Avatar billede spider006 Nybegynder
03. januar 2010 - 11:05 Der er 27 kommentarer og
1 løsning

hijack log er der en som vil se på den

er der en som vil se på denne log ?
jeg har først kørt
ccleaner og
SUPERAntiSpyware Free Edition ( i fejlsikret )



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:05, on 03-01-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\Michael\AppData\Roaming\setup.exe
C:\Users\Michael\Desktop\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinsysMon] C:\Users\Michael\AppData\Roaming\setup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9032 bytes
Avatar billede f-arn Guru
03. januar 2010 - 11:17 #1
Desværre virker HijackThis ikke rigtig på en 64 bit Windows, så prøv dette->
Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med loggen fra superantispyware.

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på opdater til den skriver at der ikke er flere opdateringer.
Avatar billede spider006 Nybegynder
03. januar 2010 - 14:04 #2
her kommer lidt logs

Malwarebytes' Anti-Malware 1.43
Database version: 3486
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03-01-2010 13:57:20
mbam-log-2010-01-03 (13-57-20).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 209658
Tid tilbagelagt: 30 minute(s), 6 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 5

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSBRM2IQ\setup_v1.112.1[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\140F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\install.config.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\install_latest.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\hi.bat (Malware.Trace) -> Quarantined and deleted successfully.




OG


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2010 at 10:58 AM

Application Version : 4.32.1000

Core Rules Database Version : 4441
Trace Rules Database Version: 2265

Scan type      : Complete Scan
Total Scan Time : 00:23:41

Memory items scanned      : 158
Memory threats detected  : 0
Registry items scanned    : 6407
Registry threats detected : 0
File items scanned        : 26866
File threats detected    : 28

Adware.Tracking Cookie
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.windowsmedia[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@content.yieldmanager[3].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@doubleclick[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@apmebf[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@mediaplex[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.yieldmanager[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@mmedia.t134[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ads.gamersmedia[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@advertising[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@serving-sys[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.adform[3].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@track.adform[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@sales.liveperson[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adtech[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@sales.liveperson[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@eyewonder[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@bluestreak[3].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@bs.serving-sys[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@accountservices.betfair[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[4].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@bluestreak[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@content.yieldmanager[2].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@eas.apm.emediate[1].txt
    C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tradedoubler[1].txt

Trojan.Dropper/Win-NV
    C:\WINDOWS\MSA.EXE
    C:\WINDOWS\SYSWOW64\SSHNAS.DLL
Avatar billede f-arn Guru
03. januar 2010 - 16:03 #3
Hent og kør:
http://download.bleepingcomputer.com/sUBs/dds.scr

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.
Avatar billede spider006 Nybegynder
03. januar 2010 - 17:04 #4
DDS (Ver_09-12-01.01) - NTFSX64 
Run by Michael at 16:57:31,15 on 03-01-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.45.1030.18.3838.2606 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\msa.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Michael\AppData\Roaming\setup.exe
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Users\Michael\Desktop\virus væk\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tj62&r=27361109l1b6l0300z185f4861y255
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Hjælp til tilmelding til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [PlayNC Launcher]
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [B1RQJ7YJ0U] c:\windows\msa.exe
uRun: [PUT2VIDQLG] c:\users\michael\appdata\local\temp\c.exe
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\packard bell mybackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LManager] c:\program files (x86)\launch manager\LManager.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [WinsysMon] c:\users\michael\appdata\roaming\setup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6}
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [Acer ePower Management] c:\program files\packard bell\packard bell power management\ePowerTray.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\t27ppkn4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?id=2&vv=450&lc=1030
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-22 55024]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-22 89680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-26 203264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-22 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-22 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-2 138680]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell power management\ePowerSvc.exe [2009-10-26 844320]
R2 Greg_Service;GRegService;c:\program files (x86)\packard bell\registration\GregHSRW.exe [2009-6-4 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-8-21 62720]
R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2009-8-18 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-2 352920]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-26 34872]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-26 225280]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

=============== Created Last 30 ================

2010-01-03 13:01:06    175616    ----a-w-    c:\windows\msa.exe
2010-01-03 13:00:55    115200    --sh--w-    c:\users\michael\appdata\roaming\install.config.exe
2010-01-03 13:00:47    242176    ----a-w-    c:\windows\syswow64\sshnas.dll
2010-01-03 13:00:42    117248    --sh--w-    c:\users\michael\appdata\roaming\install_latest.exe
2010-01-03 10:21:07    0    d-----w-    c:\users\michael\appdata\roaming\Malwarebytes
2010-01-03 10:21:01    22104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-03 10:21:01    0    d-----w-    c:\programdata\Malwarebytes
2010-01-03 10:21:01    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-01-02 19:45:31    0    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-01-02 19:45:15    0    d-----w-    c:\users\michael\appdata\roaming\SUPERAntiSpyware.com
2010-01-02 19:45:15    0    d-----w-    c:\program files (x86)\SUPERAntiSpyware
2010-01-02 19:44:17    0    d-----w-    c:\program files (x86)\common files\Wise Installation Wizard
2010-01-02 19:22:58    0    d-----w-    c:\program files\HijackThis
2010-01-01 18:50:40    80996    ----a-w-    c:\users\michael\vic-team1.jpg
2009-12-30 16:47:00    178176    ----a-w-    c:\windows\syswow64\unrar.dll
2009-12-30 16:46:57    0    d-----w-    c:\program files (x86)\K-Lite Codec Pack
2009-12-26 20:02:45    0    d-----w-    c:\programdata\Apple Computer
2009-12-26 20:01:54    0    d-----w-    c:\programdata\Apple
2009-12-25 15:47:39    0    d-----w-    c:\program files (x86)\NCsoft
2009-12-25 15:46:58    28168    ----a-w-    c:\windows\system32\X3DAudio1_4.dll
2009-12-24 16:26:26    4196406    ---ha-w-    c:\windows\syswow64\toyhide.bmp
2009-12-24 14:30:19    0    d-----w-    c:\program files (x86)\Winter Fun Pack 2004 for Windows XP
2009-12-23 18:01:08    834544    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-12-23 18:00:28    0    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2009-12-23 17:59:56    0    d-----w-    c:\users\michael\appdata\roaming\DAEMON Tools Lite
2009-12-23 17:59:52    0    d-----w-    c:\programdata\DAEMON Tools Lite
2009-12-22 18:41:51    2781550    ----a-w-    c:\users\michael\0001De Glade Sømænd - Julefrokosten.mp3
2009-12-10 14:02:00    0    d-----w-    c:\program files (x86)\CCleaner
2009-12-09 16:22:47    22    ----a-w-    c:\windows\HexEditor_FindList.hed
2009-12-09 15:05:31    679936    ----a-w-    c:\windows\syswow64\D3DX81ab.dll
2009-12-09 15:05:31    1970176    ----a-w-    c:\windows\syswow64\d3dx9.dll
2009-12-09 15:05:30    0    d-----w-    c:\program files (x86)\Cheat Engine
2009-12-09 15:02:56    335    ----a-w-    c:\windows\WPE PRO.INI
2009-12-09 10:35:25    64512    ----a-w-    c:\windows\syswow64\msfeedsbs.dll
2009-12-09 10:35:25    5958656    ----a-w-    c:\windows\syswow64\mshtml.dll

==================== Find3M  ====================

2010-01-02 16:17:27    76742    ----a-w-    c:\windows\system32\perfc006.dat
2010-01-02 16:17:27    461276    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-01 22:48:52    143360    --sh--w-    c:\users\michael\appdata\roaming\setup.exe
2009-11-24 23:54:29    1280480    ----a-w-    c:\windows\syswow64\aswBoot.exe
2009-11-24 23:49:56    65616    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2009-11-02 19:42:06    226688    ------w-    c:\windows\system32\MpSigStub.exe
2009-10-29 07:48:16    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-10-29 07:22:37    2048    ----a-w-    c:\windows\syswow64\tzres.dll
2009-10-26 20:39:56    39236    ----a-w-    c:\windows\system32\perfd006.dat
2009-10-26 20:39:56    39236    ----a-w-    c:\windows\inf\perflib\0406\perfd.dat
2009-10-26 20:39:56    39236    ----a-w-    c:\windows\inf\perflib\0406\perfc.dat
2009-10-26 20:39:56    306636    ----a-w-    c:\windows\system32\perfi006.dat
2009-10-26 20:39:56    306636    ----a-w-    c:\windows\inf\perflib\0406\perfi.dat
2009-10-26 20:39:56    306636    ----a-w-    c:\windows\inf\perflib\0406\perfh.dat
2009-10-26 20:25:18    29480    ----a-w-    c:\windows\syswow64\msxml3a.dll
2009-10-26 20:25:17    505128    ----a-w-    c:\windows\syswow64\msvcp71.dll
2009-10-26 20:25:17    353576    ----a-w-    c:\windows\syswow64\msvcr71.dll
2009-10-11 03:17:33    149280    ----a-w-    c:\windows\syswow64\javaws.exe
2009-10-11 03:17:32    145184    ----a-w-    c:\windows\syswow64\javaw.exe
2009-10-11 03:17:31    145184    ----a-w-    c:\windows\syswow64\java.exe
2009-10-11 03:17:27    411368    ----a-w-    c:\windows\syswow64\deploytk.dll
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2008-06-11 15:12:00    776614    ----a-w-    c:\program files (x86)\common files\packardbell.ico
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:00:05,61 ===============
Avatar billede f-arn Guru
04. januar 2010 - 10:02 #5
Find og upload nedenstående hos Jotti eller Virustotal:

c:\windows\msa.exe
c:\users\michael\appdata\local\temp\c.exe


http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html
Avatar billede f-arn Guru
04. januar 2010 - 10:03 #6
Jeg glemte:
kopier resultatet herind.
Avatar billede spider006 Nybegynder
04. januar 2010 - 14:47 #7
File msa.exe received on 2010.01.04 13:44:45 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/41 (29.27%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus     Version     Last Update     Result
a-squared    4.5.0.46    2010.01.04    -
AhnLab-V3    5.0.0.2    2010.01.02    -
AntiVir    7.9.1.122    2009.12.31    -
Antiy-AVL    2.0.3.7    2010.01.04    -
Authentium    5.2.0.5    2010.01.04    -
Avast    4.8.1351.0    2010.01.04    Win32:Trojan-gen
AVG    8.5.0.430    2010.01.04    Downloader.Generic9.AEIE
BitDefender    7.2    2010.01.04    -
CAT-QuickHeal    10.00    2010.01.04    Win32.Packed.Krap.ag.5
ClamAV    0.94.1    2010.01.04    -
Comodo    3466    2010.01.04    -
DrWeb    5.0.1.12222    2010.01.04    Trojan.Click.39881
eSafe    7.0.17.0    2010.01.03    -
eTrust-Vet    35.1.7214    2010.01.04    Win32/Warduncrypt!packed
F-Prot    4.5.1.85    2010.01.03    -
F-Secure    9.0.15370.0    2010.01.04    -
Fortinet    4.0.14.0    2010.01.02    -
GData    19    2010.01.04    Win32:Trojan-gen
Ikarus    T3.1.1.79.0    2009.12.31    -
Jiangmin    13.0.900    2010.01.04    -
K7AntiVirus    7.10.937    2010.01.04    -
Kaspersky    7.0.0.125    2010.01.04    Trojan.Win32.FraudPack.ajnw
McAfee    5850    2010.01.03    -
McAfee+Artemis    5850    2010.01.03    -
McAfee-GW-Edition    6.8.5    2010.01.04    -
Microsoft    1.5302    2010.01.04    -
NOD32    4742    2010.01.04    a variant of Win32/Kryptik.BJX
Norman    6.04.03    2010.01.04    -
nProtect    2009.1.8.0    2010.01.04    -
Panda    10.0.2.2    2010.01.03    -
PCTools    7.0.3.5    2010.01.04    Trojan.FakeAV
Prevx    3.0    2010.01.04    High Risk Cloaked Malware
Rising    22.29.00.04    2010.01.04    -
Sophos    4.49.0    2010.01.04    Mal/Krap-H
Sunbelt    3.2.1858.2    2010.01.03    -
Symantec    20091.2.0.41    2010.01.04    Trojan.FakeAV!gen11
TheHacker    6.5.0.3.131    2010.01.04    -
TrendMicro    9.120.0.1004    2010.01.04    -
VBA32    3.12.12.1    2010.01.04    -
ViRobot    2010.1.4.2120    2010.01.04    -
VirusBuster    5.0.21.0    2010.01.03    -
Additional information
File size: 175616 bytes
MD5...: eaaaa5cc924e41a950c8010e5765ac1f
SHA1..: 160422b69f10db43902823bdf1d2bb751c864fae
SHA256: 7ef009aa55fe350d26497944b12be44c6e2b6f862c0e912d0490b1cbc9817b0b
ssdeep: 3072:dWHBs/VRWleHXvjJS6ShLdKHJRJ3xATsz5aeuR5F6:/jSmlahLdO97z5aea
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14c6
timedatestamp.....: 0x4586baed (Mon Dec 18 15:59:41 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.ceja 0x1000 0x38f8 0x3a00 1.79 fccef6b57249d8be6e738d237d33451c
.cnaeg 0x5000 0x57af 0x5800 1.19 00b4e001e27036464cf418ddacad6054
.indil 0xb000 0x61c03 0x1fe00 6.84 b9aeb6b0040c48a2a774a71c3ded689c
.odia 0x6d000 0x680 0x800 2.01 1ae6ac96c09a85289017bb2aa37b9f08
.fbfnn 0x6e000 0x10df 0x1200 0.01 b49471fcc6afded5bf4532c1dd56fe3d

( 3 imports )
> user32.dll: GetScrollInfo, GetDC, GetWindowTextLengthA, DrawIconEx, CreateIcon, InsertMenuA, DrawIcon, GetCursor, DialogBoxParamA
> kernel32.dll: ExitThread, ExitProcess
> advapi32.dll: RegGetKeySecurity, RegCreateKeyExA, RegDeleteKeyW, RegDeleteValueA, RegLoadKeyA, RegQueryValueExW, RegDeleteValueW, RegEnumKeyA, RegQueryValueW, RegCreateKeyA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4F47C1A000CCE735AE8D02EC394899007F5DB5FD' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4F47C1A000CCE735AE8D02EC394899007F5DB5FD</a>
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Avatar billede spider006 Nybegynder
04. januar 2010 - 14:59 #8
jeg kan ikke finde c:\users\michael\appdata\local\temp\c.exe
på maskinen
Avatar billede spider006 Nybegynder
04. januar 2010 - 15:19 #9
men jeg kan se at jeg har nogle som hedder
a.exe
b.exe
d.exe
f.exe
Avatar billede f-arn Guru
04. januar 2010 - 15:24 #10
Find og upload denne fil hos Jotti eller Virustotal:

[b]c:\users\michael\appdata\local\temp\c.exe[b]

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Du skal måske slå vis skjulte filer og mapper til.
Hvis du ikke ved hvordan så se her:

http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind

--------

Hent OTS af oldtimer:
http://oldtimer.geekstogo.com/OTS.exe

Dobbeltklik på OTS.exe -> Klik på "Extras" i det lilla område og klik herefter på "Run Scan" i det mørke-grå område. Din computer vil nu blive scannet og efter et stykke tid vil en log åbne sig. læg OTS.txt i dit næste indlæg (den kan være så lang at du er nødt til at dele den). attach.txt er vi ikke interesseret i lige nu.
Avatar billede f-arn Guru
04. januar 2010 - 15:28 #11
og der er selvfølgeligh denne fil

c:\users\michael\appdata\local\temp\c.exe

Der skal oploases
Avatar billede spider006 Nybegynder
04. januar 2010 - 15:43 #12
jeg har sat den til at vise alle filer. men kan stadig ikke se den

se selv efter

http://rapidshare.com/files/330220349/mine_filer.jpg.html

det er et billede af de filer jeg har
Avatar billede f-arn Guru
04. januar 2010 - 16:25 #13
Kommer der rn log fra OTS ?
Avatar billede f-arn Guru
04. januar 2010 - 16:28 #14
Avatar billede spider006 Nybegynder
04. januar 2010 - 18:10 #15
hver gang jeg prøver at køre OTS går programmet fast.
jeg er 100 % sikker på at jeg har den der c.exe virus. ved du om den forsvinder hvis jeg formatere maskinen ?? for så er jeg ved at tro at det er det nemmeste.
Avatar billede f-arn Guru
04. januar 2010 - 19:32 #16
Inden du formaterer så la' os lige prøve noget.
Start CCleaner og prøv under værktøjer -> opstart at se om du kan finde og deaktivere disse:
[B1RQJ7YJ0U] c:\windows\msa.exe
[PUT2VIDQLG] c:\users\michael\appdata\local\temp\c.exe

Hvis du kan, så genstart, og fortæl om det hjalp
Avatar billede spider006 Nybegynder
04. januar 2010 - 19:58 #17
jeg kan godt  deaktivere de to file men OTS går stadig fast.men det er da lidt underligt at jeg godt kan finde [PUT2VIDQLG] c:\users\michael\appdata\local\temp\c.exe i ccleaner men ikke når jeg går i mappen
C:\Users\Michael\AppData\Local\Temp
Avatar billede f-arn Guru
04. januar 2010 - 20:10 #18
Har du prøvet at genstarte?
Prøv at se om du kan hente Autoruns. Du må ikke downloade den som Autoruns men som noget andet. Når du pakker den ud må du heller ikke lade den hede Autoruns.exe
http://download.sysinternals.com/Files/Autoruns.zip
Avatar billede spider006 Nybegynder
04. januar 2010 - 20:19 #19
det var da ellers noget af et program. hvad skal jeg i programmet, når jeg har startet det op.  går AVAST amok over C:\Windows\SysWOW64\sshnas.dll
Avatar billede spider006 Nybegynder
04. januar 2010 - 20:27 #20
hvad med
a.exe
b.exe
d.exe
f.exe

er det også noget skidt
Avatar billede f-arn Guru
04. januar 2010 - 20:41 #21
Pak autorunsc.exe ud på skrivebordet som æble.exe
Højreklik på skrivebordet og vælg nyt tekstdokument.
Kopier følgende ind:

æble.exe -a -m > log.txt
notepad log.txt


Gem filen som æble.bat. Når du gemmer filen skal du sikre dig at der under "filtyper" står alle.
Dobbeltklik på æble.bat og kopier den fremkomne tekst herind.
Avatar billede spider006 Nybegynder
04. januar 2010 - 21:05 #22
ved ikke om jeg gør noget forkert men jeg får denne besked


C:\Users\Michael\Desktop>µble.exe -a -m  log.txt
'µble.exe' blev ikke genkendt som en intern eller ekstern kommando,
et program eller en batchfil.

C:\Users\Michael\Desktop>notepad log.txt
04. januar 2010 - 21:21 #23
(Brug et andet bogstav end æ ... eks banan.exe ? *S*)
Avatar billede f-arn Guru
04. januar 2010 - 21:34 #24
Pakkede du autorunsc.exe ud på skrivebordet som æble.exe ?
Avatar billede spider006 Nybegynder
04. januar 2010 - 21:46 #25
HKLM\System\CurrentControlSet\Services
  AdobeActiveFileMonitor7.0
    c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    Tracks files that are managed by Adobe Photoshop Elements
    Adobe Systems Incorporated
    7.0.1.0
    c:\program files (x86)\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe
    6d9fc1e7ea3c548f4d3455f0c3feef8c (MD5)
    df919bbbe24cd1517ef36b165da77434ac538b32 (SHA-1)
    0cdb4fe838aae02bad50f5284e3eead53a58366bf2d3b64903b4ee93c8506a98 (SHA-256)
  AMD External Events Utility
    %SystemRoot%\system32\atiesrxx.exe
    AMD External Events Service Module
    AMD
    6.14.11.1033
    c:\windows\system32\atiesrxx.exe
    d0d8877969011d1b0ed9c3c55a9a9108 (MD5)
    2c903f81bc3fