Just nu i M3-nätverket
Jump to content

Explorer.exe har stött på ett problem och måste avslutas


Hämtaren

Recommended Posts

DET BLIR bara värre framåt natten. Efter andra körningen så tog den många timmar och dessutom så kan jag inte komma åt nätverksanslutningen så jag kommer ut på nätet. Jag har fått gå runt det problemet genom att koppla upp mig på en vanlig telelina med åtföljande låg fart men jag tog mig in ivf och här kommer resultatet av GMER. Får se om jag kan ladda ner nästa körning eller om den tar för lång tid. Men jag testar.

 

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-01-26 14:58:38

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AH rev.006C

Running: qzexs4xh.exe; Driver: C:\DOCUME~1\somo.000\LOKALA~1\Temp\uxrorpog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB9BD76D0]

 

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

 

---- Kernel code sections - GMER 1.0.15 ----

 

init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF7AB5D00]

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF5EEA360, 0x1DF4AD, 0xE8000020]

init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF79134C0]

init C:\WINDOWS\System32\DRIVERS\gticard.sys entry point in "init" section [0xF3F27B20]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] WS2_32.dll!WSALookupServiceNextW 01C33181 6 Bytes JMP 717C0F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] WS2_32.dll!WSALookupServiceEnd 01C3350E 6 Bytes JMP 71790F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] WS2_32.dll!WSALookupServiceBeginW 01C335EF 6 Bytes JMP 71700F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] WS2_32.dll!connect 01C34A07 6 Bytes JMP 71760F5A

.text C:\Program\F-Secure\Common\FSM32.EXE[172] WS2_32.dll!listen 01C38CD3 6 Bytes JMP 71730F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\Logitech\SetPoint\LBTWiz.exe[328] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] WS2_32.dll!WSALookupServiceNextW 00B63181 6 Bytes JMP 71790F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] WS2_32.dll!WSALookupServiceEnd 00B6350E 6 Bytes JMP 71760F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] WS2_32.dll!WSALookupServiceBeginW 00B635EF 6 Bytes JMP 717C0F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] WS2_32.dll!connect 00B64A07 6 Bytes JMP 71820F5A

.text C:\WINDOWS\system32\NWTRAY.EXE[368] WS2_32.dll!listen 00B68CD3 6 Bytes JMP 717F0F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[408] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\HP\HP Software Update\HPWuSchd2.exe[500] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[532] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\Delade filer\Java\Java Update\jusched.exe[704] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00950001

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe[960] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001

.text C:\WINDOWS\system32\ctfmon.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\system32\ctfmon.exe[972] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [72, 71] {JB 0x73}

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [78, 71] {JS 0x73}

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6F, 71]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [75, 71] {JNZ 0x73}

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7B, 71] {JNP 0x73}

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71820F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 717F0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 71880F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 718E0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 718B0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!SendInput + 4 7E37F144 2 Bytes [93, 71]

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71910F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 719A0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71970F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] WS2_32.dll!WSALookupServiceNextW 71AA3181 6 Bytes JMP 71A00F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] WS2_32.dll!WSALookupServiceEnd 71AA350E 6 Bytes JMP 719D0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] WS2_32.dll!WSALookupServiceBeginW 71AA35EF 6 Bytes JMP 71A30F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 71AC0F5A

.text C:\Program\Dell\Bluetooth-programvara\BTTray.exe[1112] WS2_32.dll!listen 71AA8CD3 6 Bytes JMP 71A60F5A

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001

.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\Explorer.EXE[1924] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\Explorer.EXE[1924] WS2_32.dll!WSALookupServiceNextW 00ED3181 6 Bytes JMP 71820F5A

.text C:\WINDOWS\Explorer.EXE[1924] WS2_32.dll!WSALookupServiceEnd 00ED350E 6 Bytes JMP 717F0F5A

.text C:\WINDOWS\Explorer.EXE[1924] WS2_32.dll!WSALookupServiceBeginW 00ED35EF 6 Bytes JMP 71760F5A

.text C:\WINDOWS\Explorer.EXE[1924] WS2_32.dll!connect 00ED4A07 6 Bytes JMP 717C0F5A

.text C:\WINDOWS\Explorer.EXE[1924] WS2_32.dll!listen 00ED8CD3 6 Bytes JMP 71790F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AC0001

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe[2044] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\system32\wscntfy.exe[2744] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

 

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Kblock.SYS (Keyboard Locking driver/Novell, Inc.)

 

Device \Driver\BTWUSB \Device\BTWUSB-0 B9754F80

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \FileSystem\Fastfat \Fat B914CD20

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

 

---- EOF - GMER 1.0.15 ----

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Denna gick ju snabbt Men vet du om jag kan hitta själva programmet som startar de olika nätverksanslutningarna så jag kan komma in på nätet på vanligt sätt och slippa sitta på en vanlig lina men nästan noll fart?

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

 

Kernel Drivers (total 167):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EE000 \WINDOWS\system32\hal.dll

0xF7AAF000 \WINDOWS\system32\KDCOM.DLL

0xF79BF000 \WINDOWS\system32\BOOTVID.dll

0xF7560000 ACPI.sys

0xF7AB1000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF754F000 pci.sys

0xF75AF000 isapnp.sys

0xF79C3000 compbatt.sys

0xF79C7000 \WINDOWS\System32\DRIVERS\BATTC.SYS

0xF7B77000 pciide.sys

0xF782F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF7AB3000 intelide.sys

0xF7531000 pcmcia.sys

0xF75BF000 MountMgr.sys

0xF7512000 ftdisk.sys

0xF74EC000 dmio.sys

0xF7837000 PartMgr.sys

0xF75CF000 VolSnap.sys

0xF74D4000 atapi.sys

0xF75DF000 disk.sys

0xF75EF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF74B4000 fltmgr.sys

0xF74A2000 sr.sys

0xF75FF000 PxHelp20.sys

0xF748B000 KSecDD.sys

0xF73FE000 Ntfs.sys

0xF73EB000 fsdfw.sys

0xF73BE000 \WINDOWS\System32\drivers\NDIS.SYS

0xF760F000 ohci1394.sys

0xF761F000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF79CB000 nicm.sys

0xF73A4000 Mup.sys

0xF762F000 fsbts.sys

0xF7AB5000 tiumflt.sys

0xF7278000 btkrnl.sys

0xF763F000 agp440.sys

0xF765F000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xF6903000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF7A77000 \SystemRoot\System32\DRIVERS\CmBatt.sys

0xF613C000 \SystemRoot\System32\DRIVERS\nv4_mini.sys

0xF6128000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF7977000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF6104000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF68C3000 \SystemRoot\System32\Drivers\ousbehci.sys

0xF60E0000 \SystemRoot\System32\DRIVERS\gticard.sys

0xF7A8B000 \SystemRoot\System32\DRIVERS\SMCLIB.SYS

0xF798F000 \SystemRoot\system32\drivers\tiumfwl.sys

0xF6053000 \SystemRoot\System32\DRIVERS\bcmwl5.sys

0xF76CF000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF5FA9000 \SystemRoot\System32\DRIVERS\Apfiltr.sys

0xF799F000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF7C9E000 \SystemRoot\System32\Drivers\Mouslock.SYS

0xF79AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF7CA6000 \SystemRoot\System32\Drivers\Kblock.SYS

0xF770F000 \SystemRoot\System32\DRIVERS\serial.sys

0xF7A9B000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF5F95000 \SystemRoot\System32\DRIVERS\parport.sys

0xF64CC000 \SystemRoot\system32\drivers\Imapi.sys

0xF64AC000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF648C000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF5F72000 \SystemRoot\System32\DRIVERS\ks.sys

0xF5F52000 \SystemRoot\System32\Drivers\pwd_2k.SYS

0xF785F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF5F11000 \SystemRoot\system32\drivers\STAC97.sys

0xF5EED000 \SystemRoot\system32\drivers\portcls.sys

0xF77FF000 \SystemRoot\system32\drivers\drmk.sys

0xF5E85000 \SystemRoot\System32\DRIVERS\HSFHWICH.sys

0xF5C72000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS

0xF5BC5000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys

0xF7877000 \SystemRoot\System32\Drivers\Modem.SYS

0xF778F000 \SystemRoot\System32\DRIVERS\btwhid.sys

0xF77AF000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

0xF7887000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

0xF7897000 \SystemRoot\system32\drivers\btaudio.sys

0xF7CEB000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF7B3B000 \SystemRoot\System32\Drivers\RootMdm.sys

0xF68D3000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF723C000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF579A000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF6893000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF76AF000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF78BF000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF78D7000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF78E7000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF5727000 \SystemRoot\System32\DRIVERS\btwdndis.sys

0xF78F7000 \SystemRoot\System32\DRIVERS\btport.sys

0xF56F7000 \SystemRoot\System32\DRIVERS\rdpdr.sys

0xF649C000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF7B41000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF5699000 \SystemRoot\System32\DRIVERS\update.sys

0xF7907000 \SystemRoot\System32\DRIVERS\omci.sys

0xF65CA000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7927000 \SystemRoot\System32\Drivers\mmc_2K.SYS

0xF792F000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0xF774F000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xF5581000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xF65BE000 \SystemRoot\System32\DRIVERS\kbdhid.sys

0xF65B6000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xF7937000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0xF775F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF777F000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF7B4B000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF76FF000 \SystemRoot\system32\DRIVERS\ousb2hub.sys

0xF7A73000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF68F3000 \??\C:\Program\a-squared Anti-Malware\a2dix86.sys

0xF3BCD000 \SystemRoot\system32\DRIVERS\mozy.sys

0xF7BEA000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS

0xF7BEB000 \SystemRoot\System32\Drivers\Cdralw2k.SYS

0xF7B55000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7BEC000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B59000 \SystemRoot\System32\Drivers\Beep.SYS

0xF795F000 \SystemRoot\System32\drivers\vga.sys

0xF7B5D000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF3B3D000 \SystemRoot\System32\Drivers\cdudf_xp.SYS

0xF64BC000 \SystemRoot\System32\Drivers\btwusb.sys

0xF788F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78C7000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF3A6F000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS

0xF5620000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF3A4A000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF772F000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF39DD000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xF39B5000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF398F000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF768F000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xF38CD000 \SystemRoot\System32\drivers\afd.sys

0xF68E3000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF645C000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF3861000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF37AB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF7C9B000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys

0xF3C85000 \SystemRoot\System32\Drivers\Fips.SYS

0xF3C55000 \??\C:\Program\F-Secure\HIPS\drivers\fshs.sys

0xF7B6D000 \??\C:\Program\a-squared Anti-Malware\a2util32.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xF30DB000 \SystemRoot\System32\drivers\Dxapi.sys

0xF3353000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BEE000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xBA7C4000 \SystemRoot\System32\DRIVERS\mdc8021x.sys

0xBA7B8000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xF7867000 \SystemRoot\System32\NetWare\resmgr.sys

0xBA65B000 \SystemRoot\system32\drivers\wdmaud.sys

0xF644C000 \SystemRoot\system32\drivers\sysaudio.sys

0xF327F000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xBA0D3000 \SystemRoot\System32\NetWare\nwfs.sys

0xF7B97000 \SystemRoot\System32\Drivers\BlankScreen.SYS

0xF7BFE000 \SystemRoot\System32\Drivers\KBSTUFF.SYS

0xF7AE7000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xF7AED000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys

0xBA0AB000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys

0xB9E9B000 \SystemRoot\System32\DRIVERS\srv.sys

0xF7B71000 \SystemRoot\System32\NetWare\NWSNS.sys

0xF794F000 \SystemRoot\System32\NetWare\nwslp.sys

0xB9DBB000 \SystemRoot\System32\NetWare\NWHOST.sys

0xB9D15000 \SystemRoot\System32\NetWare\srvloc.sys

0xF3B23000 \SystemRoot\System32\NetWare\nwdns.sys

0xB9DAF000 \SystemRoot\System32\NetWare\nwdhcp.sys

0xB9D09000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys

0xB9752000 \??\C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys

0xB9514000 \SystemRoot\System32\Drivers\HTTP.sys

0xBA750000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

 

Processes (total 61):

0 System Idle Process

4 System

480 C:\WINDOWS\SYSTEM32\smss.exe

544 csrss.exe

572 C:\WINDOWS\SYSTEM32\winlogon.exe

616 C:\WINDOWS\SYSTEM32\services.exe

628 C:\WINDOWS\SYSTEM32\lsass.exe

776 C:\WINDOWS\SYSTEM32\svchost.exe

836 svchost.exe

876 C:\WINDOWS\SYSTEM32\svchost.exe

912 C:\Program\Delade filer\LogiShrd\Bluetooth\LBTServ.exe

1020 svchost.exe

1048 C:\WINDOWS\SYSTEM32\svchost.exe

1096 svchost.exe

1112 C:\WINDOWS\SYSTEM32\svchost.exe

1356 C:\WINDOWS\SYSTEM32\spoolsv.exe

1788 C:\WINDOWS\explorer.exe

2044 C:\WINDOWS\SYSTEM32\nwtray.exe

208 C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

252 C:\Program\Logitech\SetPoint\LBTWiz.exe

344 C:\Program\HP\HP Software Update\hpwuSchd2.exe

356 C:\Program\Dell\QuickSet\quickset.exe

364 C:\Program\Delade filer\Real\Update_OB\realsched.exe

396 C:\Program\Delade filer\Java\Java Update\jusched.exe

404 C:\Program\F-Secure\Common\FSM32.EXE

468 C:\WINDOWS\SYSTEM32\ctfmon.exe

172 C:\Program\Dell\Bluetooth-programvara\BTTray.exe

820 C:\Program\Windows Desktop Search\WindowsSearch.exe

1012 C:\Program\Windows Desktop Search\WindowsSearchIndexer.exe

1448 C:\WINDOWS\SYSTEM32\BAsfIpM.exe

1532 C:\Program\Bonjour\mDNSResponder.exe

1536 C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

1632 C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

204 C:\Program\F-Secure\Common\FSMA32.EXE

420 C:\Program\F-Secure\Anti-Virus\fsgk32.exe

1164 C:\Program\F-Secure\Common\FSHDLL32.EXE

1420 C:\WINDOWS\SYSTEM32\svchost.exe

2104 C:\WINDOWS\SYSTEM32\svchost.exe

2120 C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe

2184 C:\Program\Java\jre6\bin\jqs.exe

2224 C:\Program\MozyHome\mozybackup.exe

2272 C:\Program\MICROS~2\MSSQL\Binn\sqlservr.exe

2812 C:\Program\VeriSign\NAVI\naviagent.exe

2844 C:\WINDOWS\SYSTEM32\nvsvc32.exe

2904 C:\Program\RETROS~1\RETROS~1.5\retrorun.exe

2924 C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2976 C:\Program\UPHClean\uphclean.exe

3032 C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE

3064 C:\WINDOWS\SYSTEM32\wm.exe

3120 C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE

4008 NAVICL~1.EXE

536 C:\NOVELL\ZENRC\WUOLService.exe

2496 fsorsp.exe

2520 C:\Program\F-Secure\Anti-Virus\fssm32.exe

2608 C:\Program\F-Secure\FWES\program\fsdfwd.exe

3812 C:\Program\Mozilla Firefox\firefox.exe

2584 alg.exe

3272 C:\Program\F-Secure\Anti-Virus\fsav32.exe

3468 C:\WINDOWS\SYSTEM32\OBroker.exe

4064 C:\WINDOWS\SYSTEM32\notepad.exe

280 C:\Documents and Settings\somo.000\Skrivbord\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

 

PhysicalDrive0 Model Number: FUJITSUMHT2040AH, Rev: 006C

 

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

 

 

Done!

Link to comment
Share on other sites

Dessa tre sista loggar visar inte på någon djupare liggande infektion.

 

Var det efter andra körningen av ComboFix som du förlorade internet-anslutningen?

Det kan ju tänkas att det blev för mycket borttaget då.

Link to comment
Share on other sites

Nej efter Gmer-körningen

Även när jag försöker kolla anslutningar i aktivitetsfältet så rasar denna explorer.exe

Jag kommer ju inte åt några systemprogram så jag kan ju inte, vad jag nu vet, återstarta systemet heller från tidigare startpunkt där åtminstone Internetanslutningen fungerade

PS Har startat i Felsäkert läge med nätverk och då kommer jag t kontrollpanel etc utan att explorer.exe får problem och nu har jag därifrån kommit ut på nätet också...om detta kan va till någon hjälp

Dessutom är jag nu tillbaka med internetanslutningen fungerande på sätt som innan Gmer-körningen. Så vad göra nu?

Link to comment
Share on other sites

Efter Gmer-körningen! Det var underligt för Gmer gör inget utan bara kollar olika saker i datorn.

 

PS Har startat i Felsäkert läge med nätverk och då kommer jag t kontrollpanel etc utan att explorer.exe får problem och nu har jag därifrån kommit ut på nätet också...om detta kan va till någon hjälp

Dessutom är jag nu tillbaka med internetanslutningen fungerande på sätt som innan Gmer-körningen. Så vad göra nu?

Bara så att jag är säker på att jag förstår rätt. Internet-anslutningen fungerar i felsäkert läge med nätverk men inte i normalt läge. Stämmer det? I så fall fortsätt med resten.

 

Har du fått en ny liten meny vid uppstarten av datorn efter första körningen av ComboFix?

Där man kan välja mellan att starta Windows och "Microsoft Windows Recovery Console" om man är snabb med piltangenterna.

 

Tryck på uppåt/nedåt-pilarna i den menyn för att välja "Microsoft Windows Recovery Console" och tryck sedan på Enter. Därefter får du troligen upp ett val om vilken Windows-installation som ska användas. Tryck på tangenten 1 följt av Enter.

 

När det står C:\Windows> på skärmen skriv in följande (varje rad avslutas med Enter):

 

cd erdnt\subs

batch erdnt.con

 

Det kommandot tar en stund för att fixa återställningen.

När det är klart skriv:

exit

 

Om det inte fungerar så skriv in dessa kommandon i stället:

 

cd erdnt\HIV-BACKUP

batch erdnt.con

Link to comment
Share on other sites

I felsäkert läge kunde jag starta internet och anslutningen finns kvar nu när jag startat om och kör i normalt läge.

Hittills har jag inte lagt märke till den nya menyn som du talar om men jag ska ta och starta om och försöka vara mer observant just på det Var och När skall den menn dyka upp menar du?

Link to comment
Share on other sites

Okej, men om internetanslutningen fungerar nu behöver du ju inte återställa till innan ComboFix-körningen.

 

Spara Rootkit Unhooker på skrivbordet.

http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar

Packa upp programmet. Om du inte har något uppackningsprogram för rar-filer kan du hämta 7-zip. http://www.7-zip.org/

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

 

Dubbelklicka på Rootkit Unhooker för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

Link to comment
Share on other sites

kl 02.00 i natt la jag in loggen men nu idag när jag tittar finns den inte i tråden!!

Min dator stängde aldrig ner själv efter att jag hade stängt av den utan i morse fick jag våldstänga ner den. scanningen tog lång tid även med detta program men här kommer loggfilen:

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3915776 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 78.11 )

0xF5F75000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 3211264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 78.11 )

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2190720 bytes (Microsoft Corporation, NT:s kernel och system)

0x804D7000 PnpManager 2190720 bytes

0x804D7000 RAW 2190720 bytes

0x804D7000 WMIxWDM 2190720 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)

0xF7338000 btkrnl.sys 1228800 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)

0xF5BED000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)

0xF5B1E000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xF74BE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF5797000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xF450C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF596A000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB948F000 C:\WINDOWS\System32\NetWare\nwfs.sys 368640 bytes (Novell, Inc., Novell NetWare Redirector)

0xF463F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB91B7000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xF5EBC000 C:\WINDOWS\System32\DRIVERS\bcmwl5.sys 315392 bytes (Broadcom Corporation, BCM 802.11g Network Adapter wireless driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB89B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF5D55000 C:\WINDOWS\system32\drivers\STAC97.sys 266240 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))

0xF472A000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)

0xF5CEA000 C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)

0xF46BD000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)

0xF5A2A000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF7620000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)

0xF747E000 C:\WINDOWS\System32\drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB852C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF457C000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF4617000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF75AC000 dmio.sys 155648 bytes (Microsoft Corporation, Veritas Software, I/O-drivrutin för NT-diskhanterare)

0xF45F1000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF5D31000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5F3D000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB8B0E000 C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys 143360 bytes (-, -)

0xF5DD5000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF45CF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF5F1C000 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 135168 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)

0xF7574000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF5D96000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 131072 bytes (Roxio, Win2000 Framework for Packet Write Driver)

0xF75D2000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)

0xF75F1000 pcmcia.sys 122880 bytes (Microsoft Corporation, Drivrutiner för PCMCIA-Buss)

0xB8F41000 C:\WINDOWS\System32\NetWare\srvloc.sys 122880 bytes (Novell, Inc., Novell SLP Driver)

0xF5A5A000 C:\WINDOWS\System32\DRIVERS\btwdndis.sys 118784 bytes (WIDCOMM, Inc., Bluetooth LAN Access Server Driver)

0xF7464000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7594000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF5E4C000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0xF754B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5AB5000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xBA42B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5E38000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Drivrutin för parallellport)

0xF5F61000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x806EE000 ACPI_HAL 81152 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF74AB000 fsdfw.sys 77824 bytes (F-Secure Corporation, F-Secure Internet Shield Driver)

0xF5F09000 C:\WINDOWS\System32\DRIVERS\gticard.sys 77824 bytes (Texas Instruments, Texas Instruments GemCore IFD Handler)

0xF4698000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF4785000 C:\WINDOWS\system32\DRIVERS\mozy.sys 73728 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)

0xF7562000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)

0xF760F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)

0xBA698000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF77EF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF782F000 C:\Program\F-Secure\HIPS\drivers\fshs.sys 65536 bytes (F-Secure Corporation, HIPS 32-bit kernel module)

0xF771F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF76CF000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF6556000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Seriell drivrutin)

0xF6977000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF775F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF780F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Drivrutin för Redbook-ljudfilter)

0xBA4A8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF68F7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF76DF000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF777F000 C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 57344 bytes (OrangeWare Corporation, USB 2.0 Hub Driver)

0xF77BF000 C:\WINDOWS\System32\Drivers\btwusb.sys 53248 bytes (WIDCOMM, Inc., Driver for Bluetooth USB Devices)

0xF76AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB8845000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))

0xF6576000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)

0xF785F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF768F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)

0xF6927000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xF779F000 C:\WINDOWS\System32\Drivers\ousbehci.sys 49152 bytes (OrangeWare Corporation, USB 2.0 Enhanced Host Controller Driver)

0xF6586000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF76FF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF6957000 C:\WINDOWS\System32\DRIVERS\btwhid.sys 45056 bytes (WIDCOMM, Inc., Bluetooth Virtual HID Minidriver)

0xF78CF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)

0xF6526000 C:\WINDOWS\system32\drivers\Imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF767F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF65A6000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF774F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Drivrutin för processor)

0xF766F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)

0xF6917000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF77FF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF78BF000 C:\Program\a-squared Anti-Malware\a2dix86.sys 36864 bytes (Emsi Software GmbH, Emsisoft Anti-Malware Behavior Blocker)

0xF769F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF76EF000 fsbts.sys 36864 bytes (-, -)

0xF6947000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF783F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF776F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA125000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF76BF000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF787F000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7A17000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)

0xF794F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem-drivrutin)

0xF7917000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF79FF000 C:\WINDOWS\System32\NetWare\nwdns.sys 32768 bytes

0xF79C7000 C:\WINDOWS\System32\DRIVERS\btport.sys 28672 bytes (WIDCOMM, Inc., Bluetooth BTPORT Driver for Windows 2000)

0xF795F000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF790F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)

0xF7A0F000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xF78EF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF793F000 C:\WINDOWS\System32\NetWare\resmgr.sys 28672 bytes (Novell, Inc., Novell NetWare Resource Manager)

0xF7A5F000 C:\WINDOWS\system32\drivers\tiumfwl.sys 28672 bytes (Texas Instruments Inc., tiumfwl.sys)

0xF7A57000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF792F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF7947000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))

0xF7A07000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))

0xF7A6F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)

0xF7A47000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7A2F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7977000 C:\WINDOWS\system32\drivers\btaudio.sys 20480 bytes (WIDCOMM, Inc., Bluetooth Audio Device)

0xF7A4F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7927000 C:\WINDOWS\System32\NetWare\nwslp.sys 20480 bytes

0xF79CF000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)

0xF78F7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF79A7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF79B7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF798F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF79AF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7A87000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF7B2F000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xBA778000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)

0xF72CF000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0xBA7B4000 C:\WINDOWS\System32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xF65DD000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA7A4000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB916B000 C:\WINDOWS\System32\NetWare\nwdhcp.sys 16384 bytes

0xF7B5B000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7B43000 C:\WINDOWS\System32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)

0xF7A7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7A83000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xF72CB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF730C000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xB93E3000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)

0xF72C7000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0xF72F8000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7A8B000 nicm.sys 12288 bytes (Novell, Inc., Novell InterService Communication Driver)

0xB8E71000 C:\WINDOWS\System32\NetWare\NWHOST.sys 12288 bytes

0xF5A06000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB8E7D000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes

0xF7C15000 C:\Program\a-squared Anti-Malware\a2util32.sys 8192 bytes (Emsi Software GmbH, a-squared Malware-IDS utility driver)

0xF7BF3000 C:\WINDOWS\system32\Drivers\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)

0xF7C07000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7C03000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE-drivrutin)

0xF7B6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7C0B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7BAD000 C:\WINDOWS\System32\NetWare\NWSNS.sys 8192 bytes

0xF7BD7000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Parallellportsdrivrutin för VDM)

0xF7C0F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7BE7000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)

0xF7BEB000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B75000 tiumflt.sys 8192 bytes (Texas Instruments Inc., tiumflt.sys)

0xF7BFF000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B71000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF633A000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7CC8000 C:\WINDOWS\System32\Drivers\BlankScreen.SYS 4096 bytes (Novell, Inc., Screen Blanking Driver)

0xF7CDB000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))

0xF7CDC000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))

0xF7D5C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF634F000 C:\WINDOWS\System32\Drivers\Kblock.SYS 4096 bytes (Novell, Inc., Keyboard Locking driver)

0xF7D2B000 C:\WINDOWS\System32\Drivers\KBSTUFF.SYS 4096 bytes (Novell Inc., Keyboard Stuffing driver)

0xF7D44000 C:\WINDOWS\system32\Drivers\mchInjDrv.sys 4096 bytes

0xF6351000 C:\WINDOWS\System32\Drivers\Mouslock.SYS 4096 bytes (Novell, Inc., Mouse Locking driver)

0xF7CDD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7C37000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)

 

 

========================================

Jag var tydligen för trött i natt för att uppmärksamma det mess jag fick nu att mitt inlägg är för långt. Jag delar därför av det före STEALTH

Link to comment
Share on other sites

Här kommer fortsättningen

 

==============================================

>Stealth

==============================================

WARNING: Virus alike driver modification [ndistapi.sys]

WARNING: Virus alike driver modification [bthpan.sys]

WARNING: Virus alike driver modification [ADPU160M.SYS]

WARNING: Virus alike driver modification [compbatt.sys]

WARNING: Virus alike driver modification [sffp_mmc.sys]

WARNING: Virus alike driver modification [hidusb.sys]

WARNING: Virus alike driver modification [hsfdpsp2.sys]

WARNING: Virus alike driver modification [DXAPI.SYS]

WARNING: Virus alike driver modification [atinrvxx.sys]

WARNING: Virus alike driver modification [mup.sys]

WARNING: Virus alike driver modification [HSF_DP.sys]

WARNING: Virus alike driver modification [ndisip.sys]

WARNING: Virus alike driver modification [sffp_sd.sys]

WARNING: Virus alike driver modification [slip.sys]

WARNING: Virus alike driver modification [irenum.sys]

WARNING: Virus alike driver modification [wadv08nt.sys]

WARNING: Virus alike driver modification [sfloppy.sys]

WARNING: Virus alike driver modification [ati1mdxx.sys]

WARNING: Virus alike driver modification [wadv05nt.sys]

WARNING: Virus alike driver modification [ACPIEC.SYS]

WARNING: Virus alike driver modification [CPQDAP01.SYS]

WARNING: Virus alike driver modification [wadv07nt.sys]

WARNING: Virus alike driver modification [wadv09nt.sys]

WARNING: Virus alike driver modification [FADXP32.sys]

WARNING: Virus alike driver modification [sffdisk.sys]

WARNING: Virus alike driver modification [wadv11nt.sys]

WARNING: Virus alike driver modification [nicm.sys]

WARNING: Virus alike driver modification [AMSINT.SYS]

WARNING: Virus alike driver modification [NIKEDRV.SYS]

WARNING: Virus alike driver modification [RIO8DRV.SYS]

WARNING: Virus alike driver modification [RIODRV.SYS]

WARNING: Virus alike driver modification [WS2IFSL.SYS]

WARNING: Virus alike driver modification [pcmcia.sys]

WARNING: Virus alike driver modification [tdpipe.sys]

WARNING: Virus alike driver modification [ati1pdxx.sys]

WARNING: Virus alike driver modification [wsiintxx.sys]

WARNING: Virus alike driver modification [wadv02nt.sys]

WARNING: Virus alike driver modification [mouhid.sys]

WARNING: Virus alike driver modification [usbvideo.sys]

WARNING: Virus alike driver modification [FSVGA.SYS]

WARNING: Virus alike driver modification [tunmp.sys]

WARNING: Virus alike driver modification [wadv01nt.sys]

WARNING: Virus alike driver modification [NWLNKFLT.SYS]

WARNING: Virus alike driver modification [FTDISK.SYS]

WARNING: Virus alike driver modification [mtlmnt5.sys]

WARNING: Virus alike driver modification [mutohpen.sys]

WARNING: Virus alike driver modification [AHA154X.SYS]

WARNING: Virus alike driver modification [usb8023.sys]

WARNING: Virus alike driver modification [usb8023x.sys]

WARNING: Virus alike driver modification [slnt7554.sys]

WARNING: Virus alike driver modification [fltmgr.sys]

WARNING: Virus alike driver modification [mtlstrm.sys]

WARNING: Virus alike driver modification [b57xp32.sys]

WARNING: Virus alike driver modification [slwdmsup.sys]

WARNING: Virus alike driver modification [recagent.sys]

WARNING: Virus alike driver modification [atinmdxx.sys]

WARNING: Virus alike driver modification [atinttxx.sys]

WARNING: Virus alike driver modification [afd.sys]

WARNING: Virus alike driver modification [CBIDF2K.SYS]

WARNING: Virus alike driver modification [cmbatt.sys]

WARNING: Virus alike driver modification [rdpwd.sys]

WARNING: Virus alike driver modification [lv302af.sys]

WARNING: Virus alike driver modification [ks.sys]

WARNING: Virus alike driver modification [battc.sys]

WARNING: Virus alike driver modification [diskdump.sys]

WARNING: Virus alike driver modification [wacompen.sys]

WARNING: Virus alike driver modification [asyncmac.sys]

WARNING: Virus alike driver modification [atinpdxx.sys]

WARNING: Virus alike driver modification [fastfat.sys]

WARNING: Virus alike driver modification [pwd_2K.sys]

WARNING: Virus alike driver modification [hdaudbus.sys]

WARNING: Virus alike driver modification [ndisuio.sys]

WARNING: Virus alike driver modification [sMCLIB.SYS]

WARNING: Virus alike driver modification [portcls.sys]

WARNING: Virus alike driver modification [DAC960NT.SYS]

WARNING: Virus alike driver modification [kbdhid.sys]

WARNING: Virus alike driver modification [ASC3550.SYS]

WARNING: Virus alike driver modification [CPQARRAY.SYS]

WARNING: Virus alike driver modification [tape.sys]

WARNING: Virus alike driver modification [usbscan.sys]

WARNING: Virus alike driver modification [streamip.sys]

WARNING: Virus alike driver modification [ipnat.sys]

WARNING: Virus alike driver modification [dmio.sys]

WARNING: Virus alike driver modification [mssmbios.sys]

WARNING: Virus alike driver modification [serenum.sys]

WARNING: Virus alike driver modification [mdc8021x.sys]

WARNING: Virus alike driver modification [usbintel.sys]

WARNING: Virus alike driver modification [iNI910U.SYS]

WARNING: Virus alike driver modification [i81xnt5.sys]

WARNING: Virus alike driver modification [hphipr09.sys]

WARNING: Virus alike driver modification [sYMC810.SYS]

WARNING: Virus alike driver modification [netbt.sys]

WARNING: Virus alike driver modification [nwrdr.sys]

WARNING: Virus alike driver modification [RASPTI.SYS]

WARNING: Virus alike driver modification [s3gnbm.sys]

WARNING: Virus alike driver modification [bthenum.sys]

WARNING: Virus alike driver modification [ccdecode.sys]

WARNING: Virus alike driver modification [omci.sys]

WARNING: Virus alike driver modification [kmixer.sys]

WARNING: Virus alike driver modification [MRAID35X.SYS]

WARNING: Virus alike driver modification [frmupgr.sys]

WARNING: Virus alike driver modification [rdbss.sys]

WARNING: Virus alike driver modification [PTILINK.SYS]

WARNING: Virus alike driver modification [DAC2W2K.SYS]

WARNING: Virus alike driver modification [ntmtlfax.sys]

WARNING: Virus alike driver modification [mrxdav.sys]

WARNING: Virus alike driver modification [ndis.sys]

WARNING: Virus alike driver modification [i2omp.sys]

WARNING: Virus alike driver modification [CDAUDIO.SYS]

WARNING: Virus alike driver modification [acpi.sys]

WARNING: Virus alike driver modification [hphius09.sys]

WARNING: Virus alike driver modification [bthusb.sys]

WARNING: Virus alike driver modification [msfs.sys]

WARNING: Virus alike driver modification [sPARROW.SYS]

WARNING: Virus alike driver modification [tdi.sys]

WARNING: Virus alike driver modification [ftdibus.sys]

WARNING: Virus alike driver modification [hidir.sys]

WARNING: Virus alike driver modification [wstcodec.sys]

WARNING: Virus alike driver modification [wvchntxx.sys]

WARNING: Virus alike driver modification [watv02nt.sys]

WARNING: Virus alike driver modification [rdpdr.sys]

WARNING: Virus alike driver modification [partmgr.sys]

WARNING: Virus alike driver modification [DPTI2O.SYS]

WARNING: Virus alike driver modification [rmcast.sys]

WARNING: Virus alike driver modification [flpydisk.sys]

WARNING: Virus alike driver modification [secdrv.sys]

WARNING: Virus alike driver modification [udfreadr_xp.sys]

WARNING: Virus alike driver modification [ipinip.sys]

WARNING: Virus alike driver modification [vga.sys]

WARNING: Virus alike driver modification [Lvckap.sys]

WARNING: Virus alike driver modification [ati1ttxx.sys]

WARNING: Virus alike driver modification [TSBVCAP.SYS]

WARNING: Virus alike driver modification [LVMVdrv.sys]

WARNING: Virus alike driver modification [tdtcp.sys]

WARNING: Virus alike driver modification [hsfbs2s2.sys]

WARNING: Virus alike driver modification [watv06nt.sys]

WARNING: Virus alike driver modification [ASC3350P.SYS]

WARNING: Virus alike driver modification [tcpip6.sys]

WARNING: Virus alike driver modification [mouclass.sys]

WARNING: Virus alike driver modification [ABP480N5.SYS]

WARNING: Virus alike driver modification [wch7xxnt.sys]

WARNING: Virus alike driver modification [cdudf_xp.sys]

WARNING: Virus alike driver modification [kbdclass.sys]

WARNING: Virus alike driver modification [hidparse.sys]

WARNING: Virus alike driver modification [sonydcam.sys]

WARNING: Virus alike driver modification [watv10nt.sys]

WARNING: Virus alike driver modification [hidbth.sys]

WARNING: Virus alike driver modification [usbcamd.sys]

WARNING: Virus alike driver modification [LVPr2Mon.sys]

WARNING: Virus alike driver modification [usbcamd2.sys]

WARNING: Virus alike driver modification [Dvd_2k.sys]

WARNING: Virus alike driver modification [HPN.SYS]

WARNING: Virus alike driver modification [CINEMST2.SYS]

WARNING: Virus alike driver modification [ati1snxx.sys]

WARNING: Virus alike driver modification [usbstor.sys]

WARNING: Virus alike driver modification [stac97.sys]

WARNING: Virus alike driver modification [ASC.SYS]

WARNING: Virus alike driver modification [lvrs.sys]

WARNING: Virus alike driver modification [http.sys]

WARNING: Virus alike driver modification [GEARAspiWDM.sys]

WARNING: Virus alike driver modification [LV302V32.SYS]

WARNING: Virus alike driver modification [bthport.sys]

WARNING: Virus alike driver modification [PERC2.SYS]

WARNING: Virus alike driver modification [fdc.sys]

WARNING: Virus alike driver modification [sYM_HI.SYS]

WARNING: Virus alike driver modification [atinsnxx.sys]

WARNING: Virus alike driver modification [watv01nt.sys]

WARNING: Virus alike driver modification [ati1xbxx.sys]

WARNING: Virus alike driver modification [modem.sys]

WARNING: Virus alike driver modification [usbehci.sys]

WARNING: Virus alike driver modification [rndismp.sys]

WARNING: Virus alike driver modification [rndismpx.sys]

WARNING: Virus alike driver modification [Mmc_2k.sys]

WARNING: Virus alike driver modification [ati1raxx.sys]

WARNING: Virus alike driver modification [sYM_U3.SYS]

WARNING: Virus alike driver modification [npfs.sys]

WARNING: Virus alike driver modification [bCMWL5.SYS]

WARNING: Virus alike driver modification [ATMEPVC.SYS]

WARNING: Virus alike driver modification [atinxbxx.sys]

WARNING: Virus alike driver modification [usbccgp.sys]

WARNING: Virus alike driver modification [wdfldr.sys]

WARNING: Virus alike driver modification [NWLNKFWD.SYS]

WARNING: Virus alike driver modification [sYMC8XX.SYS]

WARNING: Virus alike driver modification [ati2mtaa.sys]

WARNING: Virus alike driver modification [iPFLTDRV.SYS]

WARNING: Virus alike driver modification [QL10WNT.SYS]

WARNING: Virus alike driver modification [gv3.sys]

WARNING: Virus alike driver modification [watv04nt.sys]

WARNING: Virus alike driver modification [RAWWAN.SYS]

WARNING: Virus alike driver modification [wanarp.sys]

WARNING: Virus alike driver modification [netbios.sys]

WARNING: Virus alike driver modification [ati1xsxx.sys]

WARNING: Virus alike driver modification [msgpc.sys]

WARNING: Virus alike driver modification [ATMUNI.SYS]

WARNING: Virus alike driver modification [LHidFilt.Sys]

WARNING: Virus alike driver modification [tcpip.sys]

WARNING: Virus alike driver modification [disk.sys]

WARNING: Virus alike driver modification [ati1tuxx.sys]

WARNING: Virus alike driver modification [bthprint.sys]

WARNING: Virus alike driver modification [ip6fw.sys]

WARNING: Virus alike driver modification [uLTRA.SYS]

WARNING: Virus alike driver modification [hidclass.sys]

WARNING: Virus alike driver modification [LMouFilt.Sys]

WARNING: Virus alike driver modification [bthmodem.sys]

WARNING: Virus alike driver modification [update.sys]

WARNING: Virus alike driver modification [wpdusb.sys]

WARNING: Virus alike driver modification [processr.sys]

WARNING: Virus alike driver modification [intelppm.sys]

WARNING: Virus alike driver modification [nmnt.sys]

WARNING: Virus alike driver modification [QL1080.SYS]

WARNING: Virus alike driver modification [QL1240.SYS]

WARNING: Virus alike driver modification [slntamr.sys]

WARNING: Virus alike driver modification [crusoe.sys]

WARNING: Virus alike driver modification [termdd.sys]

WARNING: Virus alike driver modification [sisagp.sys]

WARNING: Virus alike driver modification [amdk6.sys]

WARNING: Virus alike driver modification [raspppoe.sys]

WARNING: Virus alike driver modification [amdk7.sys]

WARNING: Virus alike driver modification [LVUSBSta.sys]

WARNING: Virus alike driver modification [imapi.sys]

WARNING: Virus alike driver modification [bEEP.SYS]

WARNING: Virus alike driver modification [MNMDD.SYS]

WARNING: Virus alike driver modification [RDPCDD.SYS]

WARNING: Virus alike driver modification [viaagp.sys]

WARNING: Virus alike driver modification [mountmgr.sys]

WARNING: Virus alike driver modification [bvrp_pci.sys]

WARNING: Virus alike driver modification [alim1541.sys]

WARNING: Virus alike driver modification [amdagp.sys]

WARNING: Virus alike driver modification [swenum.sys]

WARNING: Virus alike driver modification [WMILIB.SYS]

WARNING: Virus alike driver modification [btwhid.sys]

WARNING: Virus alike driver modification [pxhelp20.sys]

WARNING: Virus alike driver modification [fips.sys]

WARNING: Virus alike driver modification [uagp35.sys]

WARNING: Virus alike driver modification [blankscreen.sys]

WARNING: Virus alike driver modification [agpcpq.sys]

WARNING: Virus alike driver modification [mtxparhm.sys]

WARNING: Virus alike driver modification [QL12160.SYS]

WARNING: Virus alike driver modification [gagp30kx.sys]

WARNING: Virus alike driver modification [irbus.sys]

WARNING: Virus alike driver modification [p3.sys]

WARNING: Virus alike driver modification [uSBD.SYS]

WARNING: Virus alike driver modification [raspptp.sys]

WARNING: Virus alike driver modification [QL1280.SYS]

WARNING: Virus alike driver modification [wdf01000.sys]

WARNING: Virus alike driver modification [stream.sys]

WARNING: Virus alike driver modification [classpnp.sys]

WARNING: Virus alike driver modification [mspqm.sys]

WARNING: Virus alike driver modification [TOSIDE.SYS]

WARNING: Virus alike driver modification [hphs2k09.sys]

WARNING: Virus alike driver modification [ftser2k.sys]

WARNING: Virus alike driver modification [hphid409.sys]

WARNING: Virus alike driver modification [rasl2tp.sys]

WARNING: Virus alike driver modification [TOSDVD.SYS]

WARNING: Virus alike driver modification [atinraxx.sys]

WARNING: Virus alike driver modification [ALIIDE.SYS]

WARNING: Virus alike driver modification [i8042prt.sys]

WARNING: Virus alike driver modification [dmusic.sys]

WARNING: Virus alike driver modification [volsnap.sys]

WARNING: Virus alike driver modification [btwusb.sys]

WARNING: Virus alike driver modification [1394bus.sys]

WARNING: Virus alike driver modification [mozy.sys]

WARNING: Virus alike driver modification [mspclock.sys]

WARNING: Virus alike driver modification [viaide.sys]

WARNING: Virus alike driver modification [intelide.sys]

WARNING: Virus alike driver modification [mstee.sys]

WARNING: Virus alike driver modification [PERC2HIB.SYS]

WARNING: Virus alike driver modification [AIC78U2.SYS]

WARNING: Virus alike driver modification [atmlane.sys]

WARNING: Virus alike driver modification [NWLNKSPX.SYS]

WARNING: Virus alike driver modification [kbstuff.sys]

WARNING: Virus alike driver modification [swmidi.sys]

WARNING: Virus alike driver modification [ati1btxx.sys]

WARNING: Virus alike driver modification [AIC78XX.SYS]

WARNING: Virus alike driver modification [ntfs.sys]

WARNING: Virus alike driver modification [atinbtxx.sys]

WARNING: Virus alike driver modification [VDMINDVD.SYS]

WARNING: Virus alike driver modification [redbook.sys]

WARNING: Virus alike driver modification [DMLOAD.SYS]

WARNING: Virus alike driver modification [ROOTMDM.SYS]

WARNING: Virus alike driver modification [smbali.sys]

WARNING: Virus alike driver modification [rfcomm.sys]

WARNING: Virus alike driver modification [atmarpc.sys]

WARNING: Virus alike driver modification [uSBAUDIO.sys]

WARNING: Virus alike driver modification [drmk.sys]

WARNING: Virus alike driver modification [bASFND.sys]

WARNING: Virus alike driver modification [arp1394.sys]

WARNING: Virus alike driver modification [sysaudio.sys]

WARNING: Virus alike driver modification [ohci1394.sys]

WARNING: Virus alike driver modification [nic1394.sys]

WARNING: Virus alike driver modification [splitter.sys]

WARNING: Virus alike driver modification [cdrom.sys]

WARNING: Virus alike driver modification [NWLNKNB.SYS]

WARNING: Virus alike driver modification [atinxsxx.sys]

WARNING: Virus alike driver modification [ati1rvxx.sys]

WARNING: Virus alike driver modification [cdfs.sys]

WARNING: Virus alike driver modification [mf.sys]

WARNING: Virus alike driver modification [enum1394.sys]

WARNING: Virus alike driver modification [serial.sys]

WARNING: Virus alike driver modification [udfs.sys]

WARNING: Virus alike driver modification [CMDIDE.SYS]

WARNING: Virus alike driver modification [EL90XBC5.SYS]

WARNING: Virus alike driver modification [ftlund.sys]

WARNING: Virus alike driver modification [hsfcxts2.sys]

WARNING: Virus alike driver modification [PARVDM.SYS]

WARNING: Virus alike driver modification [psched.sys]

WARNING: Virus alike driver modification [ati2mtag.sys]

WARNING: Virus alike driver modification [bridge.sys]

WARNING: Virus alike driver modification [atintuxx.sys]

WARNING: Virus alike driver modification [sr.sys]

WARNING: Virus alike driver modification [ipsec.sys]

WARNING: Virus alike driver modification [mskssrv.sys]

WARNING: Virus alike driver modification [CD20XRNT.SYS]

WARNING: Virus alike driver modification [MCD.SYS]

WARNING: Virus alike driver modification [WudfPf.sys]

WARNING: Virus alike driver modification [sdbus.sys]

WARNING: Virus alike driver modification [FS_REC.SYS]

WARNING: Virus alike driver modification [dmboot.sys]

WARNING: Virus alike driver modification [parport.sys]

WARNING: Virus alike driver modification [videoprt.sys]

WARNING: Virus alike driver modification [WudfRd.sys]

WARNING: Virus alike driver modification [wdmaud.sys]

WARNING: Virus alike driver modification [nabtsfec.sys]

WARNING: Virus alike driver modification [i2omgmt.sys]

WARNING: Virus alike driver modification [RASACD.SYS]

WARNING: Virus alike driver modification [nwlnkipx.sys]

WARNING: Virus alike driver modification [ndiswan.sys]

WARNING: Virus alike driver modification [ppscan.sys]

WARNING: Virus alike driver modification [mqac.sys]

WARNING: Virus alike driver modification [ksecdd.sys]

WARNING: Virus alike driver modification [Apfiltr.sys]

WARNING: Virus alike driver modification [slnthal.sys]

WARNING: Virus alike driver modification [scsiport.sys]

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86

!-->[Hidden] C:\Documents and Settings\All Users\Start-meny\Program\iTunes

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsMovies.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsMusic.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsPhotos.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsPodcasts.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsRentalItem.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsRentedMovies.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsRingtones.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsTVShows.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsVersion.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DevicePrefsWorkouts.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DJIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DJPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\DuplicatesPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\EQWindow.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\EULA.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\GeniusBar.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\GeniusDone.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\GradientWindow.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\HomeSharing.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\HomeSharingOn.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\HomeSharingPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPhonePrefs.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPhoneRestore.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPhoneSetup.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPhoneWelcome.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPhoneWelcomeOffline.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodPrefs.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodRestore.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodSetup.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodSetupAssist.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodWelcome.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\iPodWelcomeOffline.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\MobilePhonePrefs.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\MobilePhoneSetup.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\MoviesIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\MusicIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\PlaylistIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\PodcastsIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\PodcastsPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\RentedMoviesPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\Ringtone.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\ShufflePrefs.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\ShuffleSetup.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\StoreCancelPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\StoreCopyrightPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\StoreTracksPlacard.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\SummaryBar.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\TouchRemoteConfirm.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\TouchRemoteSetup.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\TVShowsIntro.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\VolumeLimitPanel.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\sv.lproj\WelcomeWindow.nib

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\zh_CN.lproj

!-->[Hidden] C:\Program\iTunes\iTunes.Resources\zh_TW.lproj

!-->[Hidden] C:\Program\iTunes\iTunesHelper.Resources

!-->[Hidden] C:\Program\iTunes\iTunesMiniPlayer.Resources

!-->[Hidden] C:\Program\iTunes\Mozilla Plugins

!-->[Hidden] C:\Program\MozyHome\Data\filter_raw.log.1

!-->[Hidden] C:\QooBox\BackEnv\AppData.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Cache.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Cookies.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Desktop.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Favorites.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\History.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\LocalAppData.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\LocalSettings.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Music.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\NetHood.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Personal.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Pictures.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\PrintHood.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Profiles.Folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Profiles.Folder.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Programs.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\Recent.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\SendTo.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\SetPath.bat

!-->[Hidden] C:\QooBox\BackEnv\StartMenu.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\StartUp.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\SysPath.dat

!-->[Hidden] C:\QooBox\BackEnv\Templates.folder.dat

!-->[Hidden] C:\QooBox\BackEnv\VikPev00

==============================================

>Hooks

==============================================

ndis.sys-->NdisCloseAdapter, Type: Inline - RelativeJump 0xF7490642-->F74B6034 [fsdfw.sys]

ndis.sys-->NdisCoCreateVc, Type: Inline - RelativeJump 0xF749D186-->F74B5F92 [fsdfw.sys]

ndis.sys-->NdisCoDeleteVc, Type: Inline - RelativeJump 0xF749E557-->F74B6000 [fsdfw.sys]

ndis.sys-->NdisCoSendPackets, Type: Inline - RelativeJump 0xF749EAF1-->F74B75A2 [fsdfw.sys]

ndis.sys-->NdisDeregisterProtocol, Type: Inline - RelativeJump 0xF7490821-->F74B62CC [fsdfw.sys]

ndis.sys-->NdisOpenAdapter, Type: Inline - RelativeJump 0xF7486399-->F74B64B0 [fsdfw.sys]

ndis.sys-->NdisRegisterProtocol, Type: Inline - RelativeJump 0xF748617F-->F74B5F26 [fsdfw.sys]

ndis.sys-->NdisRequest, Type: Inline - RelativeJump 0xF749397B-->F74B67D8 [fsdfw.sys]

ndis.sys-->NdisReturnPackets, Type: Inline - RelativeJump 0xF7493810-->F74B6E38 [fsdfw.sys]

ndis.sys-->NdisSend, Type: Inline - RelativeJump 0xF7496986-->F74B77B8 [fsdfw.sys]

ndis.sys-->NdisSendPackets, Type: Inline - RelativeJump 0xF74969A3-->F74B788A [fsdfw.sys]

ndis.sys-->NdisTransferData, Type: Inline - RelativeJump 0xF74969BE-->F74B6F36 [fsdfw.sys]

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]

ntoskrnl.exe+0x0000B8AC, Type: Inline - RelativeJump 0x804E28AC-->804E28C9 [ntoskrnl.exe]

ntoskrnl.exe-->IoCreateDevice, Type: Inline - RelativeJump 0x8059FACE-->F74B6116 [fsdfw.sys]

[1084]realsched.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1084]realsched.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1084]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1084]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1084]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1084]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1084]realsched.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1084]realsched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1084]realsched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[1112]jusched.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1112]jusched.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1112]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1112]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1112]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1112]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1112]jusched.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1112]jusched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1112]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1124]wscntfy.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1128]FSM32.EXE-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1316]ctfmon.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1348]BTTray.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1348]BTTray.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1348]BTTray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1348]BTTray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1348]BTTray.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1348]BTTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1348]BTTray.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1348]BTTray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1348]BTTray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[1648]OBroker.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1648]OBroker.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1648]OBroker.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1648]OBroker.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1648]OBroker.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1648]OBroker.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1648]OBroker.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1648]OBroker.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1648]OBroker.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1804]WUOLService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[1844]firefox.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[1844]firefox.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[1844]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[1844]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[1844]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[1844]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[1844]firefox.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]

[1844]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[1844]firefox.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[1844]firefox.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2160]BAsfIpM.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x0043D29C-->00000000 [ws2_32.dll]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x0043D294-->00000000 [ws2_32.dll]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSAIoctl, Type: IAT modification 0x0043D2B0-->00000000 [ws2_32.dll]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSARecv, Type: IAT modification 0x0043D2AC-->00000000 [ws2_32.dll]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x0043D2A8-->00000000 [ws2_32.dll]

[2188]mDNSResponder.exe-->ws2_32.dll-->WSAStringToAddressA, Type: IAT modification 0x0043D274-->00000000 [ws2_32.dll]

[2200]NAVICL~1.EXE-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2200]NAVICL~1.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2216]btwdins.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2216]btwdins.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2216]btwdins.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2216]btwdins.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2216]btwdins.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2216]btwdins.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2216]btwdins.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2216]btwdins.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2216]btwdins.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2216]btwdins.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2652]inetinfo.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2688]jqs.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2688]jqs.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2688]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2688]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2688]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2688]jqs.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2688]jqs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2688]jqs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2688]jqs.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2688]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2688]jqs.exe-->ws2_32.dll-->WSACloseEvent, Type: IAT modification 0x004172A8-->00000000 [ws2_32.dll]

[2688]jqs.exe-->ws2_32.dll-->WSACreateEvent, Type: IAT modification 0x004172E8-->00000000 [ws2_32.dll]

[2688]jqs.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x004172C0-->00000000 [ws2_32.dll]

[2688]jqs.exe-->ws2_32.dll-->WSAResetEvent, Type: IAT modification 0x004172E4-->00000000 [ws2_32.dll]

[2688]jqs.exe-->ws2_32.dll-->WSASetEvent, Type: IAT modification 0x004172DC-->00000000 [ws2_32.dll]

[2688]jqs.exe-->ws2_32.dll-->WSAWaitForMultipleEvents, Type: IAT modification 0x004172E0-->00000000 [ws2_32.dll]

[2720]mozybackup.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2720]mozybackup.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]

[2752]sqlservr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[2752]sqlservr.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0097D218-->00000000 [shimeng.dll]

[2752]sqlservr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[2752]sqlservr.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[2752]sqlservr.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]

[2752]sqlservr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3012]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[3012]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[3012]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]

[3012]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[3012]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[3012]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[3012]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[3012]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[3012]explorer.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[3012]explorer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[3012]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[3012]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]

[3012]explorer.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[3012]explorer.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[3012]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C114B0-->00000000 [shimeng.dll]

[3128]naviagent.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3128]naviagent.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3128]naviagent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3128]naviagent.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3128]naviagent.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3128]naviagent.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3128]naviagent.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3128]naviagent.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3128]naviagent.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3128]naviagent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3204]nvsvc32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3320]retrorun.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3320]retrorun.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3320]retrorun.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3320]retrorun.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3320]retrorun.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3320]retrorun.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3320]retrorun.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3320]retrorun.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3320]retrorun.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3320]retrorun.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3344]SeaPort.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3456]WLTRYSVC.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3484]wm.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3484]wm.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3484]wm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3484]wm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3484]wm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3484]wm.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3484]wm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3484]wm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3484]wm.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3484]wm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[3500]BCMWLTRY.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[4012]alg.exe-->ws2_32.dll-->WSAConnect, Type: IAT modification 0x010010F0-->00000000 [ws2_32.dll]

[4012]alg.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x010010EC-->00000000 [ws2_32.dll]

[4012]alg.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x010010F4-->00000000 [ws2_32.dll]

[4012]alg.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x010010F8-->00000000 [ws2_32.dll]

[580]nwtray.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[580]nwtray.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[580]nwtray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[580]nwtray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[580]nwtray.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[580]nwtray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[580]nwtray.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[580]nwtray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[580]nwtray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[604]winlogon.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[604]winlogon.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[604]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[604]winlogon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[604]winlogon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[604]winlogon.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[604]winlogon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[604]winlogon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[604]winlogon.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[604]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[604]winlogon.exe-->ws2_32.dll-->getaddrinfo, Type: IAT modification 0x01001A28-->00000000 [ws2_32.dll]

[660]lsass.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[660]lsass.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[660]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[660]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[660]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[660]lsass.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[660]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[660]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[660]lsass.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[660]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[856]Communications_Helper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[940]LBTWiz.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[984]hpwuSchd2.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[992]quickset.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[992]quickset.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[992]quickset.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E27211-->00000000 [unknown_code_page]

[992]quickset.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E273A9-->00000000 [unknown_code_page]

[992]quickset.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[992]quickset.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[992]quickset.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7C90D59E-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7C90D5FE-->00000000 [unknown_code_page]

[992]quickset.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x7E3B6783-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x7E3B673F-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x7E37AAFD-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x7E368CCB-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x7E37F140-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x7E37F3C2-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x7E37929A-->00000000 [unknown_code_page]

[992]quickset.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

[996]LBTServ.exe-->advapi32.dll-->CloseServiceHandle, Type: Inline - RelativeJump 0x77DD6CE5-->00000000 [unknown_code_page]

[996]LBTServ.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DE4A09-->00000000 [unknown_code_page]

[996]LBTServ.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->00000000 [unknown_code_page]

[996]LBTServ.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DD6FFD-->00000000 [unknown_code_page]

[996]LBTServ.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]

[996]LBTServ.exe-->kernel32.dll-->TerminateThread, Type: Inline - RelativeJump 0x7C81CB3B-->00000000 [unknown_code_page]

[996]LBTServ.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]

[996]LBTServ.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [unknown_code_page]

[996]LBTServ.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump 0x7E3A81C3-->00000000 [unknown_code_page]

[996]LBTServ.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [unknown_code_page]

Link to comment
Share on other sites

1.

Det där såg ju lite misstänkt ut. Det är bäst att kolla upp datorn när Windows inte är igång utan i stället starta datorn från en CD-skiva. Ladda ner från en av länkarna:

http://oldtimer.geekstogo.com/OTLPEStd.exe

http://ottools.noahdfear.net/OTLPEStd.exe

Stoppa in en tom CD-skiva.

Starta det nedladdade programmet och det kommer automatiskt att bränna OTLPE på CD-skivan.

 

Vet du hur du får datorn att starta från en CD-skiva i stället för från en hårddisk? Om inte så fråga.

 

När datorn har startat från CD-skivan visas REATOGO-X-PE skrivbord.

Dubbelklicka på ikonen OTLPE.

Om du får frågan "Do you wish to load the remote registry", välj Yes/OK.

När du får frågan "Do you wish to load remote user profile(s) for scanning", välj Yes/OK.

Se till att "Automatically Load All Remaining Users" är vald om det valet finns och klicka OK.

Programmet OTL startar.

Låt inställningen Use safelist vara kvar för Drivers.

Tryck på Run Scan för att starta genomsökningen.

 

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\.

 

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar.

 

2.

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Link to comment
Share on other sites

Starta från CD isf hårddisk kommer att ta en tid innan jag kommer på hur det gick till så bättre fråga dig.

Link to comment
Share on other sites

Precis när du sätter på datorn brukar det dyka upp en logo för datortillverkaren och på då står det normalt också vilken/vilka tangent(er) som kan användas för att göra BIOS-inställningar. Det kan t ex stå "Press Del to Enter Setup" eller "F12 = Boot order". Vad står det för något när du sätter på din dator?

Link to comment
Share on other sites

Det har fixat sig med CD-Boot och här kommer OTL.txt och sedan kör jag scanningen;

 

OTL logfile created on: 1/27/2011 3:49:09 PM - Run

OTLPE by OldTimer - Version 3.1.44.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,023.00 Mb Total Physical Memory | 787.00 Mb Available Physical Memory | 77.00% Memory free

907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 37.20 Gb Total Space | 3.57 Gb Free Space | 9.61% Space Free | Partition Type: NTFS

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [File_System | On_Demand] -- -- (NaiAvFilter101)

DRV - File not found [Kernel | On_Demand] -- -- (LMouKE)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (iAimTV2)

DRV - File not found [Kernel | On_Demand] -- -- (EntDrv51)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2011/01/23 13:05:20 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System] -- C:\Program\a-squared Anti-Malware\a2dix86.sys -- (a2injectiondriver)

DRV - [2011/01/23 13:05:09 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand] -- C:\Program\a-squared Anti-Malware\a2accx86.sys -- (a2acc)

DRV - [2010/12/15 07:20:55 | 000,042,664 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsbts.sys -- (fsbts)

DRV - [2010/11/30 03:06:24 | 000,130,728 | ---- | M] () [Kernel | On_Demand] -- C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2010/10/18 16:40:27 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Program\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2010/10/18 16:39:38 | 000,082,824 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsdfw.sys -- (FSFW)

DRV - [2010/10/18 16:39:25 | 000,041,896 | ---- | M] () [Kernel | Disabled] -- C:\Program\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)

DRV - [2010/10/18 16:39:25 | 000,027,304 | ---- | M] () [Kernel | Disabled] -- C:\Program\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)

DRV - [2010/05/10 09:37:29 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System] -- C:\Program\a-squared Anti-Malware\a2util32.sys -- (a2util)

DRV - [2010/05/10 09:34:23 | 000,002,560 | ---- | M] () [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mchInjDrv.sys -- (mchInjDrv)

DRV - [2009/04/30 18:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)

DRV - [2009/04/30 17:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2009/04/30 17:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter)

DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB-ljuddrivrutiner (WDM)

DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/28 20:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/28 20:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 11:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/06/07 15:57:11 | 000,241,280 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2007/06/07 15:57:11 | 000,206,464 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2007/06/07 15:57:11 | 000,144,250 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2007/06/07 15:57:11 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2007/06/07 15:57:10 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2005/09/29 01:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ousb2hub.sys -- (ousb2hub)

DRV - [2005/09/29 01:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\ousbehci.sys -- (ousbehci)

DRV - [2005/07/06 12:52:00 | 003,208,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2005/05/03 08:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 08:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 08:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)

DRV - [2005/04/05 09:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)

DRV - [2004/11/15 08:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2004/10/05 03:27:34 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/04/26 09:38:18 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)

DRV - [2004/04/26 09:31:56 | 001,239,338 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)

DRV - [2004/04/26 09:24:56 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - [2004/04/26 09:24:44 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)

DRV - [2004/04/26 09:16:22 | 000,043,539 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwhid.sys -- (btwhid)

DRV - [2004/04/26 09:15:16 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)

DRV - [2004/02/20 10:13:50 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/02/13 05:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2003/10/23 10:04:00 | 000,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gticard.sys -- (GTICARD)

DRV - [2003/08/29 08:56:12 | 000,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumfwl.sys -- (tiumfwl)

DRV - [2003/08/21 13:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV - [2003/07/03 09:55:48 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)

DRV - [2003/04/24 10:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)

DRV - [2003/04/07 02:30:30 | 000,385,824 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwfs.sys -- (NetwareWorkstation)

DRV - [2003/04/07 02:28:12 | 000,032,174 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwdns.sys -- (NWDNS)

DRV - [2003/02/24 02:36:13 | 000,050,396 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)

DRV - [2003/02/24 02:36:11 | 000,006,828 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftlund.sys -- (FTLUND)

DRV - [2003/02/24 02:36:06 | 000,019,153 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)

DRV - [2003/02/20 02:21:16 | 000,119,855 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\srvloc.sys -- (SRVLOC)

DRV - [2003/02/13 02:21:10 | 000,019,456 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwslp.sys -- (NWSLP)

DRV - [2003/02/13 02:20:46 | 000,005,808 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwsns.sys -- (NWSNS)

DRV - [2003/01/30 12:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)

DRV - [2003/01/17 08:26:46 | 000,023,264 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwsap.sys -- (NWSAP)

DRV - [2002/12/10 09:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumflt.sys -- (DevUpper)

DRV - [2002/11/20 09:54:22 | 000,033,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gv3.sys -- (gv3)

DRV - [2002/10/04 06:39:52 | 000,015,712 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwdhcp.sys -- (NWDHCP)

DRV - [2002/05/29 04:56:16 | 000,040,592 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwsipx32.sys -- (NWSIPX32)

DRV - [2002/05/13 13:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2002/02/06 11:34:10 | 000,011,984 | ---- | M] (Novell, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\nicm.sys -- (NICM)

DRV - [2001/10/23 04:13:18 | 000,011,760 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwhost.sys -- (NWHOST)

DRV - [2001/10/23 04:04:58 | 000,029,229 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\resmgr.sys -- (RESMGR)

DRV - [2001/09/06 13:54:56 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

DRV - [2001/07/10 05:02:30 | 000,005,600 | ---- | M] (Novell Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\kbstuff.sys -- (KBSTUFF)

DRV - [2001/07/10 05:02:08 | 000,004,480 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\blankscreen.sys -- (BlankScreen)

DRV - [2001/06/15 07:01:28 | 000,003,779 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mouslock.sys -- (Mouslock)

DRV - [2001/06/15 07:01:24 | 000,003,742 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\kblock.sys -- (Kblock)

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/27 08:43:42 | 098,071,259 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\somo.000\Skrivbord\OTLPEStd.exe

[2011/01/26 18:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\MustBeRandomlyNamed

[2011/01/26 18:19:33 | 000,719,574 | ---- | C] (UG North ) -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.exe

[2011/01/26 18:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590

[2011/01/26 18:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\7-Zip

[2011/01/26 11:35:11 | 001,994,423 | ---- | C] (MediaChance) -- C:\Documents and Settings\somo.000\Skrivbord\autorun.exe

[2011/01/26 04:51:30 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\somo.000\Skrivbord\TDSSKiller.exe

[2011/01/26 04:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller

[2011/01/25 16:41:51 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\somo.000\Skrivbord\mbam-setup.exe

[2011/01/25 11:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/01/25 10:23:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/01/25 09:44:51 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/01/25 09:38:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/01/25 09:38:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/01/25 09:38:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/01/23 16:24:42 | 000,000,000 | ---D | C] -- C:\Program\Security Task Manager

[2011/01/23 08:53:45 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011/01/10 17:02:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/01/10 17:02:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/01/10 17:02:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2008/03/15 12:23:30 | 005,275,624 | ---- | C] (SmartSoft Ltd) -- C:\Program\SFTPMSI.exe

[2005/05/23 09:46:51 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program\RngInterstitial.dll

[2005/05/11 17:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/27 09:41:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/01/27 09:40:49 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

[2011/01/27 09:40:48 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

[2011/01/27 09:26:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/27 09:03:05 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/01/27 08:51:19 | 098,071,259 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\somo.000\Skrivbord\OTLPEStd.exe

[2011/01/27 08:26:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/27 04:30:55 | 000,081,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2011/01/27 04:29:13 | 000,029,825 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/01/27 04:28:53 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/26 18:21:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\3uu0R5ic3uCx.exe

[2011/01/26 18:19:17 | 000,719,574 | ---- | M] (UG North ) -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.exe

[2011/01/26 18:11:37 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\7z920.exe

[2011/01/26 18:08:47 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.rar

[2011/01/26 12:35:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/26 11:35:01 | 001,994,423 | ---- | M] (MediaChance) -- C:\Documents and Settings\somo.000\Skrivbord\autorun.exe

[2011/01/26 09:52:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\MBRCheck.exe

[2011/01/26 05:04:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe

[2011/01/26 04:51:16 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\somo.000\Skrivbord\TDSSKiller.exe

[2011/01/26 04:35:17 | 001,237,433 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller.zip

[2011/01/25 18:09:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2011/01/25 16:42:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\somo.000\Skrivbord\mbam-setup.exe

[2011/01/25 09:44:58 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI

[2011/01/25 09:17:05 | 004,160,093 | R--- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\ComboFix.exe

[2011/01/24 17:35:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/01/24 11:02:25 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\dds.scr

[2011/01/24 03:59:38 | 000,335,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/01/23 16:23:29 | 002,057,568 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\SecurityTaskManager_Setup.exe

[2011/01/23 13:38:21 | 000,060,057 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\biljett-X8JZUN-LN2AE.pdf

[2011/01/23 13:35:36 | 000,060,414 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\terrakottaarmen-biljett-X8JZUN-LN2AE.pdf

[2011/01/23 08:44:30 | 000,081,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2011/01/22 15:32:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/01/13 04:54:27 | 000,154,624 | ---- | M] () -- C:\Mina Dokument\Dagbok Big Five Safari i Krügerparken 29 dec 2010.doc

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/01/26 18:21:50 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\3uu0R5ic3uCx.exe

[2011/01/26 18:11:36 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\7z920.exe

[2011/01/26 18:08:46 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.rar

[2011/01/26 12:48:16 | 1073,000,448 | -HS- | C] () -- C:\hiberfil.sys

[2011/01/26 09:52:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\MBRCheck.exe

[2011/01/26 05:04:50 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe

[2011/01/26 04:35:14 | 001,237,433 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller.zip

[2011/01/25 09:44:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/01/25 09:44:52 | 000,260,784 | RHS- | C] () -- C:\cmldr

[2011/01/25 09:38:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/01/25 09:38:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/01/25 09:38:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/01/25 09:38:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/01/25 09:38:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/01/25 09:16:52 | 004,160,093 | R--- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\ComboFix.exe

[2011/01/24 11:02:24 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\dds.scr

[2011/01/23 16:23:27 | 002,057,568 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\SecurityTaskManager_Setup.exe

[2011/01/23 13:38:10 | 000,060,057 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\biljett-X8JZUN-LN2AE.pdf

[2011/01/23 13:35:30 | 000,060,414 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\terrakottaarmen-biljett-X8JZUN-LN2AE.pdf

[2011/01/13 04:54:26 | 000,154,624 | ---- | C] () -- C:\Mina Dokument\Dagbok Big Five Safari i Krügerparken 29 dec 2010.doc

[2010/08/22 10:00:19 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2010/04/26 10:09:32 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\SMBIOSSP.exe

[2010/02/14 08:44:42 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll

[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/06/01 17:29:43 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\somo.000\.java.policy

[2009/05/08 03:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/04/30 09:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/02/19 07:37:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI

[2009/02/06 09:10:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys

[2009/01/18 13:25:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/12/31 11:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\GamlaOGACheckControl.dll

[2008/12/23 12:01:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\burnit.INI

[2008/11/19 18:19:50 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\PHP.ini

[2008/11/17 11:33:37 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll

[2008/09/16 02:41:37 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys

[2008/06/12 10:42:38 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini

[2008/04/08 07:00:09 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/02/04 10:15:40 | 000,022,482 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007/02/04 10:15:40 | 000,001,059 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007/02/04 10:14:58 | 000,059,079 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007/02/04 10:14:57 | 000,014,663 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007/02/04 10:14:56 | 000,017,566 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2007/01/24 16:30:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini

[2006/11/02 08:18:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log

[2006/11/02 08:18:06 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log

[2006/11/02 08:18:06 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini

[2006/09/23 20:53:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll

[2006/06/14 11:54:08 | 000,004,105 | ---- | C] () -- C:\WINDOWS\System32\INFRA.INI

[2006/04/23 11:02:59 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log

[2006/04/23 11:02:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini

[2006/04/07 07:12:27 | 000,000,166 | ---- | C] () -- C:\WINDOWS\ds2000.ini

[2006/04/04 17:18:25 | 000,002,784 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_InstantShareJPG.log

[2006/04/04 17:18:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini

[2006/04/04 17:18:03 | 000,003,543 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_IZClosingDiscError.log

[2006/04/04 17:18:03 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini

[2006/04/04 17:16:46 | 000,005,220 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/04/04 17:16:46 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/04/04 17:15:18 | 000,072,731 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\Update_HP_RedboxHprblog_HPSU.log

[2006/04/04 17:15:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2006/02/28 10:37:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI

[2005/12/23 21:02:18 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\somo.000\userprefs.prop

[2005/12/23 20:03:55 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\somo.000\pokerclient.log

[2005/12/10 06:18:07 | 000,001,294 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/30 08:40:44 | 000,548,864 | R--- | C] () -- C:\WINDOWS\System32\hpgt4850.dll

[2005/04/04 04:15:34 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\SOMO\Application Data\AdobeDLM.log

[2005/03/15 04:19:12 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\OT_FPG32.dll

[2005/03/15 04:19:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\OT_SPX32.dll

[2005/03/15 04:19:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\OT_TCP32.dll

[2005/03/15 04:19:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\OT_NET32.dll

[2005/03/15 04:19:12 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\SIMSPY32.DLL

[2005/02/27 14:09:46 | 000,000,082 | ---- | C] () -- C:\WINDOWS\klienthanterare.ini

[2005/02/27 14:06:43 | 000,000,343 | ---- | C] () -- C:\WINDOWS\start.ini

[2005/02/27 14:06:12 | 000,004,136 | ---- | C] () -- C:\WINDOWS\SKATTWIN.INI

[2005/02/27 14:05:51 | 000,000,576 | ---- | C] () -- C:\WINDOWS\kundkort.ini

[2005/02/20 11:35:40 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2005/02/07 02:09:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SOMO\Application Data\dm.ini

[2005/02/06 14:51:57 | 000,011,009 | ---- | C] () -- C:\Program\HPSETUP.LOG

[2005/01/24 11:21:07 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI

[2005/01/24 11:17:06 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ppdrv.ini

[2005/01/24 11:14:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[2005/01/24 11:14:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\hpud32.dll

[2005/01/24 11:14:44 | 000,123,424 | ---- | C] () -- C:\WINDOWS\p1220_32.dll

[2005/01/24 11:14:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[2005/01/24 11:14:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\hpudrv.ini

[2004/12/21 02:47:06 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI

[2004/11/24 11:01:16 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\somo.000\convert.log

[2004/11/24 10:07:48 | 000,002,399 | ---- | C] () -- C:\WINDOWS\Fcic.ini

[2004/11/24 09:59:38 | 000,001,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/11/24 09:59:38 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2004/11/24 09:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2004/11/24 09:51:45 | 000,000,068 | ---- | C] () -- C:\WINDOWS\NetOp.Ini

[2004/11/24 03:10:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2004/11/24 02:54:55 | 000,003,220 | ---- | C] () -- C:\WINDOWS\TobOcrQ.ini

[2004/11/24 02:54:55 | 000,000,967 | ---- | C] () -- C:\WINDOWS\tobcbo32.ini

[2004/11/24 02:54:55 | 000,000,876 | ---- | C] () -- C:\WINDOWS\TobOcr.ini

[2004/11/24 02:54:55 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tobcbo25.ini

[2004/11/24 02:54:55 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tobcbo10.ini

[2004/11/24 02:54:55 | 000,000,205 | ---- | C] () -- C:\WINDOWS\tobcbo11.ini

[2004/11/24 02:54:55 | 000,000,180 | ---- | C] () -- C:\WINDOWS\tobcbo20.ini

[2004/11/24 02:54:44 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\jntest\convert.log

[2004/11/11 13:12:31 | 000,008,000 | ---- | C] () -- C:\WINDOWS\System32\yukti.dll

[2004/11/11 07:29:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\SOMO\Lokala inställningar\Application Data\fusioncache.dat

[2004/11/11 03:35:43 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\SOMO\convert.log

[2004/11/09 14:56:45 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Sören\Lokala inställningar\Application Data\fusioncache.dat

[2004/10/27 17:26:43 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Sören\convert.log

[2004/10/27 17:26:30 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\convert.log

[2004/10/05 03:33:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/10/05 03:24:09 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Administratör\convert.log

[2004/10/05 02:57:08 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/04/26 09:53:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2004/03/28 04:16:40 | 000,004,669 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/26 17:32:14 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2003/02/20 02:34:10 | 000,192,593 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll

[2003/02/05 08:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll

[2002/12/03 10:14:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll

[2002/05/15 06:23:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\CddbLangSV.dll

[2002/02/21 07:25:22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/10/23 08:43:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll

[2001/10/23 03:36:04 | 000,012,112 | ---- | C] () -- C:\WINDOWS\System32\wmntapi.dll

[2001/10/04 08:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

[2001/07/18 03:36:46 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\wmrasm.dll

[2000/01/20 03:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll

[1999/06/29 22:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll

[1999/01/22 05:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1999/01/10 22:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini

[1998/03/10 23:25:40 | 000,002,420 | ---- | C] () -- C:\WINDOWS\lwppro.ini

[1996/05/14 03:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll

[1995/08/22 02:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

 

========== LOP Check ==========

 

[2004/11/24 10:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jntest\Application Data\NetOp

[2009/06/01 17:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Agency9

[2009/04/01 02:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Ashampoo

[2010/06/14 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Ashampoo Photo Commander 3

[2010/05/05 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Auslogics

[2008/11/08 07:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Bullzip

[2010/06/13 11:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/05/22 08:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\DeepBurner

[2010/05/02 16:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\DriverFinder

[2010/05/09 06:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\ElevatedDiagnostics

[2008/10/24 17:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\GARMIN

[2008/10/05 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\ICAClient

[2006/11/02 09:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Icon Constructor

[2005/12/10 06:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\InterVideo

[2010/05/24 06:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\IObit

[2005/02/07 02:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Leadertech

[2006/10/29 04:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\MSN Search Toolbar

[2007/11/30 08:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Musicator

[2010/05/02 16:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\MySQL-Front

[2010/05/02 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\NCH Swift Sound

[2005/02/27 04:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\NetOp

[2009/02/11 05:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Netscape

[2009/03/16 05:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Personal

[2008/10/05 12:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Runaware

[2005/01/26 06:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Scala.6

[2010/09/11 05:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Software Informer

[2009/09/14 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\SPCS

[2009/08/24 17:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\SystemRequirementsLab

[2009/11/03 15:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\TweakNow RegCleaner

[2010/05/02 16:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Uniblue

[2009/10/10 10:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\VersionTracker Pro

[2010/09/02 10:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\webex

[2006/10/29 04:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Windows Desktop Search

[2010/03/16 17:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\wsInspector

[2006/05/30 16:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\XnView

[2005/11/03 08:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\MSN Search Toolbar

[2005/01/17 06:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\NetOp

[2005/06/04 05:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\Netscape

[2004/11/11 10:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\Scala.6

[2005/04/29 08:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\SPCS

[2004/11/10 12:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sören\Application Data\Scala.6

 

========== Purity Check ==========

 

 

< End of report >

 

PS.

Jag ser namn på program som jag har avinstallerat!! DS

Link to comment
Share on other sites

Nu har jag kört Esetscanning i 40 min och den har hittat två threats kört 25 % men den har stått kvar på samma fil i över tio min. Jag har Firefox och då fick jag ladda ner en fil på skrivbordet innan jag körde och den notering om Advanced Settings kom aldrig upp. Ska jag skrota detta och öppna IE och köra det den vägen eller ska jag fortsätta vänta här?

Link to comment
Share on other sites

Hur har det gått under den här timmen?

Om den fortfarande är kvar på 25% verkar det ju inte gå så bra. Skriv ner eller ta en skärmdump (PrintScreen) på vad som har hittats.

Link to comment
Share on other sites

Mitt tålamod räckte inte längre utan jag tog ner Esetscanningen och startade den vi a explorer så att inte browsern skulle vara problemet. De två threats som innan dess hittades har följande beskrivning:

C:\Documents and Settings\somo.000\Application Data\Sun\Java\Deployment\cache\6.0\22\8f8a096-66d33c29 multiple threats

C:\Documents and Settings\somo.000\Application Data\Sun\Java\Deployment\cache\6.0\43\7db4016b-22b2f469 multiple threats

Nu har Esetscanningen gått via IE i över en timme och stannat efter att ha scannat 17714 filer och 25 % liksom förra scanningen. Den stå stilla på samma fil vars sökväg är denna

C:\Dokuments and Settings\somo.000\Skrivbord\Garmin_RMU_CNEUNT2009.exe

Den filen kan jag döda för installation är klar och ska jag uppdatera mina Garminkartor så måste jag skaffa nya.

Jag inväntar dina instruktioner

 

Jag testa på nytt om Kontrollpanelen gick att komma åt men då kom felet med filen DRWTSN32.exe som stött på problem och måste avslutas och därmed så stannade allt och jag var tvungen att göra hårt stopp och starta om på nytt. I och med detta har också Esetscanningen avslutats!

Link to comment
Share on other sites

Jag ser namn på program som jag har avinstallerat!!
Vilka?

 

Avbryt Eset-skanningen om du inte redan har gjort det.

 

Starta Anteckningar.

Kopiera alla raderna i rutan:

:Services
NaiAvFilter101
EntDrv51

Klistra in dem i Anteckningar. Spara filen som C:\FixOTLPE.txt. OBS! Mappen C:\.

 

Starta om datorn från OTLPE-skivan igen. Svara likadant på frågorna.

 

Dubbelklicka i rutan för Custom Scans/Fixes. Det kommer upp en fråga om du vill läsa in "custom scan" från en fil. Välj Yes.

Leta upp C:\FixOTLPE.txt och klicka Open.

 

Tryck på Run Fix.

 

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\.

 

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar.

Link to comment
Share on other sites

Det program jag reagerade på var Scala och iScala. Det var ett redovisningsprogram som jag inte längre behöver och som tog upp mycken plats därför avinstallerade jag det men ser nu att namnet återkommer i visst sammanhang.

Sen vill jag upprepa att jag inte kunnat ta bort Java som du skrev om den enkla vägen och den svåra kommer jag inte ihåg just nu.

OK Då kör jag OTLPE

Link to comment
Share on other sites

Inte där utan under DDS Servises /Drivers

Men nu jag hittar inte den fil som skapades. Skulle jag ha tagit bort den förra först?

Den ligger kvar men vad som är mycket konstigt är att dels när jag nystartade från hårddisken tog det mycket lång tid innan jag fick igång Firefox och då ville jag se om den hade startats. (CTRL+Alt+Del) Då ser jag att explorer.exe tar mellan 65-90 % CPU sedan låser sig datorn och jag måste tvärstänga. När jag nu får igång det hela hittar jag inte annat än den gamla filen men något som blir skumt är att mappen _OTL är skapad 2011-01-28 kl 01.38. I den mappen finns en undermapp MovedFiles som är skapad samma tid. Min klocka är nu 20.28 2011-01-27.

Den OTL.txt som jag hittar är senast använd 2011-01-27 kl 21.57!!

Det som finns i den är daterat OTL logfile created on: 1/27/2011 3:49:09 PM - Run

och det är vad jag minns den förra tidpunkten.

Jag har jämfört den jag nu ser med den jag klistrade in och de verkar vara samma fil. Jag tar bort den från C och kör om OTLPE

Link to comment
Share on other sites

Förmodligen gör väl jag något fel men det blir ingen loggfil. Men denna gång var jag lite smartare och eftersom det inte var så mycket text skrev jag av den,

SERVICES/DRIVERS

Service\Driver key NaiAvfilter 101 not found.

Service\Driver key Entdrv 51 not found

 

OTLPE by Old Timer - Version 5.1.44.1 log Created on 0122011 - 205740

Link to comment
Share on other sites

Där har vi ju något Scala:

S4 ScaWPrintManager;ScaWPrintManager;c:\program\scala business solutions nv\iscala\system\services\print\scawprintmanager.exe --> c:\program\scala business solutions nv\iscala\system\services\print\ScaWPrintManager.exe [?]

Det är en rest efter en avinstallation. S4, som står först, betyder att tjänsten är inaktiverad och ? sist att programmet inte hittar filen. Det är alltså en rest som inte gör något.

 

Klockslagen beror nog på att när du startar datorn från CDn vet ju inte OTLPE vilken tidszon du befinner dig i och antar något bara.

 

Kör OTLPE som du gjorde första gången (inlägg 35) så får vi se hur loggen ser ut nu.

Link to comment
Share on other sites

OTL logfile created on: 1/28/2011 12:11:11 AM - Run

OTLPE by OldTimer - Version 3.1.44.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,023.00 Mb Total Physical Memory | 780.00 Mb Available Physical Memory | 76.00% Memory free

907.00 Mb Paging File | 842.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 37.20 Gb Total Space | 1.28 Gb Free Space | 3.45% Space Free | Partition Type: NTFS

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (LMouKE)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (iAimTV2)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2011/01/23 13:05:20 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System] -- C:\Program\a-squared Anti-Malware\a2dix86.sys -- (a2injectiondriver)

DRV - [2011/01/23 13:05:09 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand] -- C:\Program\a-squared Anti-Malware\a2accx86.sys -- (a2acc)

DRV - [2010/12/15 07:20:55 | 000,042,664 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsbts.sys -- (fsbts)

DRV - [2010/11/30 03:06:24 | 000,130,728 | ---- | M] () [Kernel | On_Demand] -- C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2010/10/18 16:40:27 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Program\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2010/10/18 16:39:38 | 000,082,824 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsdfw.sys -- (FSFW)

DRV - [2010/10/18 16:39:25 | 000,041,896 | ---- | M] () [Kernel | Disabled] -- C:\Program\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)

DRV - [2010/10/18 16:39:25 | 000,027,304 | ---- | M] () [Kernel | Disabled] -- C:\Program\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)

DRV - [2010/05/10 09:37:29 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System] -- C:\Program\a-squared Anti-Malware\a2util32.sys -- (a2util)

DRV - [2010/05/10 09:34:23 | 000,002,560 | ---- | M] () [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mchInjDrv.sys -- (mchInjDrv)

DRV - [2009/04/30 18:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)

DRV - [2009/04/30 17:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2009/04/30 17:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter)

DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB-ljuddrivrutiner (WDM)

DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/28 20:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/28 20:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 11:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/06/07 15:57:11 | 000,241,280 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2007/06/07 15:57:11 | 000,206,464 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2007/06/07 15:57:11 | 000,144,250 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2007/06/07 15:57:11 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2007/06/07 15:57:10 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2005/09/29 01:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ousb2hub.sys -- (ousb2hub)

DRV - [2005/09/29 01:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\ousbehci.sys -- (ousbehci)

DRV - [2005/07/06 12:52:00 | 003,208,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2005/05/03 08:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 08:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 08:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)

DRV - [2005/04/05 09:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)

DRV - [2004/11/15 08:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2004/10/05 03:27:34 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/04/26 09:38:18 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)

DRV - [2004/04/26 09:31:56 | 001,239,338 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)

DRV - [2004/04/26 09:24:56 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - [2004/04/26 09:24:44 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)

DRV - [2004/04/26 09:16:22 | 000,043,539 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwhid.sys -- (btwhid)

DRV - [2004/04/26 09:15:16 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)

DRV - [2004/02/20 10:13:50 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/02/13 05:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2003/10/23 10:04:00 | 000,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gticard.sys -- (GTICARD)

DRV - [2003/08/29 08:56:12 | 000,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumfwl.sys -- (tiumfwl)

DRV - [2003/08/21 13:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV - [2003/07/03 09:55:48 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)

DRV - [2003/04/24 10:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)

DRV - [2003/04/07 02:30:30 | 000,385,824 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwfs.sys -- (NetwareWorkstation)

DRV - [2003/04/07 02:28:12 | 000,032,174 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwdns.sys -- (NWDNS)

DRV - [2003/02/24 02:36:13 | 000,050,396 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)

DRV - [2003/02/24 02:36:11 | 000,006,828 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftlund.sys -- (FTLUND)

DRV - [2003/02/24 02:36:06 | 000,019,153 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)

DRV - [2003/02/20 02:21:16 | 000,119,855 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\srvloc.sys -- (SRVLOC)

DRV - [2003/02/13 02:21:10 | 000,019,456 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwslp.sys -- (NWSLP)

DRV - [2003/02/13 02:20:46 | 000,005,808 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwsns.sys -- (NWSNS)

DRV - [2003/01/30 12:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)

DRV - [2003/01/17 08:26:46 | 000,023,264 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwsap.sys -- (NWSAP)

DRV - [2002/12/10 09:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumflt.sys -- (DevUpper)

DRV - [2002/11/20 09:54:22 | 000,033,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gv3.sys -- (gv3)

DRV - [2002/10/04 06:39:52 | 000,015,712 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwdhcp.sys -- (NWDHCP)

DRV - [2002/05/29 04:56:16 | 000,040,592 | ---- | M] (Novell, Inc.) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\nwsipx32.sys -- (NWSIPX32)

DRV - [2002/05/13 13:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2002/02/06 11:34:10 | 000,011,984 | ---- | M] (Novell, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\nicm.sys -- (NICM)

DRV - [2001/10/23 04:13:18 | 000,011,760 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\NetWare\nwhost.sys -- (NWHOST)

DRV - [2001/10/23 04:04:58 | 000,029,229 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\NetWare\resmgr.sys -- (RESMGR)

DRV - [2001/09/06 13:54:56 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

DRV - [2001/07/10 05:02:30 | 000,005,600 | ---- | M] (Novell Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\kbstuff.sys -- (KBSTUFF)

DRV - [2001/07/10 05:02:08 | 000,004,480 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\blankscreen.sys -- (BlankScreen)

DRV - [2001/06/15 07:01:28 | 000,003,779 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mouslock.sys -- (Mouslock)

DRV - [2001/06/15 07:01:24 | 000,003,742 | ---- | M] (Novell, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\kblock.sys -- (Kblock)

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/27 19:38:27 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/01/27 14:45:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/01/27 10:17:05 | 000,000,000 | ---D | C] -- C:\Program\ESET

[2011/01/27 08:43:42 | 098,071,259 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\somo.000\Skrivbord\OTLPEStd.exe

[2011/01/26 18:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\MustBeRandomlyNamed

[2011/01/26 18:19:33 | 000,719,574 | ---- | C] (UG North ) -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.exe

[2011/01/26 18:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590

[2011/01/26 18:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\7-Zip

[2011/01/26 11:35:11 | 001,994,423 | ---- | C] (MediaChance) -- C:\Documents and Settings\somo.000\Skrivbord\autorun.exe

[2011/01/26 04:51:30 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\somo.000\Skrivbord\TDSSKiller.exe

[2011/01/26 04:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller

[2011/01/25 16:41:51 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\somo.000\Skrivbord\mbam-setup.exe

[2011/01/25 11:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/01/25 10:23:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/01/25 09:44:51 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/01/25 09:38:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/01/25 09:38:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/01/25 09:38:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/01/23 16:24:42 | 000,000,000 | ---D | C] -- C:\Program\Security Task Manager

[2011/01/23 08:53:45 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011/01/10 17:02:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/01/10 17:02:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/01/10 17:02:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2008/03/15 12:23:30 | 005,275,624 | ---- | C] (SmartSoft Ltd) -- C:\Program\SFTPMSI.exe

[2005/05/23 09:46:51 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program\RngInterstitial.dll

[2005/05/11 17:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/27 17:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/01/27 17:54:40 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

[2011/01/27 17:54:39 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

[2011/01/27 17:26:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/27 15:04:55 | 000,081,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2011/01/27 15:04:55 | 000,029,825 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/01/27 15:04:44 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/27 15:03:33 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/27 10:15:54 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\esetsmartinstaller_enu.exe

[2011/01/27 09:03:05 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/01/27 08:51:19 | 098,071,259 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\somo.000\Skrivbord\OTLPEStd.exe

[2011/01/26 18:21:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\3uu0R5ic3uCx.exe

[2011/01/26 18:19:17 | 000,719,574 | ---- | M] (UG North ) -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.exe

[2011/01/26 18:11:37 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\7z920.exe

[2011/01/26 18:08:47 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.rar

[2011/01/26 12:35:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/26 11:35:01 | 001,994,423 | ---- | M] (MediaChance) -- C:\Documents and Settings\somo.000\Skrivbord\autorun.exe

[2011/01/26 09:52:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\MBRCheck.exe

[2011/01/26 05:04:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe

[2011/01/26 04:51:16 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\somo.000\Skrivbord\TDSSKiller.exe

[2011/01/26 04:35:17 | 001,237,433 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller.zip

[2011/01/25 18:09:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2011/01/25 16:42:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\somo.000\Skrivbord\mbam-setup.exe

[2011/01/25 09:44:58 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI

[2011/01/25 09:17:05 | 004,160,093 | R--- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\ComboFix.exe

[2011/01/24 17:35:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/01/24 11:02:25 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\dds.scr

[2011/01/24 03:59:38 | 000,335,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/01/23 16:23:29 | 002,057,568 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\SecurityTaskManager_Setup.exe

[2011/01/23 13:38:21 | 000,060,057 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\biljett-X8JZUN-LN2AE.pdf

[2011/01/23 13:35:36 | 000,060,414 | ---- | M] () -- C:\Documents and Settings\somo.000\Skrivbord\terrakottaarmen-biljett-X8JZUN-LN2AE.pdf

[2011/01/23 08:44:30 | 000,081,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2011/01/22 15:32:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/01/13 04:54:27 | 000,154,624 | ---- | M] () -- C:\Mina Dokument\Dagbok Big Five Safari i Krügerparken 29 dec 2010.doc

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/01/27 10:15:50 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\esetsmartinstaller_enu.exe

[2011/01/26 18:21:50 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\3uu0R5ic3uCx.exe

[2011/01/26 18:11:36 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\7z920.exe

[2011/01/26 18:08:46 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\RkU3.8.388.590.rar

[2011/01/26 12:48:16 | 1073,000,448 | -HS- | C] () -- C:\hiberfil.sys

[2011/01/26 09:52:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\MBRCheck.exe

[2011/01/26 05:04:50 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\qzexs4xh.exe

[2011/01/26 04:35:14 | 001,237,433 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\tdsskiller.zip

[2011/01/25 09:44:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/01/25 09:44:52 | 000,260,784 | RHS- | C] () -- C:\cmldr

[2011/01/25 09:38:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/01/25 09:38:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/01/25 09:38:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/01/25 09:38:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/01/25 09:38:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/01/25 09:16:52 | 004,160,093 | R--- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\ComboFix.exe

[2011/01/24 11:02:24 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\dds.scr

[2011/01/23 16:23:27 | 002,057,568 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\SecurityTaskManager_Setup.exe

[2011/01/23 13:38:10 | 000,060,057 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\biljett-X8JZUN-LN2AE.pdf

[2011/01/23 13:35:30 | 000,060,414 | ---- | C] () -- C:\Documents and Settings\somo.000\Skrivbord\terrakottaarmen-biljett-X8JZUN-LN2AE.pdf

[2011/01/13 04:54:26 | 000,154,624 | ---- | C] () -- C:\Mina Dokument\Dagbok Big Five Safari i Krügerparken 29 dec 2010.doc

[2010/10/31 17:35:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\somo.000\Lokala inställningar\Application Data\housecall.guid.cache

[2010/08/22 10:00:19 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2010/04/26 10:09:32 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\SMBIOSSP.exe

[2010/02/14 08:44:42 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll

[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/06/01 17:29:43 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\somo.000\.java.policy

[2009/05/08 03:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/04/30 09:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/02/19 07:37:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI

[2009/02/06 09:10:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys

[2009/01/18 13:25:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/12/31 11:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\GamlaOGACheckControl.dll

[2008/12/23 12:01:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\burnit.INI

[2008/11/19 18:19:50 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\PHP.ini

[2008/11/17 11:33:37 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll

[2008/09/16 02:41:37 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys

[2008/06/12 10:42:38 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini

[2008/04/08 07:00:09 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/02/04 10:15:40 | 000,022,482 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007/02/04 10:15:40 | 000,001,059 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007/02/04 10:14:58 | 000,059,079 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007/02/04 10:14:57 | 000,014,663 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007/02/04 10:14:56 | 000,017,566 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2007/01/24 16:30:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini

[2006/11/28 05:00:48 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\somo.000\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/11/02 08:18:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log

[2006/11/02 08:18:06 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log

[2006/11/02 08:18:06 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini

[2006/09/23 20:53:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll

[2006/06/14 11:54:08 | 000,004,105 | ---- | C] () -- C:\WINDOWS\System32\INFRA.INI

[2006/04/23 11:02:59 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log

[2006/04/23 11:02:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini

[2006/04/07 07:12:27 | 000,000,166 | ---- | C] () -- C:\WINDOWS\ds2000.ini

[2006/04/04 17:18:25 | 000,002,784 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_InstantShareJPG.log

[2006/04/04 17:18:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini

[2006/04/04 17:18:03 | 000,003,543 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\PatchUpdate_IZClosingDiscError.log

[2006/04/04 17:18:03 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini

[2006/04/04 17:16:46 | 000,005,220 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/04/04 17:16:46 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/04/04 17:15:18 | 000,072,731 | ---- | C] () -- C:\Documents and Settings\somo.000\Application Data\Update_HP_RedboxHprblog_HPSU.log

[2006/04/04 17:15:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2006/02/28 10:37:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI

[2005/12/23 21:02:18 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\somo.000\userprefs.prop

[2005/12/23 20:03:55 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\somo.000\pokerclient.log

[2005/12/10 06:18:07 | 000,001,294 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/30 08:40:44 | 000,548,864 | R--- | C] () -- C:\WINDOWS\System32\hpgt4850.dll

[2005/04/04 04:15:34 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\SOMO\Application Data\AdobeDLM.log

[2005/03/15 04:19:12 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\OT_FPG32.dll

[2005/03/15 04:19:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\OT_SPX32.dll

[2005/03/15 04:19:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\OT_TCP32.dll

[2005/03/15 04:19:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\OT_NET32.dll

[2005/03/15 04:19:12 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\SIMSPY32.DLL

[2005/02/27 14:09:46 | 000,000,082 | ---- | C] () -- C:\WINDOWS\klienthanterare.ini

[2005/02/27 14:06:43 | 000,000,343 | ---- | C] () -- C:\WINDOWS\start.ini

[2005/02/27 14:06:12 | 000,004,136 | ---- | C] () -- C:\WINDOWS\SKATTWIN.INI

[2005/02/27 14:05:51 | 000,000,576 | ---- | C] () -- C:\WINDOWS\kundkort.ini

[2005/02/20 11:35:40 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2005/02/07 02:09:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SOMO\Application Data\dm.ini

[2005/02/06 14:51:57 | 000,011,009 | ---- | C] () -- C:\Program\HPSETUP.LOG

[2005/01/26 06:46:23 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\somo.000\Lokala inställningar\Application Data\fusioncache.dat

[2005/01/24 11:21:07 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI

[2005/01/24 11:17:06 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ppdrv.ini

[2005/01/24 11:14:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[2005/01/24 11:14:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\hpud32.dll

[2005/01/24 11:14:44 | 000,123,424 | ---- | C] () -- C:\WINDOWS\p1220_32.dll

[2005/01/24 11:14:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[2005/01/24 11:14:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\hpudrv.ini

[2004/12/21 02:47:06 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI

[2004/11/24 11:01:16 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\somo.000\convert.log

[2004/11/24 10:07:48 | 000,002,399 | ---- | C] () -- C:\WINDOWS\Fcic.ini

[2004/11/24 09:59:38 | 000,001,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/11/24 09:59:38 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2004/11/24 09:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2004/11/24 09:51:45 | 000,000,068 | ---- | C] () -- C:\WINDOWS\NetOp.Ini

[2004/11/24 03:10:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2004/11/24 02:54:55 | 000,003,220 | ---- | C] () -- C:\WINDOWS\TobOcrQ.ini

[2004/11/24 02:54:55 | 000,000,967 | ---- | C] () -- C:\WINDOWS\tobcbo32.ini

[2004/11/24 02:54:55 | 000,000,876 | ---- | C] () -- C:\WINDOWS\TobOcr.ini

[2004/11/24 02:54:55 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tobcbo25.ini

[2004/11/24 02:54:55 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tobcbo10.ini

[2004/11/24 02:54:55 | 000,000,205 | ---- | C] () -- C:\WINDOWS\tobcbo11.ini

[2004/11/24 02:54:55 | 000,000,180 | ---- | C] () -- C:\WINDOWS\tobcbo20.ini

[2004/11/24 02:54:44 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\jntest\convert.log

[2004/11/11 13:12:31 | 000,008,000 | ---- | C] () -- C:\WINDOWS\System32\yukti.dll

[2004/11/11 07:29:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\SOMO\Lokala inställningar\Application Data\fusioncache.dat

[2004/11/11 03:35:43 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\SOMO\convert.log

[2004/11/09 14:56:45 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Sören\Lokala inställningar\Application Data\fusioncache.dat

[2004/10/27 17:26:43 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Sören\convert.log

[2004/10/27 17:26:30 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\convert.log

[2004/10/05 03:33:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/10/05 03:24:09 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Administratör\convert.log

[2004/10/05 02:57:08 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/04/26 09:53:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2004/03/28 04:16:40 | 000,004,669 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/26 17:32:14 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2003/02/20 02:34:10 | 000,192,593 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll

[2003/02/05 08:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll

[2002/12/03 10:14:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll

[2002/05/15 06:23:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\CddbLangSV.dll

[2002/02/21 07:25:22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/10/23 08:43:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll

[2001/10/23 03:36:04 | 000,012,112 | ---- | C] () -- C:\WINDOWS\System32\wmntapi.dll

[2001/10/04 08:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

[2001/07/18 03:36:46 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\wmrasm.dll

[2000/01/20 03:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll

[1999/06/29 22:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll

[1999/01/22 05:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1999/01/10 22:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini

[1998/03/10 23:25:40 | 000,002,420 | ---- | C] () -- C:\WINDOWS\lwppro.ini

[1996/05/14 03:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll

[1995/08/22 02:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

 

========== LOP Check ==========

 

[2004/11/24 10:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jntest\Application Data\NetOp

[2009/06/01 17:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Agency9

[2009/04/01 02:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Ashampoo

[2010/06/14 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Ashampoo Photo Commander 3

[2010/05/05 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Auslogics

[2008/11/08 07:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Bullzip

[2010/06/13 11:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/05/22 08:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\DeepBurner

[2010/05/02 16:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\DriverFinder

[2010/05/09 06:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\ElevatedDiagnostics

[2008/10/24 17:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\GARMIN

[2008/10/05 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\ICAClient

[2006/11/02 09:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Icon Constructor

[2005/12/10 06:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\InterVideo

[2010/05/24 06:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\IObit

[2005/02/07 02:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Leadertech

[2006/10/29 04:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\MSN Search Toolbar

[2007/11/30 08:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Musicator

[2010/05/02 16:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\MySQL-Front

[2010/05/02 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\NCH Swift Sound

[2005/02/27 04:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\NetOp

[2009/02/11 05:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Netscape

[2009/03/16 05:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Personal

[2008/10/05 12:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Runaware

[2005/01/26 06:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Scala.6

[2010/09/11 05:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Software Informer

[2009/09/14 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\SPCS

[2009/08/24 17:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\SystemRequirementsLab

[2009/11/03 15:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\TweakNow RegCleaner

[2010/05/02 16:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Uniblue

[2009/10/10 10:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\VersionTracker Pro

[2010/09/02 10:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\webex

[2006/10/29 04:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\Windows Desktop Search

[2010/03/16 17:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\wsInspector

[2006/05/30 16:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\somo.000\Application Data\XnView

[2005/11/03 08:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\MSN Search Toolbar

[2005/01/17 06:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\NetOp

[2005/06/04 05:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\Netscape

[2004/11/11 10:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\Scala.6

[2005/04/29 08:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SOMO\Application Data\SPCS

[2004/11/10 12:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sören\Application Data\Scala.6

 

========== Purity Check ==========

 

 

< End of report >

Link to comment
Share on other sites

Ja, nu är de två McAfee-drivrutinerna borta i alla fall.

 

C:\Dokuments and Settings\somo.000\Skrivbord\Garmin_RMU_CNEUNT2009.exe

Ta bort den filen, du kan ju spara den på USB-minne/CD-skiva först om du vill, och försök med Esets skanner igen.

Link to comment
Share on other sites

Nu när jag bootade från CD så kollade jag control panel och search och då går båda två fint som när jag kör i felsäkert läge.

Jag tar och avinstallerar EmsiSoft. Jag använder ju inte den på denna maskin längre.

Finns det ngt prog därute som rensar restern efter avinstallation?

OK Jag öppnar IE och kör Eset därifrån det var enklare.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...