CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

dogan90 Nybegynder

25. december 2009 - 04:14 Der er 92 kommentarer

DR/Delphi.gen

Hej

Jeg har en HP computer som jeg købte for 1 år siden ca. Jeg har lige installeret Antivir og efter jeg gjorde det er jeg begyndt at få nogle popups der siger: DR/Delphi.gen. Hvad betyder dette?

Selvom jeg prøver at slette dem eller deny access kommer de igen. Det er rigtig irriterende da jeg ikke kan surfe 10 uden de kommer.

Anyone? Please..

Synes godt om

Poko1 Ekspert

25. december 2009 - 08:59 #1

Har du sat popup blokker til?

Synes godt om

220661 Ekspert

25. december 2009 - 09:04 #2

Hent Malwarebytes Antimalware her:http://www.malwarebytes.org/
Når programmet er installeret, hent opdateringer til det i programvinduet. Sæt det herefter til at scanne din computer. Når programmet er færdigt, skal du huske at trykke fjern det valgte.

Synes godt om

Poko1 Ekspert

25. december 2009 - 09:14 #3

Ja det er en Troianer!

Synes godt om

f-arn Guru

25. december 2009 - 09:21 #4

Følg 220661
og deefter->
Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier indholdet mellem linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

220661 Ekspert

25. december 2009 - 09:21 #5

Tror den ligger i registrerings databasen, og håber Malwarebytes kan tage den.

Synes godt om

dogan90 Nybegynder

25. december 2009 - 15:38 #6

Jeg har malwarebytes. Jeg prøver lige med den og hvis virus/trojanen stadig poppper op prøver jeg det der står i f-arns post.

Synes godt om

dogan90 Nybegynder

25. december 2009 - 15:53 #7

Det kommer til at tage en del tid at skanne, da jeg har rimelig mange filer på min computer. :(

Det var noget jeg fik i går forresten. Det er ikke en trojan jeg har haft længe. Jeg værdsætter jeres hjælp, er meget taknemmelig.

Synes godt om

f-arn Guru

25. december 2009 - 16:25 #8

Du kan nøjes med en "hurtig skan" Den er lige så god. Det er ihvetfald hvad Malwarebytes eget forum mener.

Synes godt om

f-arn Guru

25. december 2009 - 16:27 #9

Til Eksperten:
Så kom dog med den mulighed for at rette!

Synes godt om

dogan90 Nybegynder

26. december 2009 - 15:19 #10

Når jeg installerer ComboFix vil den gerne lave en systemgendannelsesfil. Skal jeg bare acceptere det?

Og ja er enig med dig. Det er irriterende når man ikke kan rette i sin post.

Synes godt om

dogan90 Nybegynder

26. december 2009 - 15:20 #11

Og jeg har prøvet hurtig scan. Den gav ingen resultater så prøver complete scan nu. Man ved jo aldrig.

Synes godt om

dogan90 Nybegynder

26. december 2009 - 17:41 #12

lwarebytes' Anti-Malware 1.42
Database version: 3406
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

26-12-2009 17:40:46
mbam-log-2009-12-26 (17-40-46).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|)
Objekter skannet: 343224
Tid tilbagelagt: 2 hour(s), 31 minute(s), 16 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
__________________________________________________________________

Ingen inficerede filer, da jeg scannede med Malwarebytes

Nu til anden fase:D

Synes godt om

Computer Hjælp (Gratis) Mester

26. december 2009 - 18:14 #13

Principiet skal du OPDATERE MalwareBytes først; nyeste Database version i skrivendes stund er 3435, du har 3406 ...

Synes godt om

dogan90 Nybegynder

26. december 2009 - 18:27 #14

Okay prøver igen så :)

Synes godt om

dogan90 Nybegynder

26. december 2009 - 20:12 #15

Malwarebytes' Anti-Malware 1.42
Database version: 3435
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

26-12-2009 20:12:39
mbam-log-2009-12-26 (20-12-39).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 345258
Tid tilbagelagt: 1 hour(s), 44 minute(s), 16 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Synes godt om

Computer Hjælp (Gratis) Mester

26. december 2009 - 20:24 #16

<f-arn> fortsætter herfra ...

Synes godt om

dogan90 Nybegynder

26. december 2009 - 20:57 #17

ComboFix 09-12-25.05 - Hami-D 26-12-2009 20:22:22.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3069.1750 [GMT 1:00]
Kører fra: c:\users\Hami-D\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Hami-D\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1466668472-2088684639-1928790022-500
c:\$recycle.bin\S-1-5-21-1914844971-1123622860-3269689999-1002

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-11-26 til 2009-12-26 )))))))))))))))))))))))))))))))))))
.

2009-12-26 19:37 . 2009-12-26 19:43 -------- d-----w- c:\users\Hami-D\AppData\Local\temp
2009-12-26 19:37 . 2009-12-26 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 19:37 . 2009-12-26 19:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-12-25 02:59 . 2009-12-25 02:59 -------- d-----w- c:\program files\Trend Micro
2009-12-25 00:38 . 2009-12-25 01:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-25 00:38 . 2009-12-25 00:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-23 14:00 . 2009-12-23 14:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-23 14:00 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\programdata\Avira
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\program files\Avira
2009-12-22 21:09 . 2009-12-22 21:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-22 21:09 . 2009-12-25 15:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 02:44 . 2009-12-22 02:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-12-22 02:44 . 2009-12-24 10:49 70760 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 02:44 . 2009-12-24 10:50 -------- d-----w- c:\users\Administrator\AppData\Local\QuickPlay
2009-12-21 23:39 . 2009-12-21 23:39 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Malwarebytes
2009-12-21 23:38 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 23:38 . 2009-12-21 23:38 -------- d-----w- c:\programdata\Malwarebytes
2009-12-21 23:38 . 2009-12-21 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 23:38 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 14:01 . 2009-12-17 14:01 -------- d-----w- c:\program files\Audacity
2009-12-11 13:06 . 2009-12-11 13:06 -------- d-----w- c:\users\Hami-D\AppData\Local\vdownloader
2009-12-11 13:04 . 2009-12-11 13:04 -------- d-----w- c:\program files\Ask.com
2009-12-11 13:04 . 2009-12-11 13:04 -------- d-----w- c:\program files\VDOWNLOADER
2009-12-10 00:42 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 00:42 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 00:42 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 10:58 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 09:28 . 2009-12-07 09:28 -------- d-----w- C:\VJVod_Cache
2009-12-06 20:10 . 2009-12-06 20:10 -------- d-----w- c:\windows\system32\nagasoft
2009-12-06 19:16 . 2009-12-06 19:16 -------- d-----w- c:\program files\Veetle
2009-12-01 08:50 . 2009-12-01 08:50 -------- d-----w- c:\program files\Common Files\Apple
2009-12-01 08:45 . 2009-12-01 08:48 -------- d-----w- c:\program files\QuickTime
2009-11-29 16:03 . 2009-12-03 16:54 -------- d-----w- c:\users\Hami-D\AppData\Local\PokerStars
2009-11-29 16:02 . 2009-11-29 16:03 -------- d-----w- c:\program files\PokerStars
2009-11-27 10:49 . 2009-11-27 10:53 -------- d-----w- c:\program files\FIRMASTARTPAKKEN
2009-11-26 20:59 . 2009-11-26 20:59 -------- d-----w- c:\users\Hami-D\AppData\Roaming\StreamTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 00:20 . 2008-06-07 04:54 -------- d-----w- c:\program files\Java
2009-12-23 14:43 . 2009-11-03 15:51 -------- d-----w- c:\programdata\avg9
2009-12-12 13:06 . 2008-06-07 03:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 00:49 . 2009-08-16 19:40 -------- d-----w- c:\program files\GameKiss
2009-12-10 23:24 . 2008-06-07 01:57 589296 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-10 23:24 . 2008-06-07 01:57 117296 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-10 23:24 . 2008-06-07 01:49 76390 ----a-w- c:\windows\system32\perfc014.dat
2009-12-10 23:24 . 2008-06-07 01:49 443832 ----a-w- c:\windows\system32\perfh014.dat
2009-12-10 23:24 . 2008-06-07 01:41 80612 ----a-w- c:\windows\system32\perfc00B.dat
2009-12-10 23:24 . 2008-06-07 01:41 427118 ----a-w- c:\windows\system32\perfh00B.dat
2009-12-10 23:24 . 2008-06-07 01:33 77202 ----a-w- c:\windows\system32\perfc006.dat
2009-12-10 23:24 . 2008-06-07 01:33 463344 ----a-w- c:\windows\system32\perfh006.dat
2009-12-10 08:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 00:42 . 2009-01-28 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-12-05 17:54 . 2009-04-14 11:53 680 ----a-w- c:\users\Hami-D\AppData\Local\d3d9caps.dat
2009-12-01 08:45 . 2009-05-10 10:51 -------- d-----w- c:\programdata\Apple Computer
2009-11-23 16:44 . 2009-11-13 20:10 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-09 10:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 10:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 12:06 . 2009-11-18 12:06 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 12:01 . 2009-11-18 12:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 11:59 . 2009-11-18 11:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 15:31 . 2009-11-14 15:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-14 15:31 . 2009-06-01 13:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-14 15:29 . 2009-11-14 15:29 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-12 01:30 . 2009-11-12 01:30 -------- d-----w- c:\program files\IECustomizer.com
2009-11-10 02:21 . 2009-05-10 10:54 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Apple Computer
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\program files\Apple Software Update
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\programdata\Apple
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-03 15:51 . 2009-05-25 13:22 -------- d-----w- c:\program files\AVG
2009-11-02 22:47 . 2009-04-17 21:00 -------- d-----w- c:\program files\COMODO
2009-11-02 19:42 . 2009-10-03 00:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:34 . 2009-10-30 17:26 -------- d-----w- c:\program files\CCFile
2009-10-29 09:17 . 2009-11-25 09:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-08 21:08 . 2009-11-18 11:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 11:51 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 11:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 11:53 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 11:53 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 11:53 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 11:53 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 11:53 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 11:53 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 11:53 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 11:53 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 11:53 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 11:53 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 11:53 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 11:53 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 11:53 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 11:53 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 11:53 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-18 11:53 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-02-12 14:21 . 2009-02-12 14:21 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 12:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-01 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-23 206392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-22 788880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Hami-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ae,96,e3,09,8a,37,ca,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27-09-2008 10:50 15416]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14-11-2009 16:31 64288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [17-04-2009 22:01 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [17-04-2009 22:01 28688]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [01-06-2009 12:58 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23-12-2009 15:00 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19-03-2008 00:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [07-06-2008 05:46 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-12-2009 01:38 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27-05-2009 13:38 185640]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23-01-2008 22:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01-04-2008 12:14 81296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07-06-2008 04:52 239160]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-01-2008 03:23 21504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-09-2009 12:17 1181328]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [18-02-2009 11:47 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{323AF0A7-690A-47D9-819B-348831CC7DC5} - c:\program files\IECustomizer.com\IEButtons\SearchIECThemes.htm
IE: {{472A296E-D7C1-4A70-8511-5039B09EBDDB} - java script:document.location='http://www.iecustomizer.com/iethemes'
IE: {{B9844E33-6201-47AA-B30A-BCA3363C2BFA} - c:\program files\IECustomizer.com\Tools\IETheme.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-CCFile - c:\program files\CCFile\ccfile.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 20:42
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x86472618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8079ad24
\Driver\ACPI -> acpi.sys @ 0x80608d68
\Driver\atapi -> ataport.SYS @ 0x8acb4a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(2392)
c:\windows\system32\guard32.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-26 20:56:28 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-12-26 19:56

Pre-Kørsel: 216 887 611 392 byte ledig
Post-Kørsel: 216 985 731 072 byte ledig

- - End Of File - - ADE98E4112D4E2539088B959748B6073

Synes godt om

dogan90 Nybegynder

26. december 2009 - 20:59 #18

Jeg forstår ikke hvorfor den siger Comodo kører når jeg har slettet det :)

Synes godt om

Computer Hjælp (Gratis) Mester

27. december 2009 - 15:30 #19

Kan jeg få en 'frisk' log fra HiJackThis (Den ka' jeg bedre overskue pt. ...) ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Synes godt om

dogan90 Nybegynder

27. december 2009 - 16:00 #20

Hehe jeg har det allerede i forvejen :)

Synes godt om

dogan90 Nybegynder

27. december 2009 - 16:03 #21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:54, on 27-12-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; IETheme.exe(1.1.3); SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; msn OptimizedIE8;DADK; AskTB5.4)" -"http://www.miniclip.com/games/formula-racing/en/"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar-søgning - C:\ProgramData\AOL\ieToolbar\resources\da-DK\local\search.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - java script:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - java script:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 13491 bytes

__________________________________________________________________

Værsgo

Synes godt om

dogan90 Nybegynder

27. december 2009 - 16:08 #22

Synes godt om

Computer Hjælp (Gratis) Mester

27. december 2009 - 17:15 #23

Under alle omstændigheder så AFINSTALL
* ASK Toolbar
* GameConsoleService - (Hvis den er der ?)
* AOL Toolbar

------------------------------------------------------------------------

Kør en scanning med Hijackthis, (Mest 'oprydning')
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar-søgning - C:\ProgramData\AOL\ieToolbar\resources\da-DK\local\search.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - java script:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - java script:document.location='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med nævnte CCleaner...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Synes godt om

dogan90 Nybegynder

27. december 2009 - 18:05 #24

Trojanerne er der stadig. Den er dog blevet lidt hurtigere.

Desuden har jeg også et andet problem. Hver gang jeg starter min computer op siger den Catalyst Control Center: Monitoring program er holdt op med at fungere.

Det samme siger den om HP Health Check Scheduler.

Synes godt om

f-arn Guru

27. december 2009 - 21:30 #25

Slet den combofix du har og hent en ny:

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

dogan90 Nybegynder

27. december 2009 - 22:21 #26

ComboFix 09-12-26.05 - Hami-D 27-12-2009 21:51:32.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3069.2035 [GMT 1:00]
Kører fra: c:\users\Hami-D\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Hami-D\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Filer skabt fra 2009-11-27 til 2009-12-27 )))))))))))))))))))))))))))))))))))
.

2009-12-27 21:05 . 2009-12-27 21:08 -------- d-----w- c:\users\Hami-D\AppData\Local\temp
2009-12-27 21:05 . 2009-12-27 21:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-27 21:05 . 2009-12-27 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 21:05 . 2009-12-27 21:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-12-27 16:52 . 2009-12-27 16:52 -------- d-----w- c:\program files\CCleaner
2009-12-25 02:59 . 2009-12-25 02:59 -------- d-----w- c:\program files\Trend Micro
2009-12-25 00:38 . 2009-12-27 16:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-25 00:38 . 2009-12-25 00:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-23 14:00 . 2009-12-23 14:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-23 14:00 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\programdata\Avira
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\program files\Avira
2009-12-22 21:09 . 2009-12-22 21:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-22 21:09 . 2009-12-25 15:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 02:44 . 2009-12-22 02:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-12-22 02:44 . 2009-12-24 10:49 70760 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 02:44 . 2009-12-24 10:50 -------- d-----w- c:\users\Administrator\AppData\Local\QuickPlay
2009-12-21 23:39 . 2009-12-21 23:39 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Malwarebytes
2009-12-21 23:38 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 23:38 . 2009-12-21 23:38 -------- d-----w- c:\programdata\Malwarebytes
2009-12-21 23:38 . 2009-12-21 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 23:38 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 14:01 . 2009-12-17 14:01 -------- d-----w- c:\program files\Audacity
2009-12-11 13:06 . 2009-12-11 13:06 -------- d-----w- c:\users\Hami-D\AppData\Local\vdownloader
2009-12-11 13:04 . 2009-12-11 13:04 -------- d-----w- c:\program files\VDOWNLOADER
2009-12-10 00:42 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 00:42 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 00:42 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 10:58 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 09:28 . 2009-12-07 09:28 -------- d-----w- C:\VJVod_Cache
2009-12-06 20:10 . 2009-12-06 20:10 -------- d-----w- c:\windows\system32\nagasoft
2009-12-06 19:16 . 2009-12-06 19:16 -------- d-----w- c:\program files\Veetle
2009-12-01 08:50 . 2009-12-01 08:50 -------- d-----w- c:\program files\Common Files\Apple
2009-12-01 08:45 . 2009-12-01 08:48 -------- d-----w- c:\program files\QuickTime
2009-11-29 16:03 . 2009-12-03 16:54 -------- d-----w- c:\users\Hami-D\AppData\Local\PokerStars
2009-11-29 16:02 . 2009-11-29 16:03 -------- d-----w- c:\program files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 17:03 . 2008-06-07 01:57 589296 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-27 17:03 . 2008-06-07 01:57 117296 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-27 17:03 . 2008-06-07 01:49 76390 ----a-w- c:\windows\system32\perfc014.dat
2009-12-27 17:03 . 2008-06-07 01:49 443832 ----a-w- c:\windows\system32\perfh014.dat
2009-12-27 17:03 . 2008-06-07 01:41 80612 ----a-w- c:\windows\system32\perfc00B.dat
2009-12-27 17:03 . 2008-06-07 01:41 427118 ----a-w- c:\windows\system32\perfh00B.dat
2009-12-27 17:03 . 2008-06-07 01:33 77202 ----a-w- c:\windows\system32\perfc006.dat
2009-12-27 17:03 . 2008-06-07 01:33 463344 ----a-w- c:\windows\system32\perfh006.dat
2009-12-27 17:00 . 2009-01-26 16:22 70760 ----a-w- c:\users\Hami-D\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 00:20 . 2008-06-07 04:54 -------- d-----w- c:\program files\Java
2009-12-23 14:43 . 2009-11-03 15:51 -------- d-----w- c:\programdata\avg9
2009-12-22 15:40 . 2009-06-29 13:13 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-22 15:40 . 2009-06-29 13:13 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-22 15:40 . 2009-06-29 13:13 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-22 15:40 . 2009-11-14 15:31 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-22 15:40 . 2009-06-29 13:13 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-22 15:40 . 2009-06-29 13:13 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-22 15:38 . 2009-06-29 13:13 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-22 15:38 . 2009-06-29 13:13 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-22 15:38 . 2009-06-29 13:13 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-22 15:37 . 2009-06-29 13:13 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-22 15:37 . 2009-06-29 13:13 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-22 15:37 . 2009-06-29 13:13 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-22 15:37 . 2009-06-29 13:13 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-12 13:06 . 2008-06-07 03:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 00:49 . 2009-08-16 19:40 -------- d-----w- c:\program files\GameKiss
2009-12-10 08:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 00:42 . 2009-01-28 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-12-05 17:54 . 2009-04-14 11:53 680 ----a-w- c:\users\Hami-D\AppData\Local\d3d9caps.dat
2009-12-01 08:45 . 2009-05-10 10:51 -------- d-----w- c:\programdata\Apple Computer
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_6e5d1ad4.exe
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_63cb6bfc.exe
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_3b251e1f.exe
2009-11-27 10:53 . 2009-11-27 10:49 -------- d-----w- c:\program files\FIRMASTARTPAKKEN
2009-11-26 20:59 . 2009-11-26 20:59 -------- d-----w- c:\users\Hami-D\AppData\Roaming\StreamTorrent
2009-11-24 15:31 . 2009-06-29 13:13 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-24 15:31 . 2009-06-29 13:13 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-24 15:31 . 2009-06-29 13:13 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-24 15:31 . 2009-09-21 13:19 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-23 16:44 . 2009-11-13 20:10 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-09 10:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 10:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 12:06 . 2009-11-18 12:06 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 12:01 . 2009-11-18 12:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 11:59 . 2009-11-18 11:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 15:31 . 2009-11-14 15:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-14 15:31 . 2009-11-14 15:31 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-14 15:31 . 2009-11-14 15:31 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-14 15:31 . 2009-06-01 13:47 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-14 15:31 . 2009-06-01 13:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-14 15:31 . 2009-11-14 15:31 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-14 15:31 . 2009-11-14 15:31 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-14 15:31 . 2009-11-14 15:31 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-14 15:31 . 2009-11-14 15:31 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-14 15:29 . 2009-11-14 15:29 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-12 01:30 . 2009-11-12 01:30 -------- d-----w- c:\program files\IECustomizer.com
2009-11-10 02:21 . 2009-05-10 10:54 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Apple Computer
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\program files\Apple Software Update
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\programdata\Apple
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-03 15:51 . 2009-05-25 13:22 -------- d-----w- c:\program files\AVG
2009-11-02 19:42 . 2009-10-03 00:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:34 . 2009-10-30 17:26 -------- d-----w- c:\program files\CCFile
2009-10-29 09:17 . 2009-11-25 09:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-14 22:44 . 2009-10-14 22:44 406264 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-08 21:08 . 2009-11-18 11:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 11:51 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 11:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-03 08:15 . 2009-11-14 15:29 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-01 01:02 . 2009-11-18 11:53 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 11:53 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 11:53 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 11:53 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 11:53 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 11:53 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 11:53 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 11:53 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 11:53 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 11:53 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 11:53 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 11:53 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 11:53 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 11:53 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 11:53 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-18 11:53 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-02-12 14:21 . 2009-02-12 14:21 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-01 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-23 206392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-22 788880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ae,96,e3,09,8a,37,ca,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27-09-2008 10:50 15416]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14-11-2009 16:31 64288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [17-04-2009 22:01 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [17-04-2009 22:01 28688]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [01-06-2009 12:58 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23-12-2009 15:00 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19-03-2008 00:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [07-06-2008 05:46 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-12-2009 01:38 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27-05-2009 13:38 185640]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23-01-2008 22:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01-04-2008 12:14 81296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07-06-2008 04:52 239160]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-01-2008 03:23 21504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-09-2009 12:17 1181328]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [18-02-2009 11:47 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: {{323AF0A7-690A-47D9-819B-348831CC7DC5} - c:\program files\IECustomizer.com\IEButtons\SearchIECThemes.htm
IE: {{B9844E33-6201-47AA-B30A-BCA3363C2BFA} - c:\program files\IECustomizer.com\Tools\IETheme.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 22:08
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x86471618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a7d24
\Driver\ACPI -> acpi.sys @ 0x80615d68
\Driver\atapi -> ataport.SYS @ 0x8acb6a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(1620)
c:\windows\system32\guard32.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-27 22:20:37 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-12-27 21:20

Pre-Kørsel: 217 791 008 768 byte ledig
Post-Kørsel: 217 767 456 768 byte ledig

- - End Of File - - 85AB1155CED1EADF78182BE80424FEAE

Synes godt om

f-arn Guru

27. december 2009 - 22:59 #27

Jeg er træt, så jeg ta'r den imorgen

Synes godt om

dogan90 Nybegynder

28. december 2009 - 12:39 #28

Det ser jeg frem til :)

Synes godt om

f-arn Guru

28. december 2009 - 14:11 #29

1. Hent DeFogger og gem programmet på dit Skrivebord:

http://www.jpshortstuff.247fixes.com/Defogger.exe

2. Dobbeltklik på Defogger.exe - et vindue vil åbne sig - klik på "Disable" og klik "Yes" for at fortsætte. Nu vil programmet deaktivere dit CD-emulations program og afslutte med "Finished!" - klik "OK". NB - efter rensning vil vi aktivere dit CD-emulations program igen; ingen grund til bekymring.

3. Defogger vil nu genstarte din computer - klik OK.

4. Kør Combofix igen og læg loggen herind

Synes godt om

dogan90 Nybegynder

28. december 2009 - 14:42 #30

Linket virker ikke. Kan du give mig et andet?

Synes godt om

dogan90 Nybegynder

28. december 2009 - 15:13 #31

Ok nu virker det :D

Synes godt om

dogan90 Nybegynder

28. december 2009 - 16:00 #32

ComboFix 09-12-27.03 - Hami-D 28-12-2009 15:30:25.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3069.2086 [GMT 1:00]
Kører fra: c:\users\Hami-D\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Hami-D\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Filer skabt fra 2009-11-28 til 2009-12-28 )))))))))))))))))))))))))))))))))))
.

2009-12-28 14:44 . 2009-12-28 14:47 -------- d-----w- c:\users\Hami-D\AppData\Local\temp
2009-12-28 14:44 . 2009-12-28 14:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-28 14:44 . 2009-12-28 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-28 14:44 . 2009-12-28 14:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-12-27 16:52 . 2009-12-27 16:52 -------- d-----w- c:\program files\CCleaner
2009-12-25 02:59 . 2009-12-25 02:59 -------- d-----w- c:\program files\Trend Micro
2009-12-25 00:38 . 2009-12-27 16:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-25 00:38 . 2009-12-25 00:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-23 14:00 . 2009-12-23 14:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-23 14:00 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\programdata\Avira
2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\program files\Avira
2009-12-22 21:09 . 2009-12-22 21:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-22 21:09 . 2009-12-25 15:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 02:44 . 2009-12-22 02:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-12-22 02:44 . 2009-12-24 10:49 70760 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-22 02:44 . 2009-12-24 10:50 -------- d-----w- c:\users\Administrator\AppData\Local\QuickPlay
2009-12-21 23:39 . 2009-12-21 23:39 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Malwarebytes
2009-12-21 23:38 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 23:38 . 2009-12-21 23:38 -------- d-----w- c:\programdata\Malwarebytes
2009-12-21 23:38 . 2009-12-21 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 23:38 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 14:01 . 2009-12-17 14:01 -------- d-----w- c:\program files\Audacity
2009-12-11 13:06 . 2009-12-11 13:06 -------- d-----w- c:\users\Hami-D\AppData\Local\vdownloader
2009-12-11 13:04 . 2009-12-11 13:04 -------- d-----w- c:\program files\VDOWNLOADER
2009-12-10 00:42 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 00:42 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 00:42 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 10:58 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 09:28 . 2009-12-07 09:28 -------- d-----w- C:\VJVod_Cache
2009-12-06 20:10 . 2009-12-06 20:10 -------- d-----w- c:\windows\system32\nagasoft
2009-12-06 19:16 . 2009-12-06 19:16 -------- d-----w- c:\program files\Veetle
2009-12-01 08:50 . 2009-12-01 08:50 -------- d-----w- c:\program files\Common Files\Apple
2009-12-01 08:45 . 2009-12-01 08:48 -------- d-----w- c:\program files\QuickTime
2009-11-29 16:03 . 2009-12-03 16:54 -------- d-----w- c:\users\Hami-D\AppData\Local\PokerStars
2009-11-29 16:02 . 2009-11-29 16:03 -------- d-----w- c:\program files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 17:03 . 2008-06-07 01:57 589296 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-27 17:03 . 2008-06-07 01:57 117296 ----a-w- c:\windows\system32\perfc01D.dat
2009-12-27 17:03 . 2008-06-07 01:49 76390 ----a-w- c:\windows\system32\perfc014.dat
2009-12-27 17:03 . 2008-06-07 01:49 443832 ----a-w- c:\windows\system32\perfh014.dat
2009-12-27 17:03 . 2008-06-07 01:41 80612 ----a-w- c:\windows\system32\perfc00B.dat
2009-12-27 17:03 . 2008-06-07 01:41 427118 ----a-w- c:\windows\system32\perfh00B.dat
2009-12-27 17:03 . 2008-06-07 01:33 77202 ----a-w- c:\windows\system32\perfc006.dat
2009-12-27 17:03 . 2008-06-07 01:33 463344 ----a-w- c:\windows\system32\perfh006.dat
2009-12-27 17:00 . 2009-01-26 16:22 70760 ----a-w- c:\users\Hami-D\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 00:20 . 2008-06-07 04:54 -------- d-----w- c:\program files\Java
2009-12-23 14:43 . 2009-11-03 15:51 -------- d-----w- c:\programdata\avg9
2009-12-22 15:40 . 2009-06-29 13:13 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-22 15:40 . 2009-06-29 13:13 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-22 15:40 . 2009-06-29 13:13 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-22 15:40 . 2009-11-14 15:31 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-22 15:40 . 2009-06-29 13:13 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-22 15:40 . 2009-06-29 13:13 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-22 15:38 . 2009-06-29 13:13 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-22 15:38 . 2009-06-29 13:13 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-22 15:38 . 2009-06-29 13:13 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-22 15:37 . 2009-06-29 13:13 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-22 15:37 . 2009-06-29 13:13 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-22 15:37 . 2009-06-29 13:13 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-22 15:37 . 2009-06-29 13:13 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-12 13:06 . 2008-06-07 03:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 00:49 . 2009-08-16 19:40 -------- d-----w- c:\program files\GameKiss
2009-12-10 08:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 00:42 . 2009-01-28 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-12-05 17:54 . 2009-04-14 11:53 680 ----a-w- c:\users\Hami-D\AppData\Local\d3d9caps.dat
2009-12-01 08:45 . 2009-05-10 10:51 -------- d-----w- c:\programdata\Apple Computer
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_6e5d1ad4.exe
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_63cb6bfc.exe
2009-11-27 10:53 . 2009-11-27 10:53 27910 ----a-r- c:\users\Hami-D\AppData\Roaming\Microsoft\Installer\{29D4FA64-DA1A-4C5F-A385-1038C2D53955}\_3b251e1f.exe
2009-11-27 10:53 . 2009-11-27 10:49 -------- d-----w- c:\program files\FIRMASTARTPAKKEN
2009-11-26 20:59 . 2009-11-26 20:59 -------- d-----w- c:\users\Hami-D\AppData\Roaming\StreamTorrent
2009-11-24 15:31 . 2009-06-29 13:13 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-24 15:31 . 2009-06-29 13:13 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-24 15:31 . 2009-06-29 13:13 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-24 15:31 . 2009-09-21 13:19 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-23 16:44 . 2009-11-13 20:10 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-09 10:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 10:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 12:06 . 2009-11-18 12:06 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 12:01 . 2009-11-18 12:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 11:59 . 2009-11-18 11:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 15:31 . 2009-11-14 15:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-14 15:31 . 2009-11-14 15:31 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-14 15:31 . 2009-11-14 15:31 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-14 15:31 . 2009-06-01 13:47 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-14 15:31 . 2009-06-01 13:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-14 15:31 . 2009-11-14 15:31 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-14 15:31 . 2009-11-14 15:31 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-14 15:31 . 2009-11-14 15:31 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-14 15:31 . 2009-11-14 15:31 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-14 15:29 . 2009-11-14 15:29 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-12 01:30 . 2009-11-12 01:30 -------- d-----w- c:\program files\IECustomizer.com
2009-11-10 02:21 . 2009-05-10 10:54 -------- d-----w- c:\users\Hami-D\AppData\Roaming\Apple Computer
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\program files\Apple Software Update
2009-11-10 02:19 . 2009-11-10 02:19 -------- d-----w- c:\programdata\Apple
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-03 15:51 . 2009-05-25 13:22 -------- d-----w- c:\program files\AVG
2009-11-02 19:42 . 2009-10-03 00:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:34 . 2009-10-30 17:26 -------- d-----w- c:\program files\CCFile
2009-10-29 09:17 . 2009-11-25 09:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-14 22:44 . 2009-10-14 22:44 406264 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-08 21:08 . 2009-11-18 11:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 11:51 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 11:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-03 08:15 . 2009-11-14 15:29 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-01 01:02 . 2009-11-18 11:53 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 11:53 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 11:53 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 11:53 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 11:53 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 11:53 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 11:53 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 11:53 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 11:53 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 11:53 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 11:53 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 11:53 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 11:53 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 11:53 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 11:53 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-18 11:53 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-02-12 14:21 . 2009-02-12 14:21 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-01 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-23 206392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-22 788880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ae,96,e3,09,8a,37,ca,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27-09-2008 10:50 15416]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14-11-2009 16:31 64288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [17-04-2009 22:01 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [17-04-2009 22:01 28688]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [01-06-2009 12:58 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23-12-2009 15:00 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19-03-2008 00:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [07-06-2008 05:46 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-12-2009 01:38 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27-05-2009 13:38 185640]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23-01-2008 22:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01-04-2008 12:14 81296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07-06-2008 04:52 239160]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-01-2008 03:23 21504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-09-2009 12:17 1181328]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [18-02-2009 11:47 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: {{323AF0A7-690A-47D9-819B-348831CC7DC5} - c:\program files\IECustomizer.com\IEButtons\SearchIECThemes.htm
IE: {{B9844E33-6201-47AA-B30A-BCA3363C2BFA} - c:\program files\IECustomizer.com\Tools\IETheme.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 15:47
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x86470618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a2d24
\Driver\ACPI -> acpi.sys @ 0x80610d68
\Driver\atapi -> ataport.SYS @ 0x8acb2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(3764)
c:\windows\system32\guard32.dll
c:\windows\system32\wscntfy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-28 15:59:33 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-12-28 14:59

Pre-Kørsel: 217 706 754 048 byte ledig
Post-Kørsel: 217 574 084 608 byte ledig

- - End Of File - - D485F9DABA6CAC7E78435CD791742172

Synes godt om

f-arn Guru

29. december 2009 - 10:47 #33

Har du en Windows installations cd/dvd?

-------

Klik her: http://www.gmer.net/download.php
og download installationsprogrammet for Gmer til skrivebordet, og klik derefter på filen for at køre Gmer.

Hvis den i indledende scanning lokaliserer poster vist i rødt eller angiver "skjult" eller "rootkit", stop der, og klik på Kopiér knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier indholdet og post det her

Hvis ikke, så klik på Scan, før scanning, skal du sørge for alle andre programmer er lukket, og ingen andre aktioner såsom en planlagt antivirus scanning vil ske samtidig med denne scanning. Brug heller ikke computeren under scanningen.
Du skal også huske at fjerne flueben i Sections, IAT/EAT og Show All.
Når scanningen er færdig, klik på Kopier knappen, og højreklik på skrivebordet, vælg Ny -> Tekst dokument. Når filen er oprettet, skal du åbne den og højreklik igen og vælge Sæt ind. Kopier oplysninger og post det her

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:11 #34

Ja nu kan min computer ikke starte op. Kun i fejlsikret tilstand selvom trojanen ikke viste sig mere :( Jeg er på en anden computer lige nu. Det er så flabet. Jeg er altid så uheldig.

Synes godt om

f-arn Guru

29. december 2009 - 17:20 #35

Lavede Gmer en log. Prøv at se om du har en mappe der hedder c:\ark.

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:23 #36

Jeg har slet ikke nået at kunne gøre alt det der. Det var meningen jeg skulle gøre det nu, men så kunne den ikke starte op. Den kan heller ikek starte op i safe mode med netværk. Kun normal safe mode. Hvad kan være galt?

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:31 #37

Den virkede fint i går. Jeg brugte den til kl 6 i morges og der virkede den uden de store problemer.

Synes godt om

f-arn Guru

29. december 2009 - 17:32 #38

Hvad var det sidste du gjorde?
Har du en Windows installations cd/dvd?

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:36 #39

Jeg tror jeg har nogle system recovery CDer. ER det dem du mener? Dem lavede jeg lige da jeg fik min computer.

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:38 #40

Det sidste jeg gjorde var at se NFL på streamtorrent :) hehe

Synes godt om

f-arn Guru

29. december 2009 - 17:48 #41

Kørte du den Defogger?

Synes godt om

dogan90 Nybegynder

29. december 2009 - 17:57 #42

Ja det gjorde jeg. Sikkert den der var problemet. :(

Synes godt om

f-arn Guru

29. december 2009 - 18:07 #43

Dit problem en nok lige her:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x86470618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a2d24
\Driver\ACPI -> acpi.sys @ 0x80610d68
\Driver\atapi -> ataport.SYS @ 0x8acb2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

Den Defogger skulle bare sikre at der ikke var noget CD-emulations software der drillede.

Synes godt om

dogan90 Nybegynder

29. december 2009 - 18:13 #44

Ja men nu kan jeg ikke udføre det du sagde. Den kan ikke åbne i normal tilstand :(

Synes godt om

f-arn Guru

29. december 2009 - 18:19 #45

Du skriver det er en HP PC. Hvilken type?

Synes godt om

dogan90 Nybegynder

29. december 2009 - 18:23 #46

Det er en bærbar. HP Pavillion Entertainment dv5.

Jeg skal aldrig have HP igen. Fucking begge ownere af HP er med i Bohemian Grove. En sekt bestående af "eliten" i USA.

Synes godt om

dogan90 Nybegynder

29. december 2009 - 18:32 #47

Sikkert en del af Illuminatis planer :) hehe

Nå, men hvad gør jeg?

Synes godt om

f-arn Guru

29. december 2009 - 18:58 #48

Står din model her?
http://h10025.www1.hp.com/ewfrf/wc/prodTopCategory?product=3744187&lc=da&dlc=da&cc=dk

Synes godt om

dogan90 Nybegynder

29. december 2009 - 19:14 #49

HP Pavilion dv5-1110eo eller HP Pavilion dv5-1110ei. Hvor kan jeg se hvilken af dem det er? Jeg har kigget i boot menu, men der står intet. Der står kun det er en dv5 notebook.

Synes godt om

f-arn Guru

29. december 2009 - 22:15 #50

Det er ligemeget. Bare vælg en af dem. Gå ind under vejledninger/Sikkerhedskopiering og gendannelse af software - Windows Vista.
Prøv om du kan gendanne til tidligere dato og klokkeslæt.
Elers må du nok til at overveje at bruge dine gendannelsesdiske.
Husk lige at kopiere dine personlige ting.

Synes godt om

dogan90 Nybegynder

29. december 2009 - 23:40 #51

Jamen betyder det at jeg skal købe en ekstern harddisk?

Synes godt om

dogan90 Nybegynder

29. december 2009 - 23:42 #52

Jeg har mange vigtige filer på den. Jeg skal nok få det fixet. Trojanen var ellers forsvundet:(

Synes godt om

f-arn Guru

30. december 2009 - 00:15 #53

Trojanen var ellers forsvundet

detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a2d24
\Driver\ACPI -> acpi.sys @ 0x80610d68
\Driver\atapi -> ataport.SYS @ 0x8acb2a2c

Jeg er nu ret sikker på at du har et rootkit!
Det var derfor jeg gerne ville se en log fra Gmer.

Synes godt om

dogan90 Nybegynder

30. december 2009 - 04:14 #54

Nu har jeg gendannet min computer :D den virker perfekt igen. Jeg havde AVG på det her tidspunkt og ikke AntiVir. Der er mange af de programmer jeg installerede senere hen som jeg ikke har nu. AntiVir, Malwarebytes, Spybot - SD. Skal jeg gøre det i har bedt mig om igen eller?

Synes godt om

f-arn Guru

30. december 2009 - 07:13 #55

Hent http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile" kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på filen - Kør som Administrator.
------
Jeg vil anbefale Avast som antivirus samt at du installerer en firewall til erstatning for Windows:
http://www.spywarefri.dk/artikel/hvad-skal-jeg-bruge-af-software/
http://www.spywarefri.dk/sikkerhedspakken/

Synes godt om

dogan90 Nybegynder

30. december 2009 - 11:49 #56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:26, on 30-12-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CCFile] C:\Program Files\CCFile\ccfile.exe -mini
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; IETheme.exe(1.1.3); SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; msn OptimizedIE8;DADK)" -"http://www.primarygames.com/seasons/summer/games/cheftoss/index.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 10818 bytes

Synes godt om

f-arn Guru

30. december 2009 - 17:05 #57

Du kan godt beholde AVG free 9. Det er langt bedre end AVG 8.
Jeg synes du skal undlade at geninstallere ASK Toolbar og AOL Toolbar.
Hvis du ikke vil geninficeres bør du nok også holde dig fra diverse Torrents.
Hvis du lavede en komplet gendannelse bør det combofix viste også være væk.

-----

Du kan gøre det her hvis du vil være sikker:
Hent og pak RootRepeal ud.

http://rootrepeal.googlepages.com/RootRepeal.zip

Start og vælg "report", klik skan og sæt flueben i "files" og "Hidden services" og lad den søge
Når den er færdig viser den en liste over filer.
Tryk på "save report" og send den herind.

Synes godt om

dogan90 Nybegynder

30. december 2009 - 17:52 #58

"The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal." - siger den når jeg trykker på linket.

Jeg må vente lidt så :)

Synes godt om

f-arn Guru

30. december 2009 - 18:06 #59

så brug denne:
http://ad13.geekstogo.com/RootRepeal.zip

Synes godt om

dogan90 Nybegynder

30. december 2009 - 18:41 #60

OMG f-arn... Min computer fryser helt når jeg prøver at scanne. Den går helt i flimmer.

Skal vi ikke lige løse de her problemer først?

HP Health Check Scheduler er holdt op med at fungere.

Catalyst Control Center: Monitoring program er holdt op med at fungere.

HP Health Check Service blev afbrudt og lukket.

Disse vinduer åbner når windows åbner. Det er så irriterende.

Synes godt om

f-arn Guru

30. december 2009 - 19:02 #61

Jeg synes det var det samme du skrev søn. d. 27. december 2009 kl. 18:05:09.
Hent OTS af oldtimer:
http://oldtimer.geekstogo.com/OTS.exe

Dobbeltklik på OTS.exe -> Klik på "Extras" i det lilla område og klik herefter på "Run Scan" i det mørke-grå område. Din computer vil nu blive scannet og efter et stykke tid vil en log åbne sig. Send OTS.txt i dit næste indlæg (den kan være lang så det kan godt være du bliver nødt til at dele den). attach.txt er jeg ikke interesseret i lige nu.

Synes godt om

dogan90 Nybegynder

30. december 2009 - 19:17 #62

[code]
OTS logfile created on: 30-12-2009 19:09:50 - Run 1
OTS by OldTimer - Version 3.1.14.1 Folder = C:\Users\Hami-D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 203.08 Gb Free Space | 70.52% Space Free | Partition Type: NTFS
Drive D: | 10.11 Gb Total Space | 1.75 Gb Free Space | 17.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAMI-D-PC
Current User Name: Hami-D
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Hami-D\Desktop\OTS.exe -> [2009-12-30 19:09:10 | 00,599,040 | ---- | M] (OldTimer Tools)
avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2009-12-12 10:00:00 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.)
opera.exe -> C:\Program Files\Opera\opera.exe -> [2009-11-20 19:01:18 | 00,832,296 | ---- | M] (Opera Software)
avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2009-11-03 16:51:41 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2009-11-03 16:51:35 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
teamviewer_service.exe -> C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -> [2009-05-27 13:38:28 | 00,185,640 | ---- | M] (TeamViewer GmbH)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
com4qlbex.exe -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2009-04-23 15:48:56 | 00,239,160 | ---- | M] (Hewlett-Packard Development Company, L.P.)
qlbctrl.exe -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2009-04-23 09:20:00 | 00,206,392 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
cmdagent.exe -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2009-04-17 22:00:03 | 00,700,152 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe -> [2008-10-22 09:32:20 | 00,628,016 | ---- | M] ()
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008-10-21 16:23:50 | 00,228,656 | ---- | M] (Hewlett-Packard Development Company, L.P.)
stacsv.exe -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -> [2008-09-11 10:52:52 | 00,237,650 | ---- | M] (IDT, Inc.)
sttray.exe -> C:\Program Files\IDT\WDM\sttray.exe -> [2008-09-11 10:50:38 | 00,446,556 | ---- | M] (IDT, Inc.)
aestsrv.exe -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -> [2008-06-27 14:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation)
qpsched.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2008-05-15 06:56:58 | 00,116,112 | ---- | M] ()
qpcapsvc.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2008-05-15 06:56:54 | 00,292,248 | ---- | M] ()
qpservice.exe -> C:\Program Files\HP\QuickPlay\QPService.exe -> [2008-05-15 06:56:38 | 00,468,264 | ---- | M] (CyberLink Corp.)
ati2evxx.exe -> C:\Windows\System32\Ati2evxx.exe -> [2008-03-28 10:17:20 | 00,667,648 | ---- | M] (ATI Technologies Inc.)
blservice.exe -> C:\Windows\SMINST\BLService.exe -> [2008-03-26 23:26:56 | 00,341,328 | ---- | M] ()
hpservice.exe -> C:\Windows\System32\hpservice.exe -> [2008-03-19 00:24:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2008-02-26 22:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
lightscribecontrolpanel.exe -> C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -> [2008-02-26 22:08:32 | 02,289,664 | ---- | M] (Hewlett-Packard Company)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008-01-21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation)
syntphelper.exe -> C:\Program Files\Synaptics\SynTP\SynTPHelper.exe -> [2008-01-17 20:31:32 | 00,095,528 | ---- | M] (Synaptics, Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2008-01-17 20:31:22 | 01,033,512 | ---- | M] (Synaptics, Inc.)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007-11-20 15:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpkbdapp.exe -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007-11-02 02:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE -> [2007-09-26 14:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007-05-09 00:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
richvideo.exe -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007-01-09 10:25:00 | 00,272,024 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Users\Hami-D\Desktop\OTS.exe -> [2009-12-30 19:09:10 | 00,599,040 | ---- | M] (OldTimer Tools)
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009-11-03 16:51:56 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
guard32.dll -> C:\Windows\System32\guard32.dll -> [2009-04-17 22:00:07 | 00,155,384 | ---- | M] ()
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009-04-11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(GameConsoleService) GameConsoleService [Disabled | Stopped] -> -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Disabled | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009-11-24 16:31:21 | 01,184,912 | ---- | M] (Lavasoft)
(avg9emc) AVG Free E-mail Scanner [Auto | Stopped] -> C:\Program Files\AVG\AVG9\avgemc.exe -> [2009-11-03 16:51:35 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg9wd) AVG Free WatchDog [Auto | Stopped] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009-11-03 16:51:34 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
(FontCache) Tjenesten Windows-skrifttypecache [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009-09-25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation)
(vvdsvc) VJVodClientServices [Auto | Stopped] -> C:\Windows\System32\nagasoft\vjocx.dll -> [2009-09-24 10:59:26 | 01,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.)
(Adobe LM Service) Adobe LM Service [Disabled | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2009-09-17 19:55:37 | 00,072,704 | ---- | M] (Adobe Systems)
(TeamViewer4) TeamViewer 4 [Auto | Running] -> C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -> [2009-05-27 13:38:28 | 00,185,640 | ---- | M] (TeamViewer GmbH)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-05-02 13:51:15 | 00,182,768 | ---- | M] (Google)
(Com4QLBEx) Com4QLBEx [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2009-04-23 15:48:56 | 00,239,160 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(cmdAgent) COMODO Internet Security Helper Service [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2009-04-17 22:00:03 | 00,700,152 | ---- | M] ()
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008-11-04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(hpqwmiex) hpqwmiex [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008-10-21 16:23:50 | 00,228,656 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(STacSV) Audio Service [Auto | Running] -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -> [2008-09-11 10:52:52 | 00,237,650 | ---- | M] (IDT, Inc.)
(AESTFilters) Andrea ST Filters Service [Auto | Running] -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -> [2008-06-27 14:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation)
(QPSched) QuickPlay Task Scheduler (QTS) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2008-05-15 06:56:58 | 00,116,112 | ---- | M] ()
(QPCapSvc) QuickPlay Background Capture Service (QBCS) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2008-05-15 06:56:54 | 00,292,248 | ---- | M] ()
(HP Health Check Service) HP Health Check Service [Auto | Stopped] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008-04-15 21:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard)
(Ati External Event Utility) Ati External Event Utility [Auto | Running] -> C:\Windows\System32\Ati2evxx.exe -> [2008-03-28 10:17:20 | 00,667,648 | ---- | M] (ATI Technologies Inc.)
(Recovery Service for Windows) Recovery Service for Windows [Auto | Running] -> C:\Windows\SMINST\BLService.exe -> [2008-03-26 23:26:56 | 00,341,328 | ---- | M] ()
(hpsrv) HP Service [Auto | Running] -> C:\Windows\System32\hpservice.exe -> [2008-03-19 00:24:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2008-02-26 22:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\System32\ezsvc7.dll -> [2008-02-03 20:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008-01-21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007-01-09 10:25:00 | 00,272,024 | ---- | M] ()
(ehstart) Startprogram til Windows Media Center-tjenester [Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006-11-02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)

[Driver Services - Safe List]
(ahcix86s) ahcix86s [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\ahcix86s.sys -> [2009-12-29 23:58:27 | 00,170,000 | ---- | M] (AMD Technologies Inc.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009-11-10 13:50:14 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009-11-03 16:51:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009-11-03 16:51:56 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2009-09-23 13:55:23 | 00,064,288 | ---- | M] (Lavasoft AB)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\hamachi.sys -> [2009-09-23 10:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.)
(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\Windows\System32\drivers\cmdguard.sys -> [2009-04-17 22:00:07 | 00,108,560 | ---- | M] (COMODO)
(inspect) COMODO Internet Security Firewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\inspect.sys -> [2009-04-17 22:00:07 | 00,068,112 | ---- | M] (COMODO)
(cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\cmdhlp.sys -> [2009-04-17 22:00:07 | 00,028,688 | ---- | M] (COMODO)
(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2009-02-18 11:47:55 | 00,717,296 | ---- | M] ()
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2008-12-19 23:01:46 | 01,093,120 | ---- | M] (Atheros Communications, Inc.)
(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2008-09-11 10:54:44 | 00,389,120 | ---- | M] (IDT, Inc.)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2008-04-14 20:05:08 | 00,118,784 | ---- | M] (Realtek Corporation )
(JMCR) JMCR [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\jmcr.sys -> [2008-04-01 12:14:00 | 00,081,296 | ---- | M] (JMicron Technology Corp.)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2008-03-28 12:24:16 | 03,544,064 | ---- | M] (ATI Technologies Inc.)
(hpdskflt) HP Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\hpdskflt.sys -> [2008-03-27 20:12:12 | 00,024,424 | ---- | M] (Hewlett-Packard Corporation)
(Accelerometer) HP Accelerometer [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Accelerometer.sys -> [2008-03-27 20:11:34 | 00,034,664 | ---- | M] (Hewlett-Packard Corporation)
(enecir) ENE CIR Receiver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\enecir.sys -> [2008-01-23 22:23:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.)
(MegaSR) MegaSR [Kernel | Boot | Running] -> C:\Windows\system32\drivers\megasr.sys -> [2008-01-21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(adpu320) adpu320 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\adpu320.sys -> [2008-01-21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(megasas) megasas [Kernel | Boot | Running] -> C:\Windows\system32\drivers\megasas.sys -> [2008-01-21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation)
(adpu160m) adpu160m [Kernel | Boot | Running] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008-01-21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008-01-21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(HpCISSs) HpCISSs [Kernel | Boot | Running] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008-01-21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(adpahci) adpahci [Kernel | Boot | Running] -> C:\Windows\system32\drivers\adpahci.sys -> [2008-01-21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Boot | Running] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008-01-21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\ql2300.sys -> [2008-01-21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008-01-21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation)
(arcsas) arcsas [Kernel | Boot | Running] -> C:\Windows\system32\drivers\arcsas.sys -> [2008-01-21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2008-01-21 03:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastorv.sys -> [2008-01-21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation)
(vsmraid) vsmraid [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008-01-21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(ulsata2) ulsata2 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008-01-21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Boot | Running] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Boot | Running] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(arc) arc [Kernel | Boot | Running] -> C:\Windows\system32\drivers\arc.sys -> [2008-01-21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2008-01-21 03:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.)
(elxstor) elxstor [Kernel | Boot | Running] -> C:\Windows\system32\drivers\elxstor.sys -> [2008-01-21 03:23:22 | 00,342,584 | ---- | M] (Emulex)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2008-01-21 03:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
(adp94xx) adp94xx [Kernel | Boot | Running] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008-01-21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(nvraid) NVIDIA nForce RAID Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvraid.sys -> [2008-01-21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvstor.sys -> [2008-01-21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(uliahci) uliahci [Kernel | Boot | Running] -> C:\Windows\system32\drivers\uliahci.sys -> [2008-01-21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(viaide) viaide [Kernel | Boot | Running] -> C:\Windows\system32\drivers\viaide.sys -> [2008-01-21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Boot | Running] -> C:\Windows\system32\drivers\cmdide.sys -> [2008-01-21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Boot | Running] -> C:\Windows\system32\drivers\aliide.sys -> [2008-01-21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2008-01-17 20:31:26 | 00,196,784 | ---- | M] (Synaptics, Inc.)
(Amddfltr) Amd Disk Lower Filter Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\Amddfltr.sys -> [2008-01-07 21:42:04 | 00,015,416 | ---- | M] (Advanced Micro Devices)
(HpqRemHid) HP Remote Control HID Device [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HpqRemHid.sys -> [2007-07-11 18:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HpqKbFiltr.sys -> [2007-06-19 01:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Boot | Running] -> C:\Windows\system32\drivers\ulsata.sys -> [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(nfrd960) nfrd960 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iirsp.sys -> [2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(aic78xx) aic78xx [Kernel | Boot | Running] -> C:\Windows\system32\drivers\djsvs.sys -> [2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iteraid.sys -> [2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(Symc8xx) Symc8xx [Kernel | Boot | Running] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Boot | Running] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Boot | Running] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Boot | Running] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvm60x32.sys -> [2006-11-02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation)
(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006-11-02 08:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\AtiPcie.sys -> [2006-10-29 21:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnb ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://dk.msn.com/ ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://www.live.com/ [binary data] ->
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.dk/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009-11-25 13:01:54 | 01,230,080 | ---- | M] ()
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006-10-22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009-05-19 10:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009-11-25 13:01:54 | 01,230,080 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009-11-03 17:27:09 | 00,764,912 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009-09-11 10:22:56 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-10-11 04:17:29 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009-09-11 10:23:03 | 00,256,112 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-09-11 10:23:03 | 00,256,112 | ---- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009-11-25 13:01:54 | 01,230,080 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-09-11 10:23:03 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2008-12-10 09:19:12 | 00,929,224 | ---- | M] ()
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009-11-25 13:01:54 | 01,230,080 | ---- | M] ()
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009-11-24 16:31:22 | 00,788,880 | ---- | M] (Lavasoft)
"AVG9_TRAY" -> C:\PROGRA~1\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2009-12-12 10:00:02 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HP Health Check Scheduler" -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008-04-15 21:42:16 | 00,070,912 | ---- | M] (Hewlett-Packard)
"HP Software Update" -> C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007-05-09 00:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007-11-20 15:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"OnScreenDisplay" -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe] -> [2007-11-02 02:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"QlbCtrl.exe" -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> [2009-04-23 09:20:00 | 00,206,392 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"QPService" -> C:\Program Files\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> [2008-05-15 06:56:38 | 00,468,264 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009-11-10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.)
"StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [2008-01-21 20:17:18 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008-01-17 20:31:22 | 01,033,512 | ---- | M] (Synaptics, Inc.)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray.exe [%ProgramFiles%\IDT\WDM\sttray.exe] -> [2008-09-11 10:50:38 | 00,446,556 | ---- | M] (IDT, Inc.)
"UCam_Menu" -> C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"] -> [2007-12-24 23:55:34 | 00,222,504 | ---- | M] (CyberLink Corp.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008-01-21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"CCFile" -> C:\Program Files\CCFile\ccfile.exe [C:\Program Files\CCFile\ccfile.exe -mini] -> File not found
"LightScribe Control Panel" -> C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> [2008-02-26 22:08:32 | 02,289,664 | ---- | M] (Hewlett-Packard Company)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009-03-01 12:09:28 | 00,039,408 | ---- | M] (Google Inc.)
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; [C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; IETheme.exe(1.1.3); SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; msn OptimizedIE8;DADK)" -"http://www.primarygames.com/seasons/summer/games/cheftoss/index.htm"] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{323AF0A7-690A-47D9-819B-348831CC7DC5}:C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm [HKLM] -> C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm [Button: IE Theme Search Bar] -> [2005-08-05 14:29:51 | 00,000,256 | ---- | M] ()
{323AF0A7-690A-47D9-819B-348831CC7DC5}:C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm [HKLM] -> C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm [Menu: Free Themes for Internet Explorer] -> [2005-08-05 14:29:51 | 00,000,256 | ---- | M] ()
{B9844E33-6201-47AA-B30A-BCA3363C2BFA}:Exec [HKLM] -> C:\Program Files\IECustomizer.com\Tools\IETheme.exe [Button: Themes] -> [2005-10-19 18:35:45 | 00,864,256 | ---- | M] (Eye Can Publishing)
{B9844E33-6201-47AA-B30A-BCA3363C2BFA}:Exec [HKLM] -> C:\Program Files\IECustomizer.com\Tools\IETheme.exe [Menu: Themes] -> [2005-10-19 18:35:45 | 00,864,256 | ---- | M] (Eye Can Publishing)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] ->
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab [System Requirements Lab Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{D4003189-95B1-4A2F-9A87-F2B03665960D} [HKLM] -> http://www.vexcast.com/download/vexcast.cab [VodClient Control Class] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 193.162.153.164 194.239.134.83 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{46A732A1-628C-47A8-803C-51BAE5C60CE3}\\DhcpNameServer -> 193.162.153.164 194.239.134.83 (Atheros AR5007 802.11b/g WiFi Adapter) ->
{782BFBF8-A4D8-4492-977E-4B3410E97DD0}\\DhcpNameServer -> 193.162.153.164 194.239.134.83 (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009-11-03 16:51:56 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Cd-rom-driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006-09-18 22:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{bfdefb8c-fda9-11dd-9435-00238b2f1c73}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfdefb8c-fda9-11dd-9435-00238b2f1c73}\shell
\{bfdefb8c-fda9-11dd-9435-00238b2f1c73}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfdefb8c-fda9-11dd-9435-00238b2f1c73}\shell\AutoRun\command
\{bfdefb8c-fda9-11dd-9435-00238b2f1c73}\shell\AutoRun\command\\"" -> F:\Autorun.exe [F:\Autorun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> "%SystemRoot%\hh.exe" %1 ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.cpl [@ = cplfile] -> C:\Windows\System32\control.exe -> [2006-11-02 10:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006-11-02 10:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009-11-21 07:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008-10-25 08:27:54 | 00,044,408 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> C:\Program Files\AVG\AVG9\avgpp.dll[XPLPPFilter Class] -> [2009-11-03 16:51:44 | 00,091,416 | ---- | M] (AVG Technologies CZ, s.r.o.)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL[Reg Error: Value error.] -> [2009-07-26 15:44:54 | 00,061,264 | ---- | M] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL[Reg Error: Value error.] -> [2009-07-26 15:44:54 | 00,061,264 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" -> [1] -> File not found
\\"UacDisableNotify" -> [0] -> File not found
\\"InternetSettingsDisableNotify" -> [0] -> File not found
\\"AutoUpdateDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"AntiVirusOverride" -> [0] -> File not found
\Svc\\"AntiSpywareOverride" -> [0] -> File not found
\Svc\\"FirewallOverride" -> [0] -> File not found
\Svc\\"VistaSp1" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] -> File not found
\Svc\\"VistaSp2" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00647366-8CB3-4B3A-92EB-31538B759F46} -> Windows Live Toolbar
{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> CyberLink YouCam
{024D1716-9F42-0039-06E5-F4279D6C4382} -> CCC Help Russian
{04556846-E511-3FE9-E824-3588075C8036} -> Catalyst Control Center Graphics Full Existing
{05CD72BE-7783-AAB9-0C05-2D8DBD2DD444} -> Catalyst Control Center Localization Dutch
{0612E132-33FF-4488-9C31-F8D485D6866D} -> Catalyst Control Center Graphics Light
{082702D5-5DD8-4600-BCE5-48B15174687F} -> HP Doc Viewer
{0B3DB1B2-404C-AAA8-B32E-E65520EDE74D} -> CCC Help Polish
{10504622-2818-C312-55CC-A72D36A31DBC} -> CCC Help Swedish
{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} -> QuickTime
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} -> Adobe Shockwave Player
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Overførselsværktøj til Windows Live
{228C6B46-64E2-404E-898A-EF0830603EF4} -> HPNetworkAssistant
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
{254C37AA-6B72-4300-84F6-98A82419187E} -> Hewlett-Packard Active Check for Health Check
{26604C7E-A313-4D12-867F-7C6E7820BE4C} -> JMicron JMB38X Flash Media Controller
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 16
{28C3E5E6-5ACA-408D-9A46-089C5334EC97} -> HP Help and Support
{29D4FA64-DA1A-4C5F-A385-1038C2D53955} -> FIRMASTARTPAKKEN
{2A34320A-56F9-9C4F-D325-77AC8A54C8B6} -> Catalyst Control Center Localization Japanese
{2C9FF444-79C0-C0C4-7B21-0E77C872AF53} -> CCC Help Danish
{2CA3E0A5-9281-6E67-1843-A6CC0B00BD74} -> Catalyst Control Center Localization French
{2F3082BF-4A3B-45CA-805F-52DBBFD3C645} -> Windows Live Essentials
{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F} -> HP QuickTouch 1.00 D2
{31775690-0E29-2AB1-75DE-C406152CBD1D} -> Catalyst Control Center Localization Chinese Standard
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{3347F0DF-4396-4DAB-9DDA-81D38B08FF63}_is1 -> Internet Explorer Theme Manager (1.1.3)
{3466C4D1-508A-0E36-EB05-2E53766F27E0} -> CCC Help Italian
{34D2AB40-150D-475D-AE32-BD23FB5EE355} -> HP Quick Launch Buttons
{38DCD6F5-C4DC-25E5-C113-0A909558FC2C} -> CCC Help Norwegian
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{3FA160E2-066B-8D77-FCF4-F001F236E8E7} -> CCC Help Spanish
{3FA365DF-2D68-45ED-8F83-8C8A33E65143} -> Apple Application Support
{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74} -> Catalyst Control Center - Branding
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
{415B2719-AD3A-4944-B404-C472DB6085B3} -> Cisco EAP-FAST Module
{431CED44-A6D3-4E4A-2B76-04D1A861FCCE} -> Catalyst Control Center Localization Swedish
{45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP QuickPlay 3.7
{475144D0-A4D6-C553-42B5-7BB60FCEF9EC} -> Catalyst Control Center Localization German
{49BA6327-744C-3D20-16DB-6E98BF66D0FD} -> Catalyst Control Center Localization Danish
{4B4D411D-E363-7E6B-68C3-C8E2EF02B7C6} -> CCC Help Chinese Traditional
{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF} -> AMD Driver Support for HP 3D DriverGuard
{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
{50DB0F17-4180-31F7-F26B-B40CBA8BA6E0} -> CCC Help German
{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4} -> TI InterActive!™
{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A} -> HP Easy Setup - Frontend
{5396C246-53B5-4BBA-62DC-8308C7357EFE} -> Catalyst Control Center Localization Polish
{54CAEF60-0258-2D8E-F01F-24BC689EA8A9} -> Catalyst Control Center Localization Portuguese
{560BB29B-41C5-88E4-4847-B4B1DDB47B9B} -> Catalyst Control Center Localization Czech
{582287DA-0806-4AC0-BF19-C15E3A466034} -> LightScribe System Software 1.12.33.2
{59748B12-406B-7EA4-355D-3BBD62E97C69} -> Catalyst Control Center Localization Turkish
{5B4E5823-7265-9A19-A871-36E75824F7BE} -> CCC Help French
{5EBC76DA-573E-7D96-A6F8-F4B9DE97A15F} -> Catalyst Control Center Localization Greek
{623AD94E-1621-5AA1-BD6D-0EF08C9D7851} -> Catalyst Control Center Core Implementation
{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} -> Cisco PEAP Module
{669D4A35-146B-4314-89F1-1AC3D7B88367} -> Hewlett-Packard Asset Agent for Health Check
{690BE098-6D0D-493D-B079-BD7E8F81A141} -> Opera 10.10
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6DBCFFF6-2A7B-4AE4-8FC8-1216442E2814} -> CCC Help Korean
{6FCBD7F7-6A29-089F-E5DB-E33EFCF306CD} -> Catalyst Control Center Localization Spanish
{762D9F20-593B-436E-CAC3-B3D9F4DA7A90} -> Catalyst Control Center Localization Chinese Traditional
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0
{80C2AD19-97A2-C829-38DE-5FD5B47F122B} -> ATI Catalyst Install Manager
{83770D14-21B9-44B3-8689-F7B523F94560} -> Cisco LEAP Module
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{8436F8D7-AA62-83DA-3BC5-E04871BF5F61} -> CCC Help Portuguese
{84F40C39-1E61-B3A7-833A-3A376AB53394} -> CCC Help Japanese
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek 8169 8168 8101E 8102E Ethernet Driver
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer
{90120000-0016-0406-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Danish) 2007
{90120000-0016-0406-0000-0000000FF1CE}_HOMESTUDENTR_{652017DD-E99F-4420-9CC8-AC25CE8375A5} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0406-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Danish) 2007
{90120000-0018-0406-0000-0000000FF1CE}_HOMESTUDENTR_{652017DD-E99F-4420-9CC8-AC25CE8375A5} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0406-0000-0000000FF1CE} -> Microsoft Office Word MUI (Danish) 2007
{90120000-001B-0406-0000-0000000FF1CE}_HOMESTUDENTR_{652017DD-E99F-4420-9CC8-AC25CE8375A5} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0406-0000-0000000FF1CE} -> Microsoft Office Proof (Danish) 2007
{90120000-001F-0406-0000-0000000FF1CE}_HOMESTUDENTR_{25E093C2-374E-44A9-9BCE-3881BD442F3F} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-0020-0406-0000-0000000FF1CE} -> Kompatibilitetspakke til Office 2007-systemet
{90120000-002C-0406-0000-0000000FF1CE} -> Microsoft Office Proofing (Danish) 2007
{90120000-006E-0406-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Danish) 2007
{90120000-006E-0406-0000-0000000FF1CE}_HOMESTUDENTR_{50865937-2EBB-4BBF-8861-BF5972C95D4B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0406-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Danish) 2007
{90120000-00A1-0406-0000-0000000FF1CE}_HOMESTUDENTR_{652017DD-E99F-4420-9CC8-AC25CE8375A5} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{931FB38C-D5D4-4DBD-3723-50140A67F276} -> CCC Help Turkish
{94B8F069-F223-4F48-BC88-7104CBA77F30} -> Windows Live Messenger
{95120000-00AF-0406-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (Danish)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{96A959C9-51E1-C920-A9FA-269BB462A940} -> CCC Help Czech
{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B} -> HP Active Support Library
{A102E7E3-2A4E-F509-3EF6-019F45C83196} -> CCC Help Dutch
{A57222BD-51E3-7765-A008-9B6428402A59} -> CCC Help Hungarian
{A5CE7175-080D-49AC-B5A3-E7E3502428F5} -> HP Wireless Assistant
{A8ACD338-255C-B53D-7F19-ED7293B291E8} -> Catalyst Control Center Localization Norwegian
{AC76BA86-7AD7-1030-7B44-A81300000003} -> Adobe Reader 8.1.4 - Dansk
{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21} -> HP Customer Experience Enhancements
{B238D61F-3EEF-4716-BFEA-9903DEF045D9} -> Microsoft Works
{B2544A03-10D0-4E5E-BA69-0362FFC20D18} -> OGA Notifier 2.0.0048.0
{B69349AE-2D41-3708-8BA4-4DC22645CA04} -> Microsoft .NET Framework 3.5 Language Pack SP1 - dan
{B74D4E10-6884-0000-0000-000000000103} -> Adobe Bridge 1.0
{BD41A0CF-79B4-98D8-B9B9-3DE8BEC8A861} -> Catalyst Control Center Localization Finnish
{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
{C3A32068-8AB1-4327-BB16-BED9C6219DC7} -> Atheros Driver Installation Program
{C4B2636B-D76D-7C23-3010-99E96693F0B5} -> Catalyst Control Center Graphics Previews Vista
{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} -> HP Update
{C9E9386A-7E81-796A-3465-8471A239A8A0} -> CCC Help Chinese Standard
{CA4498C8-5146-E527-27A7-1B4F81C9BF05} -> CCC Help Thai
{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1 -> VDownloader 1.12
{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} -> HP Product Detection
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{DEC3A80C-49D3-2885-2A03-3FBA61A5D40F} -> Catalyst Control Center Localization Italian
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E0B276B1-97D7-7AD2-548F-248A7745A1ED} -> CCC Help Greek
{E2ADC6FA-4233-54E6-29EC-E60EAD096A50} -> Catalyst Control Center Localization Hungarian
{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} -> IDT Audio
{E3EA025D-29A0-530C-9CA7-DBB5C49BB6DB} -> Skins
{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D} -> Tilmeldingsassistent til Windows Live
{E96FFA19-E94B-D32B-E103-E78A0877245A} -> Catalyst Control Center Localization Thai
{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0
{EAE4AD65-89F2-3DE8-DF46-CCB34393CAA0} -> Catalyst Control Center Localization Russian
{EE3D717C-D93F-2A2B-F641-F59F48E11895} -> ccc-utility
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F1D7AC58-554A-4A58-B784-B61558B1449A} -> QLBCASL
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F447BD4C-65C3-A6D9-8A5F-5E822E32E1BC} -> Catalyst Control Center Localization Korean
{F48098CD-2D66-4861-85EC-DC1D4D09D5F9} -> HP User Guides 0102
{F48FEA7A-2B87-8270-927C-20A0E7E5EBC2} -> CCC Help English
{FCC92CBC-F520-A906-C002-9A6236308916} -> Catalyst Control Center Graphics Full New
{FEC99680-66C4-C8C7-084B-2FB1B257777C} -> CCC Help Finnish
{FEEDAB32-F937-8319-D3F1-FFFC98C2111E} -> ccc-core-static
{AAD72731-807A-4B79-AE05-9190B7002B7B} -> ProtectSmart Hard Drive Protection
Ad-Aware -> Ad-Aware
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
Adobe Shockwave Player -> Adobe Shockwave Player 11
Audacity_is1 -> Audacity 1.2.6
AVG9Uninstall -> AVG Free 9.0
Combined Community Codec Pack_is1 -> Combined Community Codec Pack 2008-09-21 16:18
DAEMON Tools Toolbar -> DAEMON Tools Toolbar
HijackThis -> HijackThis 2.0.2
HOMESTUDENTR -> Microsoft Office Home and Student 2007
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> CyberLink YouCam
InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - dan -> Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
PokerStars -> PokerStars
SlingMedia.QPSlingPlayer_is1 -> QuickPlay SlingPlayer 0.4.6
StreamTorrent 1.0 -> Stream Torrent 1.0
SynTPDeinstKey -> Synaptics Pointing Device Driver
SystemRequirementsLab -> System Requirements Lab
TeamViewer 4 -> TeamViewer 4
Veetle TV -> Veetle TV 0.9.15
WildTangent hp Master Uninstall -> My HP Games
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 25-11-2009 05:52:48 Computer Name = Hami-D-PC | Source = WindowsLiveMessenger | ID = 15728647 -> Description =
Application [ Error ] 25-11-2009 12:46:42 Computer Name = Hami-D-PC | Source = Application Error | ID = 1000 -> Description = Program med fejl FreeStyle.exe, version 0.0.94.1, tidsstempel 0x4af0e464, modul med fejl ntdll.dll, version 6.0.6002.18005, tidsstempel 0x49e03821, undtagelseskode 0xc0000005, forskydning med fejl 0x00067605, proces-id 0x1798, programmets starttidspunkt 0x01ca6dc46b111e30.
Application [ Error ] 25-11-2009 14:20:59 Computer Name = Hami-D-PC | Source = Application Error | ID = 1000 -> Description = Program med fejl FreeStyle.exe, version 0.0.94.1, tidsstempel 0x4af0e464, modul med fejl ntdll.dll, version 6.0.6002.18005, tidsstempel 0x49e03821, undtagelseskode 0xc0000005, forskydning med fejl 0x00067605, proces-id 0x16bc, programmets starttidspunkt 0x01ca6df707968880.
Application [ Error ] 25-11-2009 17:43:29 Computer Name = Hami-D-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 25-11-2009 18:48:21 Computer Name = Hami-D-PC | Source = WindowsLiveMessenger | ID = 15728647 -> Description =
Application [ Error ] 25-11-2009 21:34:56 Computer Name = Hami-D-PC | Source = Application Error | ID = 1000 -> Description = Program med fejl FreeStyle.exe, version 0.0.94.1, tidsstempel 0x4af0e464, modul med fejl ntdll.dll, version 6.0.6002.18005, tidsstempel 0x49e03821, undtagelseskode 0xc0000005, forskydning med fejl 0x00067605, proces-id 0x63c, programmets starttidspunkt 0x01ca6e365a6e9813.
Application [ Error ] 26-11-2009 00:06:07 Computer Name = Hami-D-PC | Source = Application Error | ID = 1000 -> Description = Program med fejl FreeStyle.exe, version 0.0.94.1, tidsstempel 0x4af0e464, modul med fejl ntdll.dll, version 6.0.6002.18005, tidsstempel 0x49e03821, undtagelseskode 0xc0000005, forskydning med fejl 0x00067605, proces-id 0x12a8, programmets starttidspunkt 0x01ca6e4a0e632c3b.
Application [ Error ] 26-11-2009 12:26:54 Computer Name = Hami-D-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 26-11-2009 12:34:49 Computer Name = Hami-D-PC | Source = WindowsLiveMessenger | ID = 15728647 -> Description =
Application [ Error ] 27-11-2009 05:32:42 Computer Name = Hami-D-PC | Source = WinMgmt | ID = 10 -> Description =
System [ Error ] 30-12-2009 13:37:03 Computer Name = Hami-D-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 -> Description =
System [ Error ] 30-12-2009 13:37:41 Computer Name = Hami-D-PC | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 30-12-2009 13:37:41 Computer Name = Hami-D-PC | Source = Service Control Manager | ID = 7024 -> Description =
System [ Error ] 30-12-2009 13:37:41 Computer Name = Hami-D-PC | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 30-12-2009 13:38:19 Computer Name = Hami-D-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 -> Description =
System [ Error ] 30-12-2009 13:39:22 Computer Name = Hami-D-PC | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 30-12-2009 13:39:22 Computer Name = Hami-D-PC | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 30-12-2009 13:52:41 Computer Name = Hami-D-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 -> Description =
System [ Error ] 30-12-2009 13:52:41 Computer Name = Hami-D-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 -> Description =
System [ Error ] 30-12-2009 13:52:42 Computer Name = Hami-D-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Hami-D\Desktop\OTS.exe -> [2009-12-30 19:09:09 | 00,599,040 | ---- | C] (OldTimer Tools)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009-12-30 11:51:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009-12-30 11:51:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
StreamTorrent 1(16).0 -> C:\Program Files\StreamTorrent 1(16).0 -> [2009-12-29 02:45:05 | 00,000,000 | ---D | C]
temp -> C:\Windows\temp -> [2009-12-28 15:59:41 | 00,000,000 | ---D | C]
temp(118) -> C:\Users\Hami-D\AppData\Local\temp(118) -> [2009-12-28 15:59:40 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009-12-25 15:48:15 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009-12-25 03:59:28 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009-12-25 01:38:36 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009-12-25 01:38:36 | 00,000,000 | ---D | C]
Avira -> C:\ProgramData\Avira -> [2009-12-23 15:00:26 | 00,000,000 | ---D | C]
Avira -> C:\Program Files\Avira -> [2009-12-23 15:00:26 | 00,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2009-12-22 22:09:45 | 00,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2009-12-22 22:09:07 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Users\Hami-D\AppData\Roaming\Malwarebytes -> [2009-12-22 00:39:01 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-12-22 00:38:50 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009-12-22 00:38:49 | 00,000,000 | ---D | C]
Audacity -> C:\Program Files\Audacity -> [2009-12-17 15:01:26 | 00,000,000 | ---D | C]
vdownloader -> C:\Users\Hami-D\AppData\Local\vdownloader -> [2009-12-11 14:06:12 | 00,000,000 | ---D | C]
VDOWNLOADER -> C:\Program Files\VDOWNLOADER -> [2009-12-11 14:04:15 | 00,000,000 | ---D | C]
nshhttp.dll -> C:\Windows\System32\nshhttp.dll -> [2009-12-10 01:42:29 | 00,024,064 | ---- | C] (Microsoft Corporation)
httpapi.dll -> C:\Windows\System32\httpapi.dll -> [2009-12-10 01:42:26 | 00,030,720 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009-12-09 11:59:23 | 00,594,432 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009-12-09 11:59:22 | 01,469,440 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009-12-09 11:59:22 | 00,387,584 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2009-12-09 11:59:22 | 00,164,352 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009-12-09 11:59:21 | 01,638,912 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009-12-09 11:59:21 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.ex

Synes godt om

dogan90 Nybegynder

30. december 2009 - 19:19 #63

ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009-12-09 11:59:21 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009-12-09 11:59:21 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009-12-09 11:59:21 | 00,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009-12-09 11:59:21 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009-12-09 11:59:21 | 00,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009-12-09 11:59:21 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009-12-09 11:59:21 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009-12-09 11:59:21 | 00,013,312 | ---- | C] (Microsoft Corporation)
rastls.dll -> C:\Windows\System32\rastls.dll -> [2009-12-09 11:58:32 | 00,243,712 | ---- | C] (Microsoft Corporation)
VJVod_Cache -> C:\VJVod_Cache -> [2009-12-07 10:28:30 | 00,000,000 | -H-D | C]
nagasoft -> C:\Windows\System32\nagasoft -> [2009-12-06 21:10:02 | 00,000,000 | ---D | C]
Veetle -> C:\Program Files\Veetle -> [2009-12-06 20:16:24 | 00,000,000 | ---D | C]
Apple -> C:\Program Files\Common Files\Apple -> [2009-12-01 09:50:10 | 00,000,000 | ---D | C]
QuickTime -> C:\Program Files\QuickTime -> [2009-12-01 09:45:56 | 00,000,000 | ---D | C]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files/Folders - Modified Within 30 Days]
User_Feed_Synchronization-{D1245C1E-07D2-46F5-8F9B-BE46417FA683}.job -> C:\Windows\tasks\User_Feed_Synchronization-{D1245C1E-07D2-46F5-8F9B-BE46417FA683}.job -> [2009-12-30 19:11:59 | 00,000,392 | -H-- | M] ()
ntuser.dat -> C:\Users\Hami-D\ntuser.dat -> [2009-12-30 19:09:32 | 03,145,728 | -HS- | M] ()
OTS.exe -> C:\Users\Hami-D\Desktop\OTS.exe -> [2009-12-30 19:09:10 | 00,599,040 | ---- | M] (OldTimer Tools)
hpqp.ini -> C:\Users\Public\Documents\hpqp.ini -> [2009-12-30 18:37:49 | 00,000,269 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009-12-30 18:37:02 | 00,000,006 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009-12-30 18:37:01 | 00,003,216 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009-12-30 18:37:01 | 00,003,216 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009-12-30 18:36:36 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009-12-30 18:36:23 | 32,189,56288 | -HS- | M] ()
RootRepeal.zip -> C:\Users\Hami-D\Desktop\RootRepeal.zip -> [2009-12-30 18:16:30 | 00,464,491 | ---- | M] ()
CV.rtf -> C:\Users\Hami-D\Documents\CV.rtf -> [2009-12-30 12:55:20 | 00,040,568 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009-12-30 11:51:57 | 00,000,818 | ---- | M] ()
ntuser.dat{830dc020-4840-11de-b631-00238b2f1c73}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Hami-D\ntuser.dat{830dc020-4840-11de-b631-00238b2f1c73}.TMContainer00000000000000000001.regtrans-ms -> [2009-12-30 04:55:48 | 00,524,288 | -HS- | M] ()
ntuser.dat{830dc020-4840-11de-b631-00238b2f1c73}.TM.blf -> C:\Users\Hami-D\ntuser.dat{830dc020-4840-11de-b631-00238b2f1c73}.TM.blf -> [2009-12-30 04:55:48 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Hami-D\AppData\Local\IconCache.db -> [2009-12-30 04:55:43 | 02,251,304 | -H-- | M] ()
HijackThis.lnk -> C:\Users\Hami-D\Desktop\HijackThis.lnk -> [2009-12-30 04:15:45 | 00,001,874 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009-12-30 00:09:26 | 02,942,450 | ---- | M] ()
perfh01D.dat -> C:\Windows\System32\perfh01D.dat -> [2009-12-30 00:09:26 | 00,589,296 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009-12-30 00:09:26 | 00,587,178 | ---- | M] ()
perfh006.dat -> C:\Windows\System32\perfh006.dat -> [2009-12-30 00:09:26 | 00,463,344 | ---- | M] ()
perfh014.dat -> C:\Windows\System32\perfh014.dat -> [2009-12-30 00:09:26 | 00,443,832 | ---- | M] ()
perfh00B.dat -> C:\Windows\System32\perfh00B.dat -> [2009-12-30 00:09:26 | 00,427,118 | ---- | M] ()
perfc01D.dat -> C:\Windows\System32\perfc01D.dat -> [2009-12-30 00:09:26 | 00,117,296 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009-12-30 00:09:26 | 00,101,250 | ---- | M] ()
perfc00B.dat -> C:\Windows\System32\perfc00B.dat -> [2009-12-30 00:09:26 | 00,080,612 | ---- | M] ()
perfc006.dat -> C:\Windows\System32\perfc006.dat -> [2009-12-30 00:09:26 | 00,077,202 | ---- | M] ()
perfc014.dat -> C:\Windows\System32\perfc014.dat -> [2009-12-30 00:09:26 | 00,076,390 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Hami-D\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009-12-30 00:03:55 | 00,070,760 | ---- | M] ()
ahcix86s.sys -> C:\Windows\System32\drivers\ahcix86s.sys -> [2009-12-29 23:58:27 | 00,170,000 | ---- | M] (AMD Technologies Inc.)
Autoruns.zip -> C:\Users\Hami-D\Desktop\Autoruns.zip -> [2009-12-26 22:54:55 | 00,595,499 | ---- | M] ()
Tupac_Shakur.jpg -> C:\Users\Hami-D\Documents\Tupac_Shakur.jpg -> [2009-12-25 03:15:42 | 00,270,156 | ---- | M] ()
PUTTY.RND -> C:\Users\Hami-D\PUTTY.RND -> [2009-12-22 00:58:01 | 00,000,600 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009-12-21 14:35:25 | 46,860,390 | ---- | M] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009-12-21 14:34:57 | 00,127,520 | ---- | M] ()
Audacity.lnk -> C:\Users\Hami-D\Desktop\Audacity.lnk -> [2009-12-17 15:01:29 | 00,000,752 | ---- | M] ()
hotel miami.docx -> C:\Users\Hami-D\Documents\hotel miami.docx -> [2009-12-15 18:31:48 | 00,010,104 | ---- | M] ()
Microsoft Office Word 2007.lnk -> C:\Users\Hami-D\Desktop\Microsoft Office Word 2007.lnk -> [2009-12-15 18:28:39 | 00,002,659 | ---- | M] ()
Folder.jpg -> C:\Users\Hami-D\Documents\Folder.jpg -> [2009-12-14 23:50:20 | 00,006,931 | -HS- | M] ()
AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg -> [2009-12-14 23:50:20 | 00,006,931 | -HS- | M] ()
AlbumArtSmall.jpg -> C:\Users\Hami-D\Documents\AlbumArtSmall.jpg -> [2009-12-14 23:50:18 | 00,001,969 | -HS- | M] ()
AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg -> [2009-12-14 23:50:18 | 00,001,969 | -HS- | M] ()
GKLauncherInfo.ini -> C:\Windows\GKLauncherInfo.ini -> [2009-12-12 14:06:04 | 00,000,020 | ---- | M] ()
AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Large.jpg -> [2009-12-12 11:21:25 | 00,010,195 | -HS- | M] ()
AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Small.jpg -> [2009-12-12 11:21:04 | 00,002,865 | -HS- | M] ()
AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Large.jpg -> [2009-12-12 11:20:24 | 00,012,654 | -HS- | M] ()
AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Small.jpg -> [2009-12-12 11:20:01 | 00,002,948 | -HS- | M] ()
VDownloader.lnk -> C:\Users\Public\Desktop\VDownloader.lnk -> [2009-12-11 14:04:19 | 00,000,782 | ---- | M] ()
Ansøgning.rtf -> C:\Users\Hami-D\Documents\Ansøgning.rtf -> [2009-12-10 16:29:36 | 00,048,619 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009-12-06 15:59:41 | 24,717,1150 | ---- | M] ()
d3d9caps.dat -> C:\Users\Hami-D\AppData\Local\d3d9caps.dat -> [2009-12-05 18:54:19 | 00,000,680 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009-12-03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009-12-03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009-12-01 09:48:27 | 00,001,726 | ---- | M] ()
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files - No Company Name]
RootRepeal.zip -> C:\Users\Hami-D\Desktop\RootRepeal.zip -> [2009-12-30 18:16:30 | 00,464,491 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009-12-30 11:51:57 | 00,000,818 | ---- | C] ()
HijackThis.lnk -> C:\Users\Hami-D\Desktop\HijackThis.lnk -> [2009-12-30 04:15:45 | 00,001,874 | ---- | C] ()
IconCache.db -> C:\Users\Hami-D\AppData\Local\IconCache.db -> [2009-12-30 00:09:47 | 02,251,304 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009-12-29 23:59:36 | 32,189,56288 | -HS- | C] ()
Autoruns.zip -> C:\Users\Hami-D\Desktop\Autoruns.zip -> [2009-12-26 22:54:54 | 00,595,499 | ---- | C] ()
Tupac_Shakur.jpg -> C:\Users\Hami-D\Documents\Tupac_Shakur.jpg -> [2009-12-25 03:15:41 | 00,270,156 | ---- | C] ()
Audacity.lnk -> C:\Users\Hami-D\Desktop\Audacity.lnk -> [2009-12-17 15:01:29 | 00,000,752 | ---- | C] ()
hotel miami.docx -> C:\Users\Hami-D\Documents\hotel miami.docx -> [2009-12-15 18:28:56 | 00,010,104 | ---- | C] ()
AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg -> [2009-12-14 23:50:23 | 00,006,931 | -HS- | C] ()
AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg -> [2009-12-14 23:50:23 | 00,001,969 | -HS- | C] ()
AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Large.jpg -> [2009-12-12 11:21:51 | 00,010,195 | -HS- | C] ()
AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{D18F259B-3B42-4824-ACB0-B736199340EC}_Small.jpg -> [2009-12-12 11:21:51 | 00,002,865 | -HS- | C] ()
AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Large.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Large.jpg -> [2009-12-12 11:20:57 | 00,012,654 | -HS- | C] ()
Folder.jpg -> C:\Users\Hami-D\Documents\Folder.jpg -> [2009-12-12 11:20:57 | 00,006,931 | -HS- | C] ()
AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Small.jpg -> C:\Users\Hami-D\Documents\AlbumArt_{23D1968B-86ED-44CB-AA1A-D4BB5E21AC79}_Small.jpg -> [2009-12-12 11:20:57 | 00,002,948 | -HS- | C] ()
AlbumArtSmall.jpg -> C:\Users\Hami-D\Documents\AlbumArtSmall.jpg -> [2009-12-12 11:20:57 | 00,001,969 | -HS- | C] ()
VDownloader.lnk -> C:\Users\Public\Desktop\VDownloader.lnk -> [2009-12-11 14:04:19 | 00,000,782 | ---- | C] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009-12-01 09:48:27 | 00,001,726 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009-09-17 11:00:55 | 00,117,248 | ---- | C] ()
GKLauncherInfo.ini -> C:\Windows\GKLauncherInfo.ini -> [2009-08-16 20:42:29 | 00,000,020 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009-08-03 14:07:42 | 00,403,816 | ---- | C] ()
guard32.dll -> C:\Windows\System32\guard32.dll -> [2009-04-17 22:01:38 | 00,155,384 | ---- | C] ()
sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2009-02-18 11:47:55 | 00,717,296 | ---- | C] ()
Ic32.ini -> C:\Windows\Ic32.ini -> [2009-01-29 14:59:49 | 00,000,209 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2008-03-28 10:19:10 | 00,159,744 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006-11-02 13:37:35 | 00,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006-11-02 13:37:35 | 00,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006-11-02 13:37:35 | 00,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006-11-02 13:37:35 | 00,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006-11-02 13:35:32 | 00,005,632 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006-11-02 08:40:29 | 00,013,750 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006-03-08 18:58:00 | 01,060,424 | ---- | C] ()
< End of report >
[/code]

Synes godt om

f-arn Guru

30. december 2009 - 19:29 #64

Hent disse to værktøjer:

http://www.ctrlaltdel.dk/programmer/tklog.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

...og pak begge ud til dit Skrivebord. Dobbeltklik herefter på TKLog.bat. TDSSKiller vil køre og forsøge at rense din computer. Efter dette vil en log åbne sig - kopier venligst indholdet herind.

Derefter, genstart.

Synes godt om

dogan90 Nybegynder

30. december 2009 - 20:05 #65

Der kom altså ingen log frem. Der kom et tomt vindue frem som det eneste, men genstarter lige. 2 sekunder.

Synes godt om

dogan90 Nybegynder

30. december 2009 - 20:28 #66

Nå.. Nu er lortet sgu fixet. Det er ikke kommet frem denne gang jeg startede Windows? Var det bare det jeg skulle gøre? :D

Synes godt om

dogan90 Nybegynder

30. december 2009 - 21:16 #67

Omg f-arn.. Jeg har fundet roden til problemet. Skal jeg sige hvorfor min computer ikke gad at starte op? Den har lige gjort det igen(heldigvis havde jeg et godt gendannelsespunkt. Grunden til det er, at jeg gik ind under netværksdeling og så vis status, egenskaber og så gik jeg ind og slettede Comodo Internet Security Firewall Driver. Når jeg fjerner det gider min computer ikke at starte op. Hvad gør jeg?

Jeg har jo ikke Comodo mere, så fatter ikke hvorfor den er der. Jeg hader Comodo. LORTE FIREWALL. SKAL ALDRIG HAVE DEN IGEN.

Synes godt om

f-arn Guru

31. december 2009 - 01:00 #68

Prøv at se om der i roden (c:\) af dit c drev ligger en log der begynder med tdss.
Hvordan fjernede du egentlig Comodo ?
Prøv at hente Revo Uninstaller:
http://www.revouninstaller.com/
Se om den ikke kan fjerne Comodo.

Synes godt om

dogan90 Nybegynder

31. december 2009 - 06:11 #69

Jeg fjernede den i kontrolpanel under fjern programmer.

og nej loggen er der ikke, men den har fjernet problemerne. :) Tak for det.

Nu mangler jeg bare det andet.

http://forums.comodo.com/help_for_v3/full_removal_of_comodo_firewall_pro_3_with_safesurf_toolbar_if_regular_uninstall_method_fails-t17220.0.html

Skal jeg prøve denne guide? Det er sikkert noget i registeringsbasen??

Synes godt om

f-arn Guru

31. december 2009 - 06:37 #70

Jeg synes du skulle prøve Revo Uninstaller. Den plejer at være ret god til at fjerne programmer der ikke er afinstalleret rigtigt.

Synes godt om

dogan90 Nybegynder

31. december 2009 - 07:12 #71

Comodo er der jo ikke. Kræver det så at jeg skal installere Comodo igen og så afinstallere?

Synes godt om

f-arn Guru

31. december 2009 - 07:21 #72

Har du prøvet ?
Revo kan måske fjerne "sporene" fra den !

Synes godt om

dogan90 Nybegynder

31. december 2009 - 07:32 #73

Kan du ikke give mig din hotmail i en PM ? :) Så kan du fjernstyre min computer. Er det ikke meget lettere? Hehe..

Når jeg åbner programmet og jeg søger på Comodo kommer der intet frem. De filer i registry er gemt godt.

Skal jeg gå ind i sporfjerner? Sætte flueben ved C drevet eller?

Synes godt om

f-arn Guru

31. december 2009 - 09:56 #74

Har du et Comodo ikon på dit skrivebord eller lignende ?

Synes godt om

dogan90 Nybegynder

31. december 2009 - 10:15 #75

Nope. Intet. Jeg ved kun der er noget i registry der hedder cmdAgent osv som har noget med Comodo at gøre. Det er derfor du bliver nødt til at styre min computer. Jeg har teamviewer. Kan du ikke installere det hurtigt?

Synes godt om

f-arn Guru

31. december 2009 - 10:58 #76

Start OTS og kopier følgende ind i vinduet "Paste Fix Here".

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> cmdagent.exe -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[Modules - Safe List]
YY -> guard32.dll -> C:\Windows\System32\guard32.dll
[Win32 Services - Safe List]
YY -> (cmdAgent) COMODO Internet Security Helper Service [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[Driver Services - Safe List]
YY -> (cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\Windows\System32\drivers\cmdguard.sys
YY -> (inspect) COMODO Internet Security Firewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\inspect.sys
YY -> (cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\cmdhlp.sys
[Files - No Company Name]
NY -> guard32.dll -> C:\Windows\System32\guard32.dll
[CreateRestorePoint]
[Start Explorer]
[Reboot]

Klik på "Run Fix" Computeren vil nu genstarte og åbne en log.
Indholdet af den må du gerne kopiere herind.

Synes godt om

dogan90 Nybegynder

31. december 2009 - 11:39 #77

f-arn hvad har du lavet? Nu har jeg fået albumcovers på skrivebordet som ligner nogle skjulte filer?

All Processes Killed
[Processes - Safe List]
No active process named cmdagent.exe was found!
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe moved successfully.
[Modules - Safe List]
DllUnregisterServer procedure not found in C:\Windows\System32\guard32.dll
Releasing module C:\Windows\system32\guard32.dll
C:\Windows\System32\guard32.dll moved successfully.
[Win32 Services - Safe List]
Error: Unable to stop service cmdAgent!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent deleted successfully.
File C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe not found.
[Driver Services - Safe List]
Error: Unable to stop service cmdGuard!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard deleted successfully.
C:\Windows\System32\drivers\cmdguard.sys moved successfully.
Service inspect stopped successfully!
Service inspect deleted successfully!
C:\Windows\System32\drivers\inspect.sys moved successfully.
Error: Unable to stop service cmdHlp!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp deleted successfully.
C:\Windows\System32\drivers\cmdhlp.sys moved successfully.
[Files - No Company Name]
File C:\Windows\System32\guard32.dll not found!
OTS cannot create restorepoints on Vista OSs!
< End of fix log >
OTS by OldTimer - Version 3.1.14.1 fix logfile created on 12312009_113055

Synes godt om

dogan90 Nybegynder

31. december 2009 - 11:43 #78

http://www.2shared.com/file/10359975/9ed66978/lort.html

se mit skrivebord nu.

Synes godt om

f-arn Guru

31. december 2009 - 12:21 #79

Jeg ved ikke lige hvorfor den reagerede sådan. Alt der blev fjernet tilhørte Comodo. Kan du ikke lige fortælle hvad der ikke var der før.

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2009 - 12:57 #80

(Det ligner normalt skjulte filer/mapper ?)

Synes godt om

f-arn Guru

31. december 2009 - 14:22 #81

Højreklik på desktop.ini og vælg åbn. Brug notesblok, kopier indholdet herind.

Synes godt om

dogan90 Nybegynder

31. december 2009 - 16:37 #82

Jeg ved ikke hvor de billeder med albumcovers kommer fra, for det er ikke mine egne. Jeg hører ikke sådan noget musik.

LOL det er det eneste der er der.

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21786

Synes godt om

dogan90 Nybegynder

31. december 2009 - 16:38 #83

Og så også det her:

[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=AMG&albumID=60D476B8-33F2-402B-8A8E-87BEBA92F6AB&a_id=R%20%201085937&album=Famous&artistID=55B74C5F-BDEF-4FC4-9E57-BCB4EB73BFD4&p_id=P%20%20%20484548&artist=Puddle%20of%20Mudd&locale=406&geoid=3d&version=11.0.6001.7004&userlocale=406

Synes godt om

f-arn Guru

02. januar 2010 - 03:14 #84

Er det desktop.ini ?
Hvis det er. Slet den og tag den maskine af internettet.
Giv mig en log fra Rootrepeal.
Slå AVG fra inden du laver den.

Synes godt om

dogan90 Nybegynder

02. januar 2010 - 17:33 #85

Virker stadig ikke. Altså programmet. Den genstarter bare computeren.

Synes godt om

f-arn Guru

02. januar 2010 - 21:50 #86

Hent denne:

http://sites.google.com/site/sysprotantirootkit/Home/SysProt.zip?attredirects=0&d=1

Pak det ud og start det. Sæt flueben ved alle mulihederne og lad den søge. Når søgningen er færdig så send rapporten herind.

Billedvejledning:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=226&PN=1

Synes godt om

dogan90 Nybegynder

03. januar 2010 - 03:26 #87

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\spos.sys
Service Name: ---
Module Base: 80602000
Module End: 80702000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Service Name: ---
Module Base: 9FE63000
Module End: 9FE99000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: A123B000
Module End: A1245000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_ahcix86s.sys
Service Name: ---
Module Base: A1245000
Module End: A1285000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_sas.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arc.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869371F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteatapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iastorv.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8692D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql2300.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869441F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasas.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869401F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\hpcisss.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869321F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\arcsas.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869381F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid2.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869461F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8692E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sisraid4.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869471F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869421F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu320.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869361F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iirsp.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpahci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869341F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aq2lcaui.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 88495500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\uliahci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8694B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ql40xx.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869451F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 80603000
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8836C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869481F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nfrd960.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869431F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_fc.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8694A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 892DC500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 892DC500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 892DC500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 892DC500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 892DC500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 892981F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 892981F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 892981F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 892981F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 892981F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8694C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8833C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8844C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\iteraid.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8692B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\vsmraid.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8694E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\megasr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869411F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\adp94xx.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869331F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\lsi_scsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8692F1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8836E1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_CREATE
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_CLOSE
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_READ
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_WRITE
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SET_EA
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_POWER
Jump To: 8060AE1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8061F514
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: \Driver\PCI_PNP2558
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 80646B1C
Hooking Module: \SystemRoot\System32\Drivers\spos.sys

Hooked Module: C:\Windows\system32\DRIVERS\jmcr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 883251F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jmcr.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 883251F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jmcr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 883251F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jmcr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 883251F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jmcr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 883251F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sbp2port.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869501F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869491F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\elxstor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869391F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\ulsata2.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8694D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8693A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\msahci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869311F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\msahci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869311F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 869301F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 869301F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 869301F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 869301F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 869301F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 869301F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HAMI-D-PC.OPASIA.DK:51643
Remote Address: SITECHECK2.OPERA.COM:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: HAMI-D-PC.OPASIA.DK:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HAMI-D-PC:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HAMI-D-PC:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HAMI-D-PC:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HAMI-D-PC:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: HAMI-D-PC:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HAMI-D-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: HAMI-D-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: HAMI-D-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: HAMI-D-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: HAMI-D-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: HAMI-D-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HAMI-D-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HAMI-D-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: HAMI-D-PC.OPASIA.DK:54676
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC.OPASIA.DK:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC.OPASIA.DK:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HAMI-D-PC.OPASIA.DK:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HAMI-D-PC:58434
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Contacts\wlcomm.exe
State: NA

Local Address: HAMI-D-PC:58306
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: HAMI-D-PC:54677
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:51692
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: HAMI-D-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Users\Hami-D\Desktop\Musik\arif sag & musa eroglu - sivas ellerinde sazim Çalinir.mp3
Status: Hidden

Object: C:\Users\Hami-D\Favorites\Adem Kiliç - Dilara - Video Picture Mp3 VidPic3.com.url
Status: Hidden

Object: C:\Users\Hami-D\Favorites\BESIKTAS ULAN! En Güncel Besiktas Sitesi - BJK Resimleri.url
Status: Hidden

Object: C:\Users\Hami-D\Favorites\Forza Besiktas.url
Status: Hidden

Object: C:\Users\Hami-D\Favorites\Haber 1903 Besiktas`in Kalbi.url
Status: Hidden

Object: C:\Users\Hami-D\Favorites\Hayat Besiktas - Bjk Taraftar Güncel Haber Sitesi.url
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Synes godt om

dogan90 Nybegynder

07. januar 2010 - 11:37 #88

f-arn? har du opgivet?

Synes godt om

f-arn Guru

09. januar 2010 - 12:26 #89

Ja - det må jeg desværre indrømme. Jeg kan ikke se hvordan du kan undgå en total nyinstallering.

Synes godt om

dogan90 Nybegynder

09. januar 2010 - 20:23 #90

Hvad mener du? Min computer fungerer helt fint:) der er ingen problemer eller noget. Den er hurtigere end da jeg købte den.

Synes godt om

f-arn Guru

10. januar 2010 - 03:21 #91

Ok-så har du bare en log jeg ikke ville acceptere

Synes godt om

dogan90 Nybegynder

10. januar 2010 - 10:45 #92

Hvad er det der er galt med den?????

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	10	22/11/202420:49	23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS