många IE i Task Managern trots nedstängning

[Cecilia]

c:\Users\administrator\application data\drivers

Finns det något mer i den mappen?

När skapades mappen?

 

Mappen är tom.Skapades

den 13 april 2009, 19:33:45

Okej, då kan det vara så att datorn har varit infekterad av Bagle sedan 13 april 2009.

[Kerstin HA]

Jag gjorde en helscanning och det hittades ett par till

som jag tog bort.

Jag har varit i registret men förljande fanns kvar

"ControlSet002

Enum

Root

LEGACY_SK9OUOs mapp under heter OOOO

där det finns 8 poster Capabitities, Class, Class GUID, ConfigFlags, deviceDesc,

Legacy, service . Under flera av dem står..valuedata .sK9Ou0s"

 

Jag gick in i de olika nycklarna och försökte raddera sK9Ou0s"

men det gick inte.

Problemet jag har nu är att Telias F-secure är blockerad.Det går inte att virusscanna.

Detta måste ha skett den 13.1 . De tre sista uppdateringarna från den 14 har ej installerats men de från den 13.1 har.

[Kerstin HA]

Här kommer loggen från mb

som jag körde nyss med det mesta avstängt.

 

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6B250R0 rev.BAH41BY0 -> Harddisk0\DR0 -> \Device\00000086

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B0CA1E8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8b0ca008; MOV EAX, 0xf746e690; CALL EAX; }

1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8B045AB8]

3 CLASSPNP[0xF7667FCF] -> nt!IofCallDriver[0x804E13A7] -> \Device\00000086[0x8B08D030]

\Driver\nvata[0x8B022778] -> IRP_MJ_CREATE -> 0x8B0CA1E8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user & kernel MBR OK

 

Filesystem trace:

called modules: ntoskrnl.exe hal.dll fltMgr.sys sr.sys >>UNKNOWN [0x8B0C91E8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8b0c9008; MOV EAX, 0xf746a67e; CALL EAX; }

1 nt!IofCallDriver[0x804E13A7] -> [0x8B02F520]

3 fltMgr[0xBA7F03B1] -> nt!IofCallDriver[0x804E13A7] -> [0x8B02F2D0]

5 sr[0xBA7D3870] -> nt!IofCallDriver[0x804E13A7] -> [0x8B03E020]

\FileSystem\Ntfs[0x8AFC3748] -> IRP_MJ_CREATE -> 0x8B0C91E8

 

Registry trace:

called modules: ntoskrnl.exe sptd.sys hal.dll >>UNKNOWN [0x8B0EC81C]<<

C:\WINDOWS\system32\drivers\sptd.sys

_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff547ed6a; }

[Cecilia]

ControlSet002 används inte nu så bekymra dig inte för mycket om det just nu.

 

Spara DeFogger by jpshortstuff http://www.jpshortstuff.247fixes.com/Defogger.exe på Skrivbordet.

 

Starta DeFogger.

När programmets fönster kommer upp trycker du på knappen Disable för att inaktivera drivrutinerna som hör ihop med ditt installerade CD-emuleringsprogram.

Tryck på Yes/Ja för att fortsätta.

När programmet är klart kommer det upp ett meddelande 'Finished!'.

Tryck på OK.

Programmet ber om omstart av datorn, tryck på OK.

 

VIKTIGT! Om du får ett felmeddelande medan DeFogger kör, så klistra in loggen defogger_disable som då skapas på Skrivbordet.

 

Aktivera inte dessa drivrutiner innan rensningen är helt klar.

 

Kör om mbr.exe på samma sätt, så får vi se om det fortfarande finns något okänt där. UNKNOW är ett varningstecken.

[Kerstin HA]

Skall jag stänga ner allt liksom förra gången ? CD-emuleringen hör till Diamod tool och den har jag haft sedan jag installerade XP.n 2003 eller när det var, det var i alla fall många år sedan.

[Cecilia]

Inget farligt med Daemon Tools, men dess drivrutin fungerar ungefär som ett rootkit så det stör programmen som letar efter skadliga program, inkl. rootkit.

 

Ja, stäng av så mycket som möjligt innan du kör mbr (och andra program) för att minimera risken för att de (eller jag) reagerar på något bra.

[Kerstin HA]

:)Vi är tydligen nattugglor bägge.

Defogger log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 00:24 on 15/01/2011 (Master Control)

 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

 

Checking for services/drivers...

Unable to read sptd.sys

SPTD -> Disabled (Service running -> reboot required)

 

 

-=E.O.F=-

 

 

MBR:LOG

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6B250R0 rev.BAH41BY0 -> Harddisk0\DR0 -> \Device\00000084

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

[Kerstin HA]

Hallojs igen.

Jag kollade nu i msconfig och en del servicar var stoppade.Jag startade upp alla och rebootade ,och se... nu fungerar F-secure igen ( för tillfälet--är lite luttrad f.n.)

[Cecilia]

Nu startade du nog inte mbr.exe på det sättet som jag skrev i inlägg 17 för det blev lite väl lite information.

 

Bra att du har fått igång F-secure

[Kerstin HA]

Du skrev... " på samma sätt" så jag tog samma sätt som defogger.

SUck.Får läsa på 17 igen.

[Kerstin HA]

:)Klart !

Börjar få träning på detta

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6B250R0 rev.BAH41BY0 -> Harddisk0\DR0 -> \Device\00000084

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys nvata.sys hal.dll

C:\WINDOWS\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce IDE Driver

1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8B0DEAB8]

3 CLASSPNP[0xF7657FCF] -> nt!IofCallDriver[0x804E13A7] -> \Device\00000084[0x8B089030]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user & kernel MBR OK

 

Filesystem trace:

called modules: ntoskrnl.exe hal.dll fltMgr.sys fsgk.sys sr.sys Ntfs.sys

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys

1 nt!IofCallDriver[0x804E13A7] -> [0x8B0A4260]

3 fltMgr[0xF7466E95] -> nt!IofCallDriver[0x804E13A7] -> [0x8B039020]

5 sr[0xF7456870] -> nt!IofCallDriver[0x804E13A7] -> [0x8B039770]

7 nt[0x8056F506] -> nt!IofCallDriver[0x804E13A7] -> [0x8B0A4260]

9 fltMgr[0xF7467098] -> nt!IofCallDriver[0x804E13A7] -> [0x8B039020]

11 sr[0xF7451453] -> nt!IofCallDriver[0x804E13A7] -> [0x8B039770]

 

Registry trace:

called modules: ntoskrnl.exe hal.dll fshs.sys

C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys F-Secure Corporation F-Secure DeepGuard™

[Kerstin HA]

Den verkar mest vara bekymrad över Telia som jag stängde av.

[Cecilia]

Ja, nu såg det ju bra ut utan några UNKNOWN eller andra okända program.

 

Då får du ta de andra programmen i inlägg 17, men jag tittar på dem först i morgon för nu börjar det allt bli sängdags.

[Kerstin HA]

ja, jag måste också knyta mig. Nattinatti

[Kerstin HA]

GMER

Loggen

 

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-01-15 16:37:42

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000084 Maxtor_6B250R0 rev.BAH41BY0

Running: jjv3hh05.exe; Driver: C:\Windows\Temp\pwdyapoc.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xB9781CD6]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xB9781CF0]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xB9780E8C]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xB97811BC]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xB9780BCC]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xB97815EE]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xB978288C]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xB978143E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xB9780A4C]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xB9780EC0]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xB9781042]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xB97809A6]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xB9780B06]

SSDT \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xB9780F86]

 

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [4C, 0A, 78, B9, C0, 0E, 78, ...] {DEC ESP; OR BH, [EAX-0x47]; ROR BYTE [ESI], 0x78; MOV ECX, 0xb9781042}

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xAB6C9000, 0x22F0B7, 0xE8000020]

? C:\WINDOWS\system32\Drivers\PROCEXP110.SYS The system cannot find the file specified. !

pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0x9A431F00, 0x24000, 0x48000000]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00ED000C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00ED100C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00ED200C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00ED300C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00ED700C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00ED500C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00ED600C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00ED800C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00ED400C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00EDA00C

.text C:\Program Files\PeerGuardian2\pg2.exe[336] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00ED900C

.text C:\Program Files\Personal\bin\Personal.exe[400] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00DF000C

.text C:\Program Files\Personal\bin\Personal.exe[400] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00DF100C

.text C:\Program Files\Personal\bin\Personal.exe[400] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DF200C

.text C:\Program Files\Personal\bin\Personal.exe[400] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00DF300C

.text C:\Program Files\Personal\bin\Personal.exe[400] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00DF400C

.text C:\Program Files\Personal\bin\Personal.exe[400] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00DFA00C

.text C:\Program Files\Personal\bin\Personal.exe[400] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00DF700C

.text C:\Program Files\Personal\bin\Personal.exe[400] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00DF500C

.text C:\Program Files\Personal\bin\Personal.exe[400] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00DF600C

.text C:\Program Files\Personal\bin\Personal.exe[400] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00DF800C

.text C:\Program Files\Personal\bin\Personal.exe[400] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00DF900C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 02F1000C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 02F1100C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02F1200C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 02F1300C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 02F1700C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 02F1500C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 02F1600C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 02F1800C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 02F1400C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 02F1A00C

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02F1900C

.text C:\WINDOWS\system32\PSIService.exe[432] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00AA000C

.text C:\WINDOWS\system32\PSIService.exe[432] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00AA100C

.text C:\WINDOWS\system32\PSIService.exe[432] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AA200C

.text C:\WINDOWS\system32\PSIService.exe[432] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00AA300C

.text C:\WINDOWS\system32\PSIService.exe[432] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00AA700C

.text C:\WINDOWS\system32\PSIService.exe[432] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00AA500C

.text C:\WINDOWS\system32\PSIService.exe[432] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00AA600C

.text C:\WINDOWS\system32\PSIService.exe[432] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00AA800C

.text C:\WINDOWS\system32\PSIService.exe[432] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00AA400C

.text C:\WINDOWS\system32\PSIService.exe[432] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00AAA00C

.text C:\WINDOWS\system32\PSIService.exe[432] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00AA900C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00F9000C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00F9100C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F9200C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00F9300C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] advapi32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00F9700C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] advapi32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00F9500C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] advapi32.dll!ControlService 77DEB635 5 Bytes JMP 00F9600C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] advapi32.dll!CreateServiceW 77E37209 5 Bytes JMP 00F9800C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00F9400C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00F9A00C

.text C:\Program Files\FastStone Capture\FSCapture.exe[440] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00F9900C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 006C000C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 006C100C

.text C:\WINDOWS\System32\SCardSvr.exe[552] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006C200C

.text C:\WINDOWS\System32\SCardSvr.exe[552] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 006C300C

.text C:\WINDOWS\System32\SCardSvr.exe[552] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 006C400C

.text C:\WINDOWS\System32\SCardSvr.exe[552] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 006CA00C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 006C700C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 006C500C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 006C600C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 006C800C

.text C:\WINDOWS\System32\SCardSvr.exe[552] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 006C900C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0118000C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0118100C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0118200C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0118300C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0118400C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0118A00C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0118900C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0118700C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0118500C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0118600C

.text C:\WINDOWS\system32\Ati2evxx.exe[652] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0118800C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 015F000C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 015F100C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015F200C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 015F300C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 015F400C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 015FA00C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 015F700C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 015F500C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 015F600C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 015F800C

.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[656] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 015F900C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0144000C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0144100C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0144200C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0144300C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ADVAPI32.DLL!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0144700C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ADVAPI32.DLL!OpenServiceW 77DE6165 5 Bytes JMP 0144500C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ADVAPI32.DLL!ControlService 77DEB635 5 Bytes JMP 0144600C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] ADVAPI32.DLL!CreateServiceW 77E37209 5 Bytes JMP 0144800C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] USER32.DLL!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0144400C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] USER32.DLL!DdeConnect 7E458113 5 Bytes JMP 0144A00C

.text C:\Program Files\Microsoft Office\Office10\msoffice.exe[844] OLE32.DLL!CoCreateInstanceEx 77500526 5 Bytes JMP 0144900C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00D0000C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00D0100C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D0200C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00D0300C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00D0400C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] USER32.dll!DdeConnect 7E458113 3 Bytes JMP 00D0A00C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] USER32.dll!DdeConnect + 4 7E458117 1 Byte [82]

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00D0700C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00D0500C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00D0600C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D0800C

.text F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe[872] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00D0900C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0478000C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0478100C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0478200C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0478300C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0478400C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0478A00C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0478700C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0478500C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0478600C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0478800C

.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[932] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0478900C

.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 02E9000C

.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 02E9100C

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02E9200C

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 02E9300C

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 02E9700C

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 02E9500C

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 02E9600C

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 02E9800C

.text C:\WINDOWS\Explorer.EXE[1004] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 02E9400C

.text C:\WINDOWS\Explorer.EXE[1004] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 02E9A00C

