles\dd73p9cj.default\extensions

[2010-01-26 02:23:44 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Danieli\AppData\Roaming\mozilla\Firefox\Profiles\dd73p9cj.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}

[2010-12-16 21:06:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Danieli\AppData\Roaming\mozilla\Firefox\Profiles\dd73p9cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-10-12 22:59:17 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\mozilla\Firefox\Profiles\dd73p9cj.default\extensions\DTToolbar@toolbarnet.com

[2010-01-26 02:24:06 | 000,004,557 | ---- | M] () -- C:\Users\Danieli\AppData\Roaming\Mozilla\FireFox\Profiles\dd73p9cj.default\searchplugins\aol-search.xml

[2010-10-12 22:59:05 | 000,002,059 | ---- | M] () -- C:\Users\Danieli\AppData\Roaming\Mozilla\FireFox\Profiles\dd73p9cj.default\searchplugins\daemon-search.xml

[2010-04-30 23:51:16 | 000,000,266 | ---- | M] () -- C:\Users\Danieli\AppData\Roaming\Mozilla\FireFox\Profiles\dd73p9cj.default\searchplugins\Search.xml

[2010-12-17 22:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010-04-30 23:51:28 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{216bcca3-b1c5-9ae7-cf4e-0dc3169b9775}

[2010-06-21 10:37:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-10-04 18:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010-11-30 23:10:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-11-30 23:09:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010-07-12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2010-10-27 06:41:17 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-10-27 06:41:17 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-10-27 06:41:17 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-10-27 06:41:17 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-10-27 06:41:17 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2010-11-27 15:49:17 | 000,426,015 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 14673 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program\Saitek\SD6\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [saiMfd] C:\Program\Saitek\SD6\Software\SaiMfd.exe (Saitek)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [mmcatmpack] C:\Users\Danieli\AppData\Local\mmcatmpack\mmcatmpack.DLL File not found

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)

O4 - Startup: C:\Users\Danieli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: server = C:\Windows\server.exe File not found

O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Visa eller dölj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5edcd903-df6b-11de-b6a2-001fe203af68}\Shell - "" = AutoRun

O33 - MountPoints2\{5edcd903-df6b-11de-b6a2-001fe203af68}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O33 - MountPoints2\{931246a4-c973-11de-9e8c-001fe203af68}\Shell - "" = AutoRun

O33 - MountPoints2\{931246a4-c973-11de-9e8c-001fe203af68}\Shell\AutoRun\command - "" = L:\start.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()

Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()

Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-12-18 15:54:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Danieli\Desktop\TFC.exe

[2010-12-18 15:45:41 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\Eset Smart security 4.2.40.10 [32+64bit] Incl. TNod

[2010-12-18 14:58:48 | 000,000,000 | ---D | C] -- C:\Program\Windows Imaging

[2010-12-18 14:57:27 | 000,000,000 | ---D | C] -- C:\Program\Windows AIK

[2010-12-18 05:15:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Danieli\Desktop\OTL.exe

[2010-12-17 21:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Personal

[2010-12-17 17:56:49 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\chrome

[2010-12-17 17:43:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010-12-16 21:34:52 | 000,733,184 | ---- | C] (lgpcbrrjhy Corporation) -- C:\Windows\SysWow64\alkBEEC.dll

[2010-12-16 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\fallout new vegas

[2010-12-16 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Danieli\AppData\Roaming\vlc

[2010-12-11 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\zsm-devil-ppvrip-xvid

[2010-12-05 10:41:22 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\Blu-ray to DVD II Pro v2.80-TE

[2010-11-30 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010-11-20 18:50:53 | 000,000,000 | ---D | C] -- C:\Users\Danieli\Desktop\bränn

 

========== Files - Modified Within 30 Days ==========

 

[2010-12-18 18:19:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001UA.job

[2010-12-18 18:09:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010-12-18 18:05:45 | 000,759,551 | ---- | M] () -- C:\Users\Danieli\Desktop\SysInspector-DANIELI-DATOR-101218-1723.zip

[2010-12-18 17:25:59 | 000,713,788 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2010-12-18 17:25:59 | 000,712,812 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2010-12-18 17:25:59 | 000,710,550 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat

[2010-12-18 17:25:59 | 000,708,466 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2010-12-18 17:25:59 | 000,695,316 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat

[2010-12-18 17:25:59 | 000,663,194 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010-12-18 17:25:59 | 000,635,366 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-12-18 17:25:59 | 000,481,530 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat

[2010-12-18 17:25:59 | 000,467,944 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat

[2010-12-18 17:25:59 | 000,452,746 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat

[2010-12-18 17:25:59 | 000,144,490 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2010-12-18 17:25:59 | 000,140,368 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat

[2010-12-18 17:25:59 | 000,139,944 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat

[2010-12-18 17:25:59 | 000,137,568 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2010-12-18 17:25:59 | 000,136,968 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010-12-18 17:25:59 | 000,134,572 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2010-12-18 17:25:59 | 000,113,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-12-18 17:25:59 | 000,089,576 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat

[2010-12-18 17:25:59 | 000,087,232 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat

[2010-12-18 17:25:59 | 000,084,524 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat

[2010-12-18 17:25:59 | 000,012,250 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2010-12-18 17:25:59 | 000,004,040 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2010-12-18 17:25:58 | 007,447,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-12-18 17:24:33 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-12-18 17:24:33 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-12-18 17:20:13 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010-12-18 17:19:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-12-18 17:19:11 | 386,990,562 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010-12-18 17:19:09 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys

[2010-12-18 17:17:57 | 000,001,077 | ---- | M] () -- C:\Users\Danieli\Desktop\iExplore.exe.lnk

[2010-12-18 16:54:43 | 000,660,787 | ---- | M] () -- C:\Users\Danieli\Desktop\eXplorer.exe

[2010-12-18 15:55:43 | 000,660,787 | ---- | M] () -- C:\Users\Danieli\Desktop\rkill.com

[2010-12-18 15:55:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Danieli\Desktop\TFC.exe

[2010-12-18 05:15:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Danieli\Desktop\OTL.exe

[2010-12-18 03:19:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001Core.job

[2010-12-17 21:19:56 | 000,001,513 | ---- | M] () -- C:\Users\Danieli\Desktop\iexplore.lnk

[2010-12-17 21:09:42 | 000,002,091 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk

[2010-12-17 18:33:48 | 000,000,686 | ---- | M] () -- C:\Users\Danieli\Danieli.lnk

[2010-12-16 22:56:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010-12-16 21:34:52 | 000,733,184 | ---- | M] (lgpcbrrjhy Corporation) -- C:\Windows\SysWow64\alkBEEC.dll

[2010-12-16 17:32:25 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010-12-16 17:32:24 | 000,000,031 | ---- | M] () -- C:\Program Files\plugins-04041e-3e8.dat

[2010-12-16 17:16:17 | 019,985,265 | ---- | M] () -- C:\Users\Danieli\Desktop\vlc-1.1.5-win32.exe

[2010-12-14 23:03:50 | 000,413,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-12-14 22:55:05 | 000,051,200 | ---- | M] () -- C:\Users\Danieli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-12-12 21:23:35 | 008,183,576 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010-12-12 21:23:13 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk

[2010-12-12 16:52:29 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss

[2010-12-12 16:52:29 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll

[2010-12-12 16:52:29 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat

[2010-12-11 21:34:29 | 000,000,066 | ---- | M] () -- C:\Windows\Power Video Converter.INI

[2010-11-30 19:12:51 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2010-11-29 22:34:30 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010-11-29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010-11-28 22:01:18 | 000,000,024 | ---- | M] () -- C:\Users\Danieli\AppData\Roaming\trafikcfg.ini

[2010-11-28 18:55:34 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010-11-27 15:49:17 | 000,426,015 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010-11-19 21:53:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

 

========== Files Created - No Company Name ==========

 

[2010-12-18 18:05:44 | 000,759,551 | ---- | C] () -- C:\Users\Danieli\Desktop\SysInspector-DANIELI-DATOR-101218-1723.zip

[2010-12-18 17:05:23 | 000,001,077 | ---- | C] () -- C:\Users\Danieli\Desktop\iExplore.exe.lnk

[2010-12-18 16:54:34 | 000,660,787 | ---- | C] () -- C:\Users\Danieli\Desktop\eXplorer.exe

[2010-12-18 15:55:39 | 000,660,787 | ---- | C] () -- C:\Users\Danieli\Desktop\rkill.com

[2010-12-17 21:19:56 | 000,001,513 | ---- | C] () -- C:\Users\Danieli\Desktop\iexplore.lnk

[2010-12-17 21:09:42 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk

[2010-12-17 18:33:48 | 000,000,686 | ---- | C] () -- C:\Users\Danieli\Danieli.lnk

[2010-12-17 17:43:22 | 386,990,562 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010-12-16 22:56:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010-12-16 17:32:25 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010-12-16 17:14:16 | 019,985,265 | ---- | C] () -- C:\Users\Danieli\Desktop\vlc-1.1.5-win32.exe

[2010-12-12 21:23:13 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk

[2010-11-19 21:53:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2010-10-23 21:58:10 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010-10-14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010-09-26 17:54:47 | 000,000,000 | ---- | C] () -- C:\Windows\DMM.INI

[2010-06-28 00:12:42 | 000,000,031 | ---- | C] () -- C:\Program\plugins-04041e-3e8.dat

[2010-05-23 16:36:01 | 000,000,024 | ---- | C] () -- C:\Users\Danieli\AppData\Roaming\trafikcfg.ini

[2010-04-25 14:55:17 | 000,004,404 | ---- | C] () -- C:\Users\Danieli\AppData\Local\privatvpn.log

[2010-04-24 20:53:52 | 000,000,365 | ---- | C] () -- C:\Users\Danieli\AppData\Local\proclist.xml

[2010-04-24 20:49:42 | 000,000,156 | ---- | C] () -- C:\Users\Danieli\AppData\Local\privatvpn.ini

[2010-04-24 20:49:27 | 000,000,024 | ---- | C] () -- C:\Users\Danieli\AppData\Local\privatvpn.crypt

[2010-04-24 14:54:07 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll

[2010-04-09 22:03:14 | 000,051,200 | ---- | C] () -- C:\Users\Danieli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-09 19:52:15 | 000,000,066 | ---- | C] () -- C:\Windows\Power Video Converter.INI

[2009-12-14 22:56:30 | 000,001,464 | ---- | C] () -- C:\Windows\tefview.ini

[2009-11-24 19:56:18 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009-11-24 19:56:18 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009-11-24 18:50:31 | 000,034,545 | ---- | C] () -- C:\Windows\Irremote.ini

[2009-11-24 18:40:58 | 000,004,802 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009-11-14 02:19:08 | 008,183,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009-11-08 18:03:22 | 000,021,577 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpSKEPPET2.3

[2009-11-08 18:03:22 | 000,021,140 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpSKEPPET2.2

[2009-11-08 18:03:21 | 000,020,984 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpSKEPPET2.1

[2009-11-08 18:03:20 | 000,030,885 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpSKEPPET2.JPG

[2009-11-08 18:03:20 | 000,030,885 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpSKEPPET2.0

[2009-10-31 21:00:57 | 000,446,035 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpHPQSCAN0003.0

[2009-10-31 21:00:57 | 000,117,511 | ---- | C] () -- C:\Users\Danieli\AppData\Local\tmpHPQSCAN0003.JPG

[2009-10-31 02:56:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009-10-27 23:38:22 | 000,001,191 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009-07-21 03:54:38 | 000,361,752 | ---- | C] () -- C:\Users\Danieli\AppData\Roaming\setup.exe

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009-05-29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009-05-29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009-03-13 12:13:12 | 150,953,986 | ---- | C] () -- C:\Users\Danieli\AppData\Roaming\Unseen World Magical Lense.exe

[2007-02-05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2002-10-15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

 

========== LOP Check ==========

 

[2010-12-17 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\.bitblinder

[2010-05-07 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\2XL

[2010-01-12 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Acoustica

[2010-10-24 11:40:02 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Antares

[2009-10-28 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Ashampoo

[2010-06-20 18:22:08 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Basilisk Games

[2010-07-18 21:40:30 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009-10-28 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Convivea

[2010-10-13 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\DAEMON Tools Lite

[2009-10-29 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\DAEMON Tools Pro

[2010-09-07 07:43:04 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\dBpoweramp

[2009-10-25 11:22:31 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\ESET

[2010-02-02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\FileZilla

[2010-04-25 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\gtk-2.0

[2010-05-01 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Guitar Pro 6

[2010-08-02 16:12:16 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\HU2011

[2010-12-18 17:20:08 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\LimeWire

[2010-10-02 06:54:53 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Lost in the City

[2010-10-23 22:00:29 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\MAGIX

[2009-10-29 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Mount&Blade

[2009-12-09 01:57:39 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Nokia

[2009-11-18 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Nokia Ovi Suite

[2010-12-16 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\OneSwarm

[2010-11-19 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\PC Suite

[2009-12-14 14:59:18 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Personal

[2010-06-06 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Private Moon Studios

[2010-12-15 17:22:27 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Spotify

[2010-01-07 17:56:36 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Steinberg

[2009-11-02 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\TuneUp Software

[2009-10-26 17:46:37 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Uniblue

[2010-12-18 15:49:34 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\uTorrent

[2010-02-19 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\VST3 Presets

[2009-11-06 23:42:51 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\Win7codecs

[2009-10-25 01:18:08 | 000,000,000 | ---D | M] -- C:\Users\Danieli\AppData\Roaming\WinBatch

[2010-11-30 19:12:51 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2010-07-06 10:18:40 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-11-04 19:37:18 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG

[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009-11-01 00:28:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2010-02-11 23:34:10 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat

[2009-11-04 19:37:14 | 000,171,136 | RHS- | M] () -- C:\grldr

[2008-04-14 16:51:46 | 000,171,136 | ---- | M] () -- C:\grldr.bak

[2010-12-18 17:19:09 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys

[2010-12-18 17:19:11 | 4293,058,560 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\*.wt >

 

< %systemroot%\system32\*.ruy >

 

< %systemroot%\Fonts\*.com >

[2009-07-14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009-07-14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009-07-14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009-07-14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009-06-10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.exe >

 

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

 

< %systemroot%\REPAIR\*.bak1 >

 

< %systemroot%\REPAIR\*.ini >

 

< %systemroot%\system32\*.jpg >

 

< %systemroot%\*.jpg >

 

< %systemroot%\*.png >

 

< %systemroot%\*.scr >

[2009-07-10 12:25:40 | 000,307,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

 

< %systemroot%\*._sy >%

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Ursäkta här blev det dubbla och så missade jag log funktionen.

Redigerad av sidartha

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

[log]2010/12/18 19:45:31.0857 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/18 19:45:31.0857 ================================================================================ 2010/12/18 19:45:31.0857 SystemInfo: 2010/12/18 19:45:31.0857 2010/12/18 19:45:31.0857 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/18 19:45:31.0857 Product type: Workstation 2010/12/18 19:45:31.0857 ComputerName: DANIELI-DATOR 2010/12/18 19:45:31.0857 UserName: Danieli 2010/12/18 19:45:31.0857 Windows directory: C:\Windows 2010/12/18 19:45:31.0857 System windows directory: C:\Windows 2010/12/18 19:45:31.0857 Running under WOW64 2010/12/18 19:45:31.0857 Processor architecture: Intel x64 2010/12/18 19:45:31.0857 Number of processors: 2 2010/12/18 19:45:31.0857 Page size: 0x1000 2010/12/18 19:45:31.0857 Boot type: Normal boot 2010/12/18 19:45:31.0857 ================================================================================ 2010/12/18 19:45:31.0857 Utility is running under WOW64 2010/12/18 19:45:32.0777 Initialize success 2010/12/18 19:45:41.0030 ================================================================================ 2010/12/18 19:45:41.0030 Scan started 2010/12/18 19:45:41.0030 Mode: Manual; 2010/12/18 19:45:41.0030 ================================================================================ 2010/12/18 19:45:42.0278 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/18 19:45:42.0340 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys 2010/12/18 19:45:42.0371 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/18 19:45:42.0403 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/18 19:45:42.0434 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/18 19:45:42.0481 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/18 19:45:42.0496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/18 19:45:42.0559 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2010/12/18 19:45:42.0590 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/18 19:45:42.0621 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/18 19:45:42.0637 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/18 19:45:42.0652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/18 19:45:42.0699 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/18 19:45:42.0715 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/18 19:45:42.0746 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/18 19:45:42.0777 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/18 19:45:42.0793 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2010/12/18 19:45:42.0839 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2010/12/18 19:45:42.0871 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/18 19:45:42.0902 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/18 19:45:42.0917 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/18 19:45:42.0964 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys 2010/12/18 19:45:43.0042 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2010/12/18 19:45:43.0089 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2010/12/18 19:45:43.0120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2010/12/18 19:45:43.0167 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/18 19:45:43.0183 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/18 19:45:43.0214 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/18 19:45:43.0245 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/18 19:45:43.0276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2010/12/18 19:45:43.0307 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/18 19:45:43.0323 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/18 19:45:43.0354 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/18 19:45:43.0370 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/18 19:45:43.0417 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/18 19:45:43.0448 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/18 19:45:43.0495 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/18 19:45:43.0526 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2010/12/18 19:45:43.0588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/18 19:45:43.0619 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/18 19:45:43.0635 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2010/12/18 19:45:43.0682 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/18 19:45:43.0697 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/18 19:45:43.0729 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/18 19:45:43.0791 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2010/12/18 19:45:43.0838 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2010/12/18 19:45:43.0869 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2010/12/18 19:45:43.0900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2010/12/18 19:45:43.0963 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 2010/12/18 19:45:43.0978 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/12/18 19:45:44.0009 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/12/18 19:45:44.0041 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2010/12/18 19:45:44.0087 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/18 19:45:44.0119 eamon (55851f4864f8ad6e98b02307eca29db4) C:\Windows\system32\DRIVERS\eamon.sys 2010/12/18 19:45:44.0212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2010/12/18 19:45:44.0306 ehdrv (62c96b617ac7c4c8a9c29d57a36aa874) C:\Windows\system32\DRIVERS\ehdrv.sys 2010/12/18 19:45:44.0384 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys 2010/12/18 19:45:44.0431 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/18 19:45:44.0446 epfw (9c4476159ccdef1a9b3f91dc580f1c46) C:\Windows\system32\DRIVERS\epfw.sys 2010/12/18 19:45:44.0493 Epfwndis (34f666bf6387210034e4bcc5be6a3e45) C:\Windows\system32\DRIVERS\Epfwndis.sys 2010/12/18 19:45:44.0509 epfwwfp (bf2cb1efb98a888d6f676683cd48936f) C:\Windows\system32\DRIVERS\epfwwfp.sys 2010/12/18 19:45:44.0540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/18 19:45:44.0587 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2010/12/18 19:45:44.0618 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2010/12/18 19:45:44.0649 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/18 19:45:44.0696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2010/12/18 19:45:44.0727 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2010/12/18 19:45:44.0758 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/18 19:45:44.0789 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2010/12/18 19:45:44.0852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2010/12/18 19:45:44.0883 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/18 19:45:44.0899 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/18 19:45:44.0930 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/18 19:45:45.0023 hcw66xxx (763fb4796c94de6b8bb0fbcb7caa1ee8) C:\Windows\system32\Drivers\hcw66x64.sys 2010/12/18 19:45:45.0055 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/18 19:45:45.0117 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2010/12/18 19:45:45.0148 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/18 19:45:45.0179 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/18 19:45:45.0211 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/18 19:45:45.0242 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/18 19:45:45.0289 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/18 19:45:45.0351 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/18 19:45:45.0382 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2010/12/18 19:45:45.0460 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/18 19:45:45.0601 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/18 19:45:45.0647 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/18 19:45:45.0679 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/18 19:45:45.0772 IntcAzAudAddService (f6b3b107ecc1a94e7a8245b008b9e613) C:\Windows\system32\drivers\RTKVHD64.sys 2010/12/18 19:45:45.0835 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/18 19:45:45.0850 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/18 19:45:45.0881 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/18 19:45:45.0913 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/18 19:45:45.0944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2010/12/18 19:45:45.0975 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2010/12/18 19:45:46.0006 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/18 19:45:46.0037 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/18 19:45:46.0053 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/18 19:45:46.0100 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/18 19:45:46.0131 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/18 19:45:46.0162 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/18 19:45:46.0178 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2010/12/18 19:45:46.0271 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys 2010/12/18 19:45:46.0318 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/18 19:45:46.0365 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/18 19:45:46.0396 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/18 19:45:46.0427 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/18 19:45:46.0443 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/18 19:45:46.0459 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2010/12/18 19:45:46.0505 MBAMProtector (de5d0dd632ee6977979799de64ce0951) C:\Windows\system32\drivers\mbam.sys 2010/12/18 19:45:46.0537 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/18 19:45:46.0568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/18 19:45:46.0599 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2010/12/18 19:45:46.0630 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/18 19:45:46.0661 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/18 19:45:46.0693 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/18 19:45:46.0724 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2010/12/18 19:45:46.0739 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/18 19:45:46.0771 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/18 19:45:46.0817 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2010/12/18 19:45:46.0849 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/18 19:45:46.0880 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/18 19:45:46.0911 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/18 19:45:46.0942 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/18 19:45:46.0958 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/18 19:45:47.0005 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2010/12/18 19:45:47.0036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/18 19:45:47.0051 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/18 19:45:47.0098 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/18 19:45:47.0129 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/18 19:45:47.0145 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2010/12/18 19:45:47.0176 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2010/12/18 19:45:47.0207 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/18 19:45:47.0239 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2010/12/18 19:45:47.0270 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/18 19:45:47.0301 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2010/12/18 19:45:47.0348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/18 19:45:47.0395 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2010/12/18 19:45:47.0426 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/18 19:45:47.0457 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/18 19:45:47.0488 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/18 19:45:47.0504 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/18 19:45:47.0535 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2010/12/18 19:45:47.0582 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/18 19:45:47.0613 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/18 19:45:47.0675 netr7364 (7b3a86cda73b3e89fd69666c4329c3b7) C:\Windows\system32\DRIVERS\netr7364.sys 2010/12/18 19:45:47.0722 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/18 19:45:47.0769 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys 2010/12/18 19:45:47.0816 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys 2010/12/18 19:45:47.0847 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2010/12/18 19:45:47.0863 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/18 19:45:47.0941 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2010/12/18 19:45:47.0987 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2010/12/18 19:45:48.0019 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 2010/12/18 19:45:48.0284 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/18 19:45:48.0533 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys 2010/12/18 19:45:48.0580 nvoclk64 (2eec12c17d6b8deeeac485f47131d150) C:\Windows\system32\DRIVERS\nvoclk64.sys 2010/12/18 19:45:48.0611 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/18 19:45:48.0643 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/18 19:45:48.0674 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/18 19:45:48.0721 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/18 19:45:48.0783 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2010/12/18 19:45:48.0799 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2010/12/18 19:45:48.0845 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 2010/12/18 19:45:48.0892 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2010/12/18 19:45:48.0908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/18 19:45:48.0955 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/18 19:45:48.0970 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2010/12/18 19:45:49.0017 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2010/12/18 19:45:49.0142 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/18 19:45:49.0157 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2010/12/18 19:45:49.0204 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/18 19:45:49.0267 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/18 19:45:49.0298 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/18 19:45:49.0329 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/18 19:45:49.0360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/18 19:45:49.0391 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/18 19:45:49.0423 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/18 19:45:49.0454 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/18 19:45:49.0469 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/18 19:45:49.0516 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/18 19:45:49.0547 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/18 19:45:49.0579 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/18 19:45:49.0610 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2010/12/18 19:45:49.0641 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/18 19:45:49.0672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/18 19:45:49.0703 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2010/12/18 19:45:49.0735 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2010/12/18 19:45:49.0797 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/18 19:45:49.0859 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys 2010/12/18 19:45:49.0875 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/18 19:45:49.0937 SaiHF51A (6571f3e998dbfed96b2e00902657b7dd) C:\Windows\system32\DRIVERS\SaiHF51A.sys 2010/12/18 19:45:49.0984 SaiNtBus (ff9db6fe97041a819d1863e67aedd9c3) C:\Windows\system32\drivers\SaiBus.sys 2010/12/18 19:45:50.0000 SaiUF51A (eabba7b9299a07bcc36c8f814c2a2bc5) C:\Windows\system32\DRIVERS\SaiUF51A.sys 2010/12/18 19:45:50.0047 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/18 19:45:50.0093 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/18 19:45:50.0156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2010/12/18 19:45:50.0187 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/18 19:45:50.0218 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2010/12/18 19:45:50.0249 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/18 19:45:50.0327 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/18 19:45:50.0359 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/18 19:45:50.0374 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/18 19:45:50.0405 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/18 19:45:50.0452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/18 19:45:50.0468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/18 19:45:50.0499 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2010/12/18 19:45:50.0546 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2010/12/18 19:45:50.0639 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2010/12/18 19:45:50.0639 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2010/12/18 19:45:50.0639 sptd - detected Locked file (1) 2010/12/18 19:45:50.0686 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2010/12/18 19:45:50.0717 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/18 19:45:50.0749 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/18 19:45:50.0795 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/18 19:45:50.0827 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/18 19:45:50.0858 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/18 19:45:50.0889 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/18 19:45:50.0936 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys 2010/12/18 19:45:51.0014 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2010/12/18 19:45:51.0076 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/18 19:45:51.0123 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/18 19:45:51.0154 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2010/12/18 19:45:51.0170 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2010/12/18 19:45:51.0201 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/18 19:45:51.0217 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/18 19:45:51.0295 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/18 19:45:51.0357 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys 2010/12/18 19:45:51.0404 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/18 19:45:51.0435 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/18 19:45:51.0466 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/18 19:45:51.0513 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/18 19:45:51.0544 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/18 19:45:51.0575 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/18 19:45:51.0622 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 2010/12/18 19:45:51.0669 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2010/12/18 19:45:51.0700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/18 19:45:51.0731 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/18 19:45:51.0763 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/18 19:45:51.0794 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/18 19:45:51.0809 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/18 19:45:51.0841 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/18 19:45:51.0872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2010/12/18 19:45:51.0934 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys 2010/12/18 19:45:51.0965 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 2010/12/18 19:45:51.0997 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/18 19:45:52.0012 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/18 19:45:52.0090 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys 2010/12/18 19:45:52.0121 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/18 19:45:52.0168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/18 19:45:52.0184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2010/12/18 19:45:52.0215 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/18 19:45:52.0246 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/18 19:45:52.0277 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/18 19:45:52.0309 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/18 19:45:52.0340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/18 19:45:52.0371 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2010/12/18 19:45:52.0387 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/18 19:45:52.0418 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/18 19:45:52.0449 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2010/12/18 19:45:52.0480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2010/12/18 19:45:52.0527 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/18 19:45:52.0558 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 19:45:52.0574 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 19:45:52.0652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2010/12/18 19:45:52.0683 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/18 19:45:52.0761 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/18 19:45:52.0792 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 2010/12/18 19:45:52.0823 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2010/12/18 19:45:52.0917 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/18 19:45:52.0948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/18 19:45:53.0026 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/18 19:45:53.0073 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2010/12/18 19:45:53.0120 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/18 19:45:53.0182 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/12/18 19:45:53.0213 ================================================================================ 2010/12/18 19:45:53.0213 Scan finished 2010/12/18 19:45:53.0213 ================================================================================ 2010/12/18 19:45:53.0229 Detected object count: 2 2010/12/18 19:49:40.0634 Locked file(sptd) - User select action: Skip 2010/12/18 19:49:40.0649 \HardDisk0 - will be cured after reboot 2010/12/18 19:49:40.0650 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure [/log]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Det är bara bra om du fortsätter att missa Log-funktionen för den har en ovana att ta bort radbrytningarna så att loggarna inte går att läsa.

 

Starta om datorn och kör TDSSKiller igen. Klistra in loggen, utan log-funktionen ;)

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

C:\Windows\SysWow64\alkBEEC.dll

 

Kan du starta Malwarebytes' Anti-Malware (MBAM), uppdatera det och göra en snabbskanning nu?

Klistra in loggen om något hittas.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

2010/12/18 20:35:45.0279 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/18 20:35:45.0279 ================================================================================

2010/12/18 20:35:45.0279 SystemInfo:

2010/12/18 20:35:45.0279

2010/12/18 20:35:45.0279 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/18 20:35:45.0280 Product type: Workstation

2010/12/18 20:35:45.0280 ComputerName: DANIELI-DATOR

2010/12/18 20:35:45.0282 UserName: Danieli

2010/12/18 20:35:45.0282 Windows directory: C:\Windows

2010/12/18 20:35:45.0282 System windows directory: C:\Windows

2010/12/18 20:35:45.0282 Running under WOW64

2010/12/18 20:35:45.0282 Processor architecture: Intel x64

2010/12/18 20:35:45.0282 Number of processors: 2

2010/12/18 20:35:45.0282 Page size: 0x1000

2010/12/18 20:35:45.0282 Boot type: Normal boot

2010/12/18 20:35:45.0282 ================================================================================

2010/12/18 20:35:45.0283 Utility is running under WOW64

2010/12/18 20:35:51.0616 Initialize success

2010/12/18 20:37:25.0660 ================================================================================

2010/12/18 20:37:25.0660 Scan started

2010/12/18 20:37:25.0660 Mode: Manual;

2010/12/18 20:37:25.0660 ================================================================================

2010/12/18 20:37:26.0823 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/18 20:37:26.0900 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys

2010/12/18 20:37:26.0932 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/18 20:37:26.0971 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/18 20:37:27.0019 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/18 20:37:27.0069 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/18 20:37:27.0100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/18 20:37:27.0177 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/12/18 20:37:27.0221 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/18 20:37:27.0260 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/18 20:37:27.0301 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/18 20:37:27.0330 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/18 20:37:27.0371 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/18 20:37:27.0434 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/18 20:37:27.0472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/18 20:37:27.0506 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/18 20:37:27.0547 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/12/18 20:37:27.0615 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/12/18 20:37:27.0651 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/18 20:37:27.0693 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/18 20:37:27.0714 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/18 20:37:27.0759 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys

2010/12/18 20:37:27.0834 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/12/18 20:37:27.0875 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/12/18 20:37:27.0934 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/12/18 20:37:27.0991 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/18 20:37:28.0027 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/18 20:37:28.0078 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/18 20:37:28.0119 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/18 20:37:28.0191 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/12/18 20:37:28.0226 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/18 20:37:28.0364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/18 20:37:28.0441 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/18 20:37:28.0489 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/18 20:37:28.0639 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/18 20:37:28.0737 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/18 20:37:28.0850 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/18 20:37:28.0938 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/12/18 20:37:29.0028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/18 20:37:29.0070 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/18 20:37:29.0106 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/12/18 20:37:29.0147 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/18 20:37:29.0198 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/18 20:37:29.0270 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/18 20:37:29.0486 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/12/18 20:37:29.0613 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/12/18 20:37:29.0806 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/12/18 20:37:29.0853 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/12/18 20:37:30.0038 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2010/12/18 20:37:30.0101 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/12/18 20:37:30.0160 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/12/18 20:37:30.0207 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/12/18 20:37:30.0261 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/18 20:37:30.0297 eamon (55851f4864f8ad6e98b02307eca29db4) C:\Windows\system32\DRIVERS\eamon.sys

2010/12/18 20:37:30.0405 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/12/18 20:37:30.0521 ehdrv (62c96b617ac7c4c8a9c29d57a36aa874) C:\Windows\system32\DRIVERS\ehdrv.sys

2010/12/18 20:37:30.0613 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys

2010/12/18 20:37:30.0653 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/18 20:37:30.0699 epfw (9c4476159ccdef1a9b3f91dc580f1c46) C:\Windows\system32\DRIVERS\epfw.sys

2010/12/18 20:37:30.0734 Epfwndis (34f666bf6387210034e4bcc5be6a3e45) C:\Windows\system32\DRIVERS\Epfwndis.sys

2010/12/18 20:37:30.0764 epfwwfp (bf2cb1efb98a888d6f676683cd48936f) C:\Windows\system32\DRIVERS\epfwwfp.sys

2010/12/18 20:37:30.0799 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/18 20:37:30.0903 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/12/18 20:37:30.0949 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/12/18 20:37:31.0003 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/18 20:37:31.0073 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/12/18 20:37:31.0132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/12/18 20:37:31.0174 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/18 20:37:31.0208 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/12/18 20:37:31.0264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/12/18 20:37:31.0298 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/18 20:37:31.0340 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/18 20:37:31.0365 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/18 20:37:31.0458 hcw66xxx (763fb4796c94de6b8bb0fbcb7caa1ee8) C:\Windows\system32\Drivers\hcw66x64.sys

2010/12/18 20:37:31.0503 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/18 20:37:31.0576 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/12/18 20:37:31.0623 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/18 20:37:31.0658 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/18 20:37:31.0690 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/18 20:37:31.0734 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/18 20:37:31.0768 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/18 20:37:31.0854 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/18 20:37:31.0900 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/12/18 20:37:31.0935 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/18 20:37:32.0002 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/18 20:37:32.0040 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/18 20:37:32.0083 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/18 20:37:32.0175 IntcAzAudAddService (f6b3b107ecc1a94e7a8245b008b9e613) C:\Windows\system32\drivers\RTKVHD64.sys

2010/12/18 20:37:32.0220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/18 20:37:32.0251 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/18 20:37:32.0308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/18 20:37:32.0346 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/18 20:37:32.0376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/12/18 20:37:32.0407 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/12/18 20:37:32.0433 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/18 20:37:32.0476 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/18 20:37:32.0513 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/18 20:37:32.0553 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/18 20:37:32.0590 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/18 20:37:32.0626 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/18 20:37:32.0669 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/12/18 20:37:32.0759 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys

2010/12/18 20:37:32.0799 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/18 20:37:32.0881 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/18 20:37:32.0907 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/18 20:37:32.0941 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/18 20:37:32.0978 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/18 20:37:33.0011 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/12/18 20:37:33.0051 MBAMProtector (de5d0dd632ee6977979799de64ce0951) C:\Windows\system32\drivers\mbam.sys

2010/12/18 20:37:33.0107 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/18 20:37:33.0144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/18 20:37:33.0190 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/12/18 20:37:33.0229 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/18 20:37:33.0264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/18 20:37:33.0294 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/18 20:37:33.0322 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/12/18 20:37:33.0360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/18 20:37:33.0394 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/18 20:37:33.0439 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/12/18 20:37:33.0474 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/18 20:37:33.0517 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/18 20:37:33.0547 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/18 20:37:33.0582 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/18 20:37:33.0612 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/18 20:37:33.0681 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/12/18 20:37:33.0741 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/18 20:37:33.0764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/18 20:37:33.0821 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/18 20:37:33.0855 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/18 20:37:33.0887 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/12/18 20:37:33.0913 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/12/18 20:37:33.0964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/18 20:37:34.0005 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/12/18 20:37:34.0033 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/18 20:37:34.0067 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/12/18 20:37:34.0120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/18 20:37:34.0169 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/12/18 20:37:34.0211 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/18 20:37:34.0242 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/18 20:37:34.0285 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/18 20:37:34.0311 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/18 20:37:34.0361 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/12/18 20:37:34.0410 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/18 20:37:34.0453 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/18 20:37:34.0547 netr7364 (7b3a86cda73b3e89fd69666c4329c3b7) C:\Windows\system32\DRIVERS\netr7364.sys

2010/12/18 20:37:34.0594 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/18 20:37:34.0655 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys

2010/12/18 20:37:34.0697 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys

2010/12/18 20:37:34.0743 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/12/18 20:37:34.0778 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/18 20:37:34.0878 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/12/18 20:37:34.0942 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/12/18 20:37:34.0993 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

2010/12/18 20:37:35.0278 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/12/18 20:37:35.0417 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

2010/12/18 20:37:35.0478 nvoclk64 (2eec12c17d6b8deeeac485f47131d150) C:\Windows\system32\DRIVERS\nvoclk64.sys

2010/12/18 20:37:35.0522 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/18 20:37:35.0556 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/18 20:37:35.0607 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/18 20:37:35.0644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/18 20:37:35.0729 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/12/18 20:37:35.0767 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/12/18 20:37:35.0821 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

2010/12/18 20:37:35.0893 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/12/18 20:37:35.0927 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/18 20:37:35.0976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/18 20:37:36.0008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/12/18 20:37:36.0065 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/12/18 20:37:36.0254 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/18 20:37:36.0284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/12/18 20:37:36.0346 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/18 20:37:36.0407 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/18 20:37:36.0483 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/18 20:37:36.0597 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/18 20:37:36.0711 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/18 20:37:36.0817 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/18 20:37:36.0892 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/18 20:37:36.0932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/18 20:37:36.0976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/18 20:37:37.0019 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/18 20:37:37.0051 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/18 20:37:37.0094 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/18 20:37:37.0141 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/12/18 20:37:37.0163 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/18 20:37:37.0214 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/18 20:37:37.0257 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/12/18 20:37:37.0297 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/12/18 20:37:37.0370 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/18 20:37:37.0429 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys

2010/12/18 20:37:37.0459 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/12/18 20:37:37.0511 SaiHF51A (6571f3e998dbfed96b2e00902657b7dd) C:\Windows\system32\DRIVERS\SaiHF51A.sys

2010/12/18 20:37:37.0555 SaiNtBus (ff9db6fe97041a819d1863e67aedd9c3) C:\Windows\system32\drivers\SaiBus.sys

2010/12/18 20:37:37.0594 SaiUF51A (eabba7b9299a07bcc36c8f814c2a2bc5) C:\Windows\system32\DRIVERS\SaiUF51A.sys

2010/12/18 20:37:37.0642 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/18 20:37:37.0693 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/18 20:37:37.0762 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/12/18 20:37:37.0829 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/18 20:37:37.0871 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/12/18 20:37:37.0904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/18 20:37:37.0992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/18 20:37:38.0022 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/18 20:37:38.0059 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/18 20:37:38.0092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/18 20:37:38.0151 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/18 20:37:38.0183 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/18 20:37:38.0220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/12/18 20:37:38.0288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/12/18 20:37:38.0386 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2010/12/18 20:37:38.0386 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2010/12/18 20:37:38.0403 sptd - detected Locked file (1)

2010/12/18 20:37:38.0437 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/18 20:37:38.0479 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/18 20:37:38.0507 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/18 20:37:38.0583 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/18 20:37:38.0627 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/12/18 20:37:38.0676 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/12/18 20:37:38.0722 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/18 20:37:38.0797 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys

2010/12/18 20:37:38.0899 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/12/18 20:37:38.0983 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/18 20:37:39.0037 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/18 20:37:39.0074 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/12/18 20:37:39.0103 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/12/18 20:37:39.0138 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/18 20:37:39.0168 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/18 20:37:39.0263 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/18 20:37:39.0342 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys

2010/12/18 20:37:39.0395 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/18 20:37:39.0432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/18 20:37:39.0472 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/18 20:37:39.0554 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/18 20:37:39.0592 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/18 20:37:39.0637 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/18 20:37:39.0712 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

2010/12/18 20:37:39.0759 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2010/12/18 20:37:39.0794 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/18 20:37:39.0836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/18 20:37:39.0872 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/18 20:37:39.0910 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/18 20:37:39.0947 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/18 20:37:39.0978 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/18 20:37:40.0024 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/18 20:37:40.0067 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys

2010/12/18 20:37:40.0117 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

2010/12/18 20:37:40.0151 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/18 20:37:40.0181 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/18 20:37:40.0253 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys

2010/12/18 20:37:40.0282 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/18 20:37:40.0334 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/18 20:37:40.0367 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/12/18 20:37:40.0408 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/18 20:37:40.0450 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/18 20:37:40.0492 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/12/18 20:37:40.0522 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/12/18 20:37:40.0562 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/18 20:37:40.0601 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/12/18 20:37:40.0638 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/18 20:37:40.0688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/18 20:37:40.0723 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/12/18 20:37:40.0763 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/12/18 20:37:40.0816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/18 20:37:40.0888 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/18 20:37:40.0915 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/18 20:37:41.0018 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/12/18 20:37:41.0056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/18 20:37:41.0140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/18 20:37:41.0183 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

2010/12/18 20:37:41.0223 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/12/18 20:37:41.0357 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/12/18 20:37:41.0400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/18 20:37:41.0465 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/18 20:37:41.0547 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/12/18 20:37:41.0586 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/18 20:37:41.0725 ================================================================================

2010/12/18 20:37:41.0725 Scan finished

2010/12/18 20:37:41.0725 ================================================================================

2010/12/18 20:37:41.0750 Detected object count: 1

2010/12/18 20:38:07.0011 Locked file(sptd) - User select action: Skip

2010/12/18 20:38:20.0830 Deinitialize success

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Antivirus Version Last Update Result AhnLab-V32010.12.18.002010.12.17-AntiVir7.11.0.832010.12.17TR/Spy.733184.3Antiy-AVL2.0.3.72010.12.18-Avast4.8.1351.02010.12.18Win32:Dropper-ENSAvast55.0.677.02010.12.18Win32:Dropper-ENSBitDefender7.22010.12.18Gen:Trojan.Heur.SC8ay4ZS93fcCAT-QuickHeal11.002010.12.18-ClamAV0.96.4.02010.12.17-Command5.2.11.52010.12.18-Comodo71092010.12.18-Emsisoft5.1.0.12010.12.18Trojan.Win32.Boaxxe!IKeSafe7.0.17.02010.12.16-eTrust-Vet36.1.80482010.12.17-F-Prot4.6.2.1172010.12.17-Fortinet4.2.254.02010.12.18-GData212010.12.18Gen:Trojan.Heur.SC8ay4ZS93fcIkarusT3.1.1.90.02010.12.18Trojan.Win32.BoaxxeJiangmin13.0.9002010.12.18-K7AntiVirus9.73.32862010.12.18-Kaspersky7.0.0.1252010.12.18-McAfee5.400.0.11582010.12.18Suspect-AB!6D2A0A33B108McAfee-GW-Edition2010.1C2010.12.18-Microsoft1.64022010.12.18-NOD3257142010.12.18-Norman6.06.122010.12.18-nProtect2010-12-18.012010.12.18-Panda10.0.2.72010.12.18Trj/Genetic.genPCTools7.0.3.52010.12.18-Prevx3.02010.12.18-Sophos4.60.02010.12.18-SUPERAntiSpyware4.40.0.10062010.12.18Trojan.Agent/Gen-Falcomp[Cont]TheHacker6.7.0.1.1012010.12.15-TrendMicro9.120.0.10042010.12.18-VBA323.12.14.22010.12.17-VIPRE77082010.12.18-ViRobot2010.12.18.42082010.12.18-VirusBuster13.6.101.22010.12.18- Additional information Show all MD5 : 6d2a0a33b108c99fe52b1aed0e04c597 SHA1 : ef590ae7ca667d986768b651c4c31a3d46f0cff2 SHA256: 5e95f0d1f5f7de36c7c88e947fee38a9c1cb469a76301e47fcd8f6e97c95df34 ssdeep: 12288:LGSJcxBgDr1Sh+tPkUcNNZl2DuZ/8jPqBzDDKZ5+g7mkTm:LGSJ1DpY+OUcNNHuuiiBjc

mkq File size : 733184 bytes First seen: 2010-12-18 19:40:54 Last seen : 2010-12-18 19:40:54 TrID:

Win16/32 Executable Delphi generic (34.0%)

Generic Win/DOS Executable (32.9%)

DOS Executable Generic (32.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:

publisher....: lgpcbrrjhy Corporation

copyright....: © lgpcbrrjhy Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: uxunfpwn DLL

original name: uxunfpwn.dll

internal name: uxunfpwn

file version.: 5.1.2600.5167

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x180000

timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)

machinetype......: 0x14c (I386)

 

[[ 7 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

, 0x1000, 0x1B000, 0x16A00, 7.94, 09898e894ebf87330d3e65a3ae2f5820

.edata, 0x1C000, 0x2000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b

.rsrc, 0x1E000, 0x3AC, 0x400, 3.73, de32c235c010376fbbda647a8c6c9835

.idata , 0x1F000, 0x1000, 0x200, 1.31, e1cbcc395e1702f66f3fd2780d7406b0

, 0x20000, 0xC5000, 0x200, 0.26, fa7dea1141fb200a5d0afe04b94996b6

lmnboukn, 0xE5000, 0x9B000, 0x9AA00, 7.91, 76708c9e14367ca8594e941f9c5a1bcc

gskayxvp, 0x180000, 0x1000, 0x200, 3.14, bcb2d76a53f7ba5efeb55fbd54506d7b

 

[[ 2 import(s) ]]

kernel32.dll: lstrcpy

comctl32.dll: InitCommonControls

 

[[ 7 export(s) ]]

DllCanUnloadNow, DllGetClassObject, Lobgkdg, DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain

ExifTool:

file metadata

CharacterSet: Windows, Latin1

CodeSize: 17920

CompanyName: lgpcbrrjhy Corporation

EntryPoint: 0x180000

FileDescription: uxunfpwn DLL

FileFlagsMask: 0x0000

FileOS: Win32

FileSize: 716 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 5.1.2600.5167

FileVersionNumber: 5.1.2600.5167

ImageVersion: 0.0

InitializedDataSize: 82944

InternalName: uxunfpwn

LanguageCode: English (U.S.)

LegalCopyright: lgpcbrrjhy Corporation. All rights reserved.

LinkerVersion: 2.25

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: uxunfpwn.dll

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 5.1.2600.5167

ProductVersionNumber: 5.1.2600.5167

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 1992:06:20 00:22:17+02:00

UninitializedDataSize: 0

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Databasversion: 5350

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-12-18 21:02:00

mbam-log-2010-12-18 (21-02-00).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 174160

Förfluten tid: 3 minut(er), 35 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\Users\Danieli\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Tack för alla poäng! :)

 

Loggarna ser ju bra ut, men det var en otrevlig fil du laddade upp till virustotal.

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

ComboFix 10-12-18.01 - Danieli 2010-12-19 0:37.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1053.18.4094.2686 [GMT 1:00]

Körs från: c:\users\Danieli\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\data

c:\programdata\page

c:\programdata\page\page.ico

c:\programdata\page\page.URL

c:\users\Danieli\AppData\Roaming\Unseen World Magical Lense.exe

c:\windows\7Loader.TAG

c:\windows\system32\Ijl11.dll

c:\windows\SysWow64\Ijl11.dll

c:\windows\SysWow64\msvcsv60.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-11-19 till 2010-12-19 ))))))))))))))))))))))))))))))

.

 

2010-12-19 00:09 . 2010-12-19 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-18 22:57 . 2010-12-18 22:57 709456 ----a-w- c:\windows\isRS-000.tmp

2010-12-18 13:58 . 2010-12-18 13:58 -------- d-----w- c:\program files\Windows Imaging

2010-12-18 13:57 . 2010-12-18 13:58 -------- d-----w- c:\program files\Windows AIK

2010-12-17 20:09 . 2010-12-17 20:09 -------- d-----w- c:\program files (x86)\Personal

2010-12-16 20:34 . 2010-12-16 20:34 733184 ----a-w- c:\windows\SysWow64\alkBEEC.dll

2010-12-16 16:32 . 2010-12-16 17:51 -------- d-----w- c:\users\Danieli\AppData\Roaming\vlc

2010-11-30 22:10 . 2010-11-30 22:10 -------- d-----w- c:\program files (x86)\Common Files\Java

2010-11-28 17:55 . 2010-12-15 19:09 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll

2010-11-28 17:55 . 2010-12-15 19:09 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2010-11-23 18:41 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-23 18:41 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-30 22:09 . 2010-05-10 16:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-11-29 16:42 . 2009-12-12 03:40 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-29 16:42 . 2009-12-12 03:40 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll

2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]

"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]

"H2O"="c:\program files (x86)\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]

 

c:\users\Danieli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-7-29 503808]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Personal.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2010-12-17 939536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 136176]

R3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-01 30192]

R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66x64.sys [2009-06-03 753408]

R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [2007-06-05 175880]

R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [2007-06-05 34432]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-12 834544]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 44944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-14 211232]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 24152]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-07-29 717312]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-03-09 42016]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]

 

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 03:04]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 03:04]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001Core.job

- c:\users\Danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 00:38]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001UA.job

- c:\users\Danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 00:38]

 

2010-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2692520]

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 347648]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 194560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.com

IE: E&xportera till Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Danieli\AppData\Roaming\Mozilla\Firefox\Profiles\dd73p9cj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://google.se/

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: LoudMo Contextual Ad Assistant: {216bcca3-b1c5-9ae7-cf4e-0dc3169b9775} - c:\program files (x86)\Mozilla Firefox\extensions\{216bcca3-b1c5-9ae7-cf4e-0dc3169b9775}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: D-Link Toolbar: {926a10d2-4ce7-4331-b96f-ca4e22590fac} - %profile%\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Wow6432Node-HKCU-Run-mmcatmpack - c:\users\Danieli\AppData\Local\mmcatmpack\mmcatmpack.dll

Wow6432Node-HKLM-Run-HP Remote Solution - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-Hauppauge Software MPEG-2 Decoder Installer - c:\windows\System32\HAUPPA~1\SMD06\UNWISE.EXE

 

 

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-3657233717-925106184-1016029213-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DCC4628-028A-BA26-DE14-72DBF74FEDB3}*]

"bbmmghphdehpjbmicfpnobdcjhajlpgbeceg"=hex:61,62,70,6a,6e,6a,67,62,6f,64,67,6e,

70,63,66,63,65,62,6e,70,6d,64,68,69,70,69,67,62,70,63,68,67,6f,64,00,6c

"abmmghphdehpjbmicfkohoodhjbgchhlcj"=hex:64,62,63,6b,64,6e,67,61,6e,6f,70,66,

6f,64,69,66,64,61,6a,6f,61,67,6c,6a,6b,64,64,62,61,65,70,67,6d,6b,64,6c,6d,\

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2010-12-19 01:13:46

ComboFix-quarantined-files.txt 2010-12-19 00:13

 

Före genomsökningen: 61 638 889 472 byte ledigt

Efter genomsökningen: 63 988 731 904 byte ledigt

 

- - End Of File - - 1A740EA9297ED159144509A55466FA8D

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Firefox - Verktyg - Tillägg

Avinstallera/Inaktivera följande:

LoudMo Contextual Ad Assistant

DAEMON Tools Toolbar

 

Kopiera alla rader i rutan:

Killall::
DDS::
FF - ProfilePath - c:\users\Danieli\AppData\Roaming\Mozilla\Firefox\Profiles\dd73p9cj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: LoudMo Contextual Ad Assistant: {216bcca3-b1c5-9ae7-cf4e-0dc3169b9775} - c:\program files (x86)\Mozilla Firefox\extensions\{216bcca3-b1c5-9ae7-cf4e-0dc3169b9775}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
File::
c:\windows\SysWow64\alkBEEC.dll
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

ComboFix 10-12-18.02 - Danieli 2010-12-19 11:44:41.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1053.18.4094.2722 [GMT 1:00]

Körs från: c:\users\Danieli\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\users\Danieli\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

FILE ::

"c:\windows\SysWow64\alkBEEC.dll"

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\SysWow64\alkBEEC.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-11-19 till 2010-12-19 ))))))))))))))))))))))))))))))

.

 

2010-12-19 11:03 . 2010-12-19 11:03 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2010-12-19 11:03 . 2010-12-19 11:03 -------- d-----w- c:\users\Gäst\AppData\Local\temp

2010-12-19 11:03 . 2010-12-19 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-19 11:03 . 2010-12-19 11:03 -------- d-----w- c:\users\Administratör\AppData\Local\temp

2010-12-18 13:58 . 2010-12-18 13:58 -------- d-----w- c:\program files\Windows Imaging

2010-12-18 13:57 . 2010-12-18 13:58 -------- d-----w- c:\program files\Windows AIK

2010-12-17 20:09 . 2010-12-17 20:09 -------- d-----w- c:\program files (x86)\Personal

2010-12-16 16:32 . 2010-12-16 17:51 -------- d-----w- c:\users\Danieli\AppData\Roaming\vlc

2010-11-30 22:10 . 2010-11-30 22:10 -------- d-----w- c:\program files (x86)\Common Files\Java

2010-11-28 17:55 . 2010-12-15 19:09 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll

2010-11-28 17:55 . 2010-12-15 19:09 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2010-11-23 18:41 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-23 18:41 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-19 08:01 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2010-12-19 08:01 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-11-30 22:09 . 2010-05-10 16:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-11-29 16:42 . 2009-12-12 03:40 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-29 16:42 . 2009-12-12 03:40 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll

2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-12-19_00.09.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-24 22:43 . 2010-12-19 11:08 58162 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2010-12-19 10:36 43544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2010-12-18 23:02 43544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-10-24 22:43 . 2010-12-19 10:36 16318 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3657233717-925106184-1016029213-1001_UserData.bin

- 2009-10-24 22:43 . 2010-12-18 23:02 16318 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3657233717-925106184-1016029213-1001_UserData.bin

+ 2009-08-25 18:32 . 2010-12-19 10:38 12250 c:\windows\system32\perfh01D.dat

- 2009-08-25 18:32 . 2010-12-18 23:05 12250 c:\windows\system32\perfh01D.dat

+ 2009-08-25 17:25 . 2010-12-19 10:38 84524 c:\windows\system32\perfc014.dat

- 2009-08-25 17:25 . 2010-12-18 23:05 84524 c:\windows\system32\perfc014.dat

- 2009-08-25 17:01 . 2010-12-18 23:05 89576 c:\windows\system32\perfc00B.dat

+ 2009-08-25 17:01 . 2010-12-19 10:38 89576 c:\windows\system32\perfc00B.dat

- 2009-08-25 16:38 . 2010-12-18 23:05 87232 c:\windows\system32\perfc006.dat

+ 2009-08-25 16:38 . 2010-12-19 10:38 87232 c:\windows\system32\perfc006.dat

- 2009-10-24 22:36 . 2010-12-18 22:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-24 22:36 . 2010-12-19 07:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-18 16:03 . 2010-12-18 22:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-12-18 16:03 . 2010-12-19 07:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2010-12-18 22:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2010-12-19 07:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-10-24 22:43 . 2010-12-18 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-24 22:43 . 2010-12-19 11:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-24 22:43 . 2010-12-18 23:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-10-24 22:43 . 2010-12-19 11:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-24 22:43 . 2010-12-18 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-24 22:43 . 2010-12-19 11:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-24 22:43 . 2010-12-19 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-24 22:43 . 2010-12-18 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-24 22:43 . 2010-12-19 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-10-24 22:43 . 2010-12-18 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-08-25 18:32 . 2010-12-18 23:05 4040 c:\windows\system32\perfc01D.dat

+ 2009-08-25 18:32 . 2010-12-19 10:38 4040 c:\windows\system32\perfc01D.dat

+ 2010-12-19 11:06 . 2010-12-19 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-12-18 23:00 . 2010-12-18 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-12-18 23:00 . 2010-12-18 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-19 11:06 . 2010-12-19 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-25 17:41 . 2010-12-19 10:38 695316 c:\windows\system32\perfh019.dat

- 2009-08-25 17:41 . 2010-12-18 23:05 695316 c:\windows\system32\perfh019.dat

+ 2009-08-25 17:25 . 2010-12-19 10:38 467944 c:\windows\system32\perfh014.dat

- 2009-08-25 17:25 . 2010-12-18 23:05 467944 c:\windows\system32\perfh014.dat

+ 2009-08-25 17:33 . 2010-12-19 10:38 710550 c:\windows\system32\perfh013.dat

- 2009-08-25 17:33 . 2010-12-18 23:05 710550 c:\windows\system32\perfh013.dat

+ 2009-08-25 17:18 . 2010-12-19 10:38 708466 c:\windows\system32\perfh010.dat

- 2009-08-25 17:18 . 2010-12-18 23:05 708466 c:\windows\system32\perfh010.dat

+ 2009-08-25 17:09 . 2010-12-19 10:38 713788 c:\windows\system32\perfh00C.dat

- 2009-08-25 17:09 . 2010-12-18 23:05 713788 c:\windows\system32\perfh00C.dat

+ 2009-08-25 17:01 . 2010-12-19 10:38 452746 c:\windows\system32\perfh00B.dat

- 2009-08-25 17:01 . 2010-12-18 23:05 452746 c:\windows\system32\perfh00B.dat

- 2009-08-25 16:54 . 2010-12-18 23:05 712812 c:\windows\system32\perfh00A.dat

+ 2009-08-25 16:54 . 2010-12-19 10:38 712812 c:\windows\system32\perfh00A.dat

- 2009-07-14 02:36 . 2010-12-18 23:05 635366 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2010-12-19 10:38 635366 c:\windows\system32\perfh009.dat

- 2009-08-25 16:46 . 2010-12-18 23:05 663194 c:\windows\system32\perfh007.dat

+ 2009-08-25 16:46 . 2010-12-19 10:38 663194 c:\windows\system32\perfh007.dat

+ 2009-08-25 16:38 . 2010-12-19 10:38 481530 c:\windows\system32\perfh006.dat

- 2009-08-25 16:38 . 2010-12-18 23:05 481530 c:\windows\system32\perfh006.dat

+ 2009-08-25 17:41 . 2010-12-19 10:38 139944 c:\windows\system32\perfc019.dat

- 2009-08-25 17:41 . 2010-12-18 23:05 139944 c:\windows\system32\perfc019.dat

+ 2009-08-25 17:33 . 2010-12-19 10:38 140368 c:\windows\system32\perfc013.dat

- 2009-08-25 17:33 . 2010-12-18 23:05 140368 c:\windows\system32\perfc013.dat

+ 2009-08-25 17:18 . 2010-12-19 10:38 134572 c:\windows\system32\perfc010.dat

- 2009-08-25 17:18 . 2010-12-18 23:05 134572 c:\windows\system32\perfc010.dat

+ 2009-08-25 17:09 . 2010-12-19 10:38 137568 c:\windows\system32\perfc00C.dat

- 2009-08-25 17:09 . 2010-12-18 23:05 137568 c:\windows\system32\perfc00C.dat

+ 2009-08-25 16:54 . 2010-12-19 10:38 144490 c:\windows\system32\perfc00A.dat

- 2009-08-25 16:54 . 2010-12-18 23:05 144490 c:\windows\system32\perfc00A.dat

- 2009-07-14 02:36 . 2010-12-18 23:05 113816 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2010-12-19 10:38 113816 c:\windows\system32\perfc009.dat

+ 2009-08-25 16:46 . 2010-12-19 10:38 136968 c:\windows\system32\perfc007.dat

- 2009-08-25 16:46 . 2010-12-18 23:05 136968 c:\windows\system32\perfc007.dat

+ 2009-07-14 02:34 . 2010-12-19 10:47 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2010-12-18 23:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

-- Snapshot återställt till dagens datum --

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]

"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]

"H2O"="c:\program files (x86)\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]

 

c:\users\Danieli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-7-29 503808]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Personal.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2010-12-17 939536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 136176]

R3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-01 30192]

R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66x64.sys [2009-06-03 753408]

R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [2007-06-05 175880]

R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [2007-06-05 34432]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-12 834544]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 44944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-14 211232]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 24152]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-07-29 717312]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-03-09 42016]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]

 

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 03:04]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 03:04]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001Core.job

- c:\users\Danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 00:38]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657233717-925106184-1016029213-1001UA.job

- c:\users\Danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 00:38]

 

2010-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2692520]

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 347648]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 194560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.com

IE: E&xportera till Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Danieli\AppData\Roaming\Mozilla\Firefox\Profiles\dd73p9cj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://google.se/

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: D-Link Toolbar: {926a10d2-4ce7-4331-b96f-ca4e22590fac} - %profile%\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-3657233717-925106184-1016029213-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DCC4628-028A-BA26-DE14-72DBF74FEDB3}*]

"bbmmghphdehpjbmicfpnobdcjhajlpgbeceg"=hex:61,62,70,6a,6e,6a,67,62,6f,64,67,6e,

70,63,66,63,65,62,6e,70,6d,64,68,69,70,69,67,62,70,63,68,67,6f,64,00,6c

"abmmghphdehpjbmicfkohoodhjbgchhlcj"=hex:64,62,63,6b,64,6e,67,61,6e,6f,70,66,

6f,64,69,66,64,61,6a,6f,61,67,6c,6a,6b,64,64,62,61,65,70,67,6d,6b,64,6c,6d,\

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Ralink\Common\RaRegistry.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Sluttid: 2010-12-19 12:14:36 - datorn startades om.

ComboFix-quarantined-files.txt 2010-12-19 11:14

ComboFix2.txt 2010-12-19 00:13

 

Före genomsökningen: 65 110 499 328 byte ledigt

Efter genomsökningen: 64 606 740 480 byte ledigt

 

- - End Of File - - 8D76487B4E9D275C053FBFBF7C722D76

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen och på en hög nivå:

Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen

 

I sökfältet i Firefox klickar du på den lilla nedåtpilen och väljer Hantera sökmotorer.

Välj en annan sökmotor än Daemon Search och ta bort Daemon Search.

 

I Firefox adressfält skriver du:

about:config

 

Leta sedan reda på raden keyword.URL. Högerklicka på den och välj Återställ.

 

Välj Verktyg - Tillägg - Insticksmoduler i Firefox.

Inaktivera alla Java som inte har versionnummer 6.0.220.4.

 

Starta om datorn.

Ta bort den DDS du har och ladda ner en nu. Försök köra den. Om det går bra klistra in dess loggar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Jag har bara tid för en snabbtitt nu och ser att det återstår en inställning att fixa i Firefox. Det gäller:

about:config

 

Raden: browser.search.defaulturl

 

Välj att återställa den raden.

 

Återkommer sent i kväll.

 

Vilket läge står UAC på?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
sidartha

Jag har bara tid för en snabbtitt nu och ser att det återstår en inställning att fixa i Firefox. Det gäller:

about:config

 

Raden: browser.search.defaulturl

 

Välj att återställa den raden.

 

Återkommer sent i kväll.

 

Vilket läge står UAC på?

 

 

 

Den stod på lägsta eftersom jag använder cubase vst som alla rekomenderar att köra med xp men det har fungrat bra så här tills jag börja klabba med annat när jag haft tråkigt. .

 

Jag ändrade till högst nu men måste kanske ibland ändra tillbaks.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Nu känner jag inte till Cubase vst, men om det har problem med att fungera ihop med UAC på hög nivå kan du pröva med att högerklicka på genvägen till programmet (den du startar programmet med) och välja Egenskaper - Kompatibilitet. Där kan du välja XP SP3 som kompatibilitetsläge och dessutom bocka för att programmet ska köra som administratör.

 

I Kontrollpanelen avinstallerar du DAEMON Tools Toolbar med Internet Explorer avstängd.

 

Kopiera alla rader i rutan:

Killall::
RegLock::
[HKEY_USERS\S-1-5-21-3657233717-925106184-1016029213-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DCC4628-028A-BA26-DE14-72DBF74FEDB3}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
Regnull::
[HKEY_USERS\S-1-5-21-3657233717-925106184-1016029213-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DCC4628-028A-BA26-DE14-72DBF74FEDB3}*]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Har du några kvarvarande problem?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...