.text C:\WINDOWS\Explorer.EXE[1004] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02E9900C

.text C:\WINDOWS\CTHELPER.EXE[1316] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00F3000C

.text C:\WINDOWS\CTHELPER.EXE[1316] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00F3100C

.text C:\WINDOWS\CTHELPER.EXE[1316] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F3200C

.text C:\WINDOWS\CTHELPER.EXE[1316] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00F3300C

.text C:\WINDOWS\CTHELPER.EXE[1316] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00F3400C

.text C:\WINDOWS\CTHELPER.EXE[1316] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00F3A00C

.text C:\WINDOWS\CTHELPER.EXE[1316] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00F3700C

.text C:\WINDOWS\CTHELPER.EXE[1316] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00F3500C

.text C:\WINDOWS\CTHELPER.EXE[1316] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00F3600C

.text C:\WINDOWS\CTHELPER.EXE[1316] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00F3800C

.text C:\WINDOWS\CTHELPER.EXE[1316] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00F3900C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0264000C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0264100C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0264200C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0264300C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0264700C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0264500C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0264600C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0264800C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0264400C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0264A00C

.text C:\WINDOWS\VistaDrive\VistaDrive.exe[1348] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0264900C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 06A2000C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 06A2100C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 06A2200C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 06A2300C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 06A2400C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 06A2A00C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 06A2700C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 06A2500C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 06A2600C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 06A2800C

.text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[1356] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 06A2900C

.text C:\WINDOWS\system32\winlogon.exe[1428] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 010B000C

.text C:\WINDOWS\system32\winlogon.exe[1428] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 010B100C

.text C:\WINDOWS\system32\winlogon.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010B200C

.text C:\WINDOWS\system32\winlogon.exe[1428] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 010B300C

.text C:\WINDOWS\system32\winlogon.exe[1428] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 010B700C

.text C:\WINDOWS\system32\winlogon.exe[1428] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 010B500C

.text C:\WINDOWS\system32\winlogon.exe[1428] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 010B600C

.text C:\WINDOWS\system32\winlogon.exe[1428] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 010B800C

.text C:\WINDOWS\system32\winlogon.exe[1428] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 010B400C

.text C:\WINDOWS\system32\winlogon.exe[1428] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 010BA00C

.text C:\WINDOWS\system32\winlogon.exe[1428] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 010B900C

.text C:\WINDOWS\system32\lsass.exe[1484] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 02A5000C

.text C:\WINDOWS\system32\lsass.exe[1484] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 02A5100C

.text C:\WINDOWS\system32\lsass.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02A5200C

.text C:\WINDOWS\system32\lsass.exe[1484] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 02A5300C

.text C:\WINDOWS\system32\lsass.exe[1484] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 02A5700C

.text C:\WINDOWS\system32\lsass.exe[1484] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 02A5500C

.text C:\WINDOWS\system32\lsass.exe[1484] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 02A5600C

.text C:\WINDOWS\system32\lsass.exe[1484] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 02A5800C

.text C:\WINDOWS\system32\lsass.exe[1484] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 02A5400C

.text C:\WINDOWS\system32\lsass.exe[1484] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 02A5A00C

.text C:\WINDOWS\system32\lsass.exe[1484] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02A5900C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 010C000C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 010C100C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010C200C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 010C300C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 010C700C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 010C500C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 010C600C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 010C800C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 010C400C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 010CA00C

.text C:\Program Files\Aqua Dock\Aqua Dock.exe[1560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 010C900C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0267000C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0267100C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0267200C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0267300C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0267400C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0267A00C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0267900C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0267700C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0267500C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0267600C

.text C:\WINDOWS\system32\Ati2evxx.exe[1652] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0267800C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0294000C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0294100C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0294200C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0294300C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0294700C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0294500C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0294600C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0294800C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0294400C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0294A00C

.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[1764] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0294900C

.text C:\WINDOWS\system32\oodtray.exe[1772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0139000C

.text C:\WINDOWS\system32\oodtray.exe[1772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0139100C

.text C:\WINDOWS\system32\oodtray.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0139200C

.text C:\WINDOWS\system32\oodtray.exe[1772] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0139300C

.text C:\WINDOWS\system32\oodtray.exe[1772] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0139700C

.text C:\WINDOWS\system32\oodtray.exe[1772] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0139500C

.text C:\WINDOWS\system32\oodtray.exe[1772] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0139600C

.text C:\WINDOWS\system32\oodtray.exe[1772] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0139800C

.text C:\WINDOWS\system32\oodtray.exe[1772] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0139400C

.text C:\WINDOWS\system32\oodtray.exe[1772] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0139A00C

.text C:\WINDOWS\system32\oodtray.exe[1772] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0139900C

.text C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE[1832] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 01A5000C

.text C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE[1832] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 01A5100C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0230000C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0230100C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0230200C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0230300C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0230700C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0230500C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0230600C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0230800C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0230400C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0230A00C

.text C:\ppApps\VisualTaskTips\VisualTaskTips.exe[1876] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0230900C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003D000C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003D100C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 003D200C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 003D300C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 003D700C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 003D500C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 003D600C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003D800C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 003D400C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 003DA00C

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003D900C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0072000C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0072100C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0072200C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0072300C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0072700C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0072500C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0072600C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0072800C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0072400C

.text C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE[1900] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0072900C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 03E3000C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 03E3100C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03E3200C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 03E3300C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 03E3700C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 03E3500C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 03E3600C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes JMP 03E3800C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ADVAPI32.dll!CreateServiceW + 4 77E3720D 1 Byte [8C]

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 03E3400C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 03E3A00C

.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2152] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 03E3900C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0073000C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0073100C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0073200C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0073300C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0073700C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0073500C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0073600C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0073800C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0073400C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0073A00C

.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0073900C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 008A000C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 008A100C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A200C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 008A300C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 008A700C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 008A500C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 008A600C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 008A800C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 008A400C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 008AA00C

.text C:\Program Files\Bonjour\mDNSResponder.exe[2416] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 008A900C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 003F000C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 003F100C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 003F200C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 003F300C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 003F700C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 003F500C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 003F600C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003F800C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 003F400C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 003FA00C

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003F900C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0112000C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0112100C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0112200C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0112300C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0112700C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0112500C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0112600C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0112800C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0112900C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0112400C

.text C:\Program Files\Java\jre6\bin\jqs.exe[2784] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0112A00C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0076000C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0076100C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0076200C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0076300C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0076400C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0076900C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0076700C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0076500C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0076600C

.text C:\Program Files\Logitech\Easy Synchronization\servicestub.exe[2856] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0076800C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 027C000C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 027C100C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 027C200C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 027C300C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 027C900C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 027C700C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 027C500C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 027C600C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 027C800C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 027C400C

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2884] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 027CA00C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 025A000C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 025A100C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 025A200C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 025A300C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 025A400C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 025AA00C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 025A700C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 025A500C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 025A600C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 025A800C

.text C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe[2892] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 025A900C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0095000C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0095100C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0095200C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0095300C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0095900C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0095700C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0095500C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0095600C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0095800C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0095400C

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3220] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0095A00C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 01AC000C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 01AC100C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01AC200C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 01AC300C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 01AC700C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 01AC500C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 01AC600C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 01AC800C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 01AC400C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 01ACA00C

.text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[3276] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 01AC900C

.text C:\WINDOWS\system32\oodag.exe[3340] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0156000C

.text C:\WINDOWS\system32\oodag.exe[3340] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0156100C

.text C:\WINDOWS\system32\oodag.exe[3340] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0156200C

.text C:\WINDOWS\system32\oodag.exe[3340] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0156300C

.text C:\WINDOWS\system32\oodag.exe[3340] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0156700C

.text C:\WINDOWS\system32\oodag.exe[3340] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0156500C

.text C:\WINDOWS\system32\oodag.exe[3340] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0156600C

.text C:\WINDOWS\system32\oodag.exe[3340] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0156800C

.text C:\WINDOWS\system32\oodag.exe[3340] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0156400C

.text C:\WINDOWS\system32\oodag.exe[3340] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0156A00C

.text C:\WINDOWS\system32\oodag.exe[3340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0156900C

.text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 00A5000C

.text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 00A5100C

.text C:\WINDOWS\System32\alg.exe[3368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A5200C

.text C:\WINDOWS\System32\alg.exe[3368] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 00A5300C

.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 00A5400C

.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 00A5A00C

.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 00A5700C

.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 00A5500C

.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 00A5600C

.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00A5800C

.text C:\WINDOWS\System32\alg.exe[3368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00A5900C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0095000C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0095100C

.text C:\WINDOWS\system32\wscntfy.exe[3708] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0095200C

.text C:\WINDOWS\system32\wscntfy.exe[3708] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0095300C

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0095400C

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0095A00C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0095700C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0095500C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0095600C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0095800C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0095900C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0099000C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0099100C

.text C:\WINDOWS\system32\Notepad2.exe[4476] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0099200C

.text C:\WINDOWS\system32\Notepad2.exe[4476] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0099300C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0099700C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0099500C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0099600C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0099800C

.text C:\WINDOWS\system32\Notepad2.exe[4476] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0099400C

.text C:\WINDOWS\system32\Notepad2.exe[4476] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0099A00C

.text C:\WINDOWS\system32\Notepad2.exe[4476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 0099900C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 0068000C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 0068100C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0068200C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] kernel32.dll!TerminateThread 7C81CAAB 5 Bytes JMP 0068300C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] USER32.dll!SetWindowsHookExW 7E42E4BF 5 Bytes JMP 0068400C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] USER32.dll!DdeConnect 7E458113 5 Bytes JMP 0068900C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 5 Bytes JMP 0068700C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 0068500C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 0068600C

.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe[5540] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0068800C

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)

 

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

 

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)

 

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

 

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x76 0x47 0xA0 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x2D 0xC2 0xCC ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0xE1 0x20 0x3C ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x76 0x47 0xA0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x2D 0xC2 0xCC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0xE1 0x20 0x3C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x76 0x47 0xA0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x2D 0xC2 0xCC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xEB 0x96 0x4A ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFA 0x76 0x47 0xA0 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x2D 0xC2 0xCC ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xEB 0x96 0x4A ...

 

---- EOF - GMER 1.0.15 ----

 

Ser lite svårläst ur då radbrytningarna blir konstiga. Skickar detta som fil också. Glömde att stänga ner Aqua doc ser jag.

GMER.log.txt

[Cecilia]

Det blev en lång logg det. Med så mycket igång är det svårt att hitta någon enstaka rad som inte borde finnas där.

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

c:\windows\system32\Vqtfk.sys

 

Är det verkligen nytta med peerguardian när du har F-secures brandvägg?

Vad är det för version av Ad-Aware du har?

Hur länge har du haft akoTV2? Jag funderar på om det kan tänkas använda Internet Explorer för att hämta teve-informationen.

27 december tillkom dessa mappar:

2010-12-27 21:02:21 -------- d-----w- c:\users\admini~1\applic~1\LolClient

2010-12-27 19:36:57 -------- d-----w- c:\program files\Pando Networks

Vet du något LolClient?

[Kerstin HA]

Peerguardien går av gammal vana,går på autostart, kan stänga av den du jag inte har någon nytta av den längre.Överspelat.

 

akoTV2 har jag haft 4-5 år. Kalasprogram, kan rekomenderas.Man markerar favvoprogramen och så dyker det upp påminnelser 5 minuter iannan programmet startar så att jag inte missar det.Tiden går ju fort vid burken.Den hämtar för 5 dagar i stöten och det går fort och det är schemlagt av mig.

.

Googlade på Lolklient. Det är tydligen att program som barnbarnet tog ner när han var här i julas. Jag hjälpte honom att installera det.

LoLClient- League of Legends Community -

Pando network , enl, google, är tydligen ett nätverk för att dela bilder.Har inget minne av att jag besökt den siten men det måste jag ju ha gjort Kan ha tänkt att det var ett bra ställe attb utbyta bilder på.

Jag använder ju photobucket, men ser nu att den är installerad. Tar bort den strax.

 

ad awere har versionsnummer 8.0.0.0

 

svar på sys-filen:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

 

Vad jag kunde se så har alla kända antivirusprogram skickat en förfrågan om denna fil i august 2009.

 

 

MD5: 671f9c3a6da576db62d47937628ef79b

Date first seen: 2009-08-23 13:46:58 (UTC)

Date last seen: 2009-08-23 13:46:58 (UTC)

Detection ratio: 0/41

 

sen står det en massa

http://www.virustotal.com/file-scan/report.html?id=0af2c8d29dcc141824c0d337795f4d7ca3c3c654b5f85135227b2c849ab2db13-1251028018

 

högst upp

File name: 6F5BB9B6E06A2F574D8700EEC9617C00143EC394.sys

Submission date: 2009-08-23 13:46:58 (UTC)

Current status: finished

Result: 0 /41 (0.0%)

 

Förmodligen att bry sig om då den tydligen bara fanns en dag.

Kollade dess firmanamn :

Voquette Networks Ltd.

och den var skapad 16.2 2008

[Kerstin HA]

Nehej du, jag har missuppfattat det där med Pando. Ser nu att den var installerad samma datum som spelet 27.12 på kvällen. Jag är alltså oskyldig till det programmet.Får nog gräla lite på barnbarnet Han får inte installera program som jag inte godkänt.

[Cecilia]

Avinstallera Pando så får vi se om datorn funkar bättre sedan.

 

Kan du hitta någon fil/mapp i datorn som heter något med Voquette?

Ladda upp filen igen och så klickar du på knappen för att omanalysera filen så får se om alla programmen fortfarande är nöjda med den.

[Kerstin HA]

Nu har jag avinstallerat Pando och Voquette som tydligen var ett mediaprogram, :

"saves streamed audio content to your hard drive so you can listen to it offline, anytime you choose. The program captures Real Audio, Windows Media, and streaming MP3s ".

Låter ju inte så dumt, men nu är den borta i alla fall.

Klockan är nu 2 igen. Knytningsdax.

Nattinatti

[Cecilia]

Hur är det med datorn nu?

[Kerstin HA]

Jo tack. Idag har den uppfört sig som den skall ...än så länge. ... Gulligt av dig att fråga.

[Cecilia]

Dags för borttagning av de program du laddat ner i tråden?

Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home

[Kerstin HA]

Som säkerhet har jag

NetLimiter som är en extra brandvägg som är aktiverad där jag gensat kan se om något program försöker att gå ut och kan blokera det om jag vill.

Jag har Winpatrol plus som reagerar direkt om det händer något och vill att jag skall godkänna eller inte.

(Peerguaridan har jag stängt ner).

Trend Micro RUbotted är alltid på.

NetWorks listar hela tiden den ej lokala trafiken så jag ser om något händer.

Jag tyckte att jag hade både hänglen och livrem.lika förbaskat kunde det där sattyget komma in. Jag virusskannar allt jag tar ner innan jag öppnar det.

Jag prenumerarar på Giveawayaday och kan inte låta bli att testa olika program så synden straffar väl sig själv.

SUCK.

[Cecilia]

En liten summering av vad som gjorts.

 

Avinstallerat några toolbars, dessa har följt med program som du har installerat med vilje. Mitt råd är att du läser noga under installationer och avbockar toolbars.

 

Tagit bort ofarliga rester efter tidigare (skadliga?) program (tjänster). Något säkerhetsprogram har gjort nytta förut.

 

MBAM rensade bort några skadliga filer och registerposter.

 

Tagit bort en del som ett barnbarn installerat, inget som är känt för att vara skadligt men tydligen något som använde Internet Explorer. Avinstallerat Voquette.

 

Det är absolut nödvändigt att du installerar Service Pack 3 till XP. Din dator har nu ett antal kända säkerhetshål vilket gör den lätt att infektera av en skadlig/hackad webbsida.

 

F-secure borde ha kommit ut i en nyare version än 9.01 som funnit i mer än ett år. Kolla på Telias webbsidor (Mitt Telia eller vad det heter) om där inte finns en nyare version att ladda ner. En nyare version innebär att det har tillkommit funktioner som bättre klarar av att hantera nyare typer av skadliga program.

 

Ad-Aware finns också i nyare versioner, men version 8.3 och 9 innehåller ett antivirusprogram. Eftersom man bara ska ha ett antivirusprogram igång i datorn för att inte riskera att få problem pga konflikter behöver du inaktivera Ad-Watch om du väljer att uppgradera Ad-Aware.

 

Spybot S&D är en gammal version, liksom WinPatrol. Du måste hålla dina säkerhetsprogram uppdaterade så att de kan skydda dig även mot nyare typer av skadliga program.

 

Åtminstone tidigare fanns dessa tre gamla Java-versioner med kända säkerhetshål i datorn.

Java™ 6 Update 13

Java™ 6 Update 5

Java™ 6 Update 7

Installera den senaste och avinstallera dessa gamla versioner.

 

VLC är också en gammal version med säkerhetshål.

 

Ovanstående är vad jag kan se från din logg Attach.txt, men det är långt ifrån alla program som skriver ut versionsnummer i den.

 

Kör Secunias program PSI som jag länkar till på min webbsida för kontroll av om där finns ytterligare gamla osäkra versioner i datorn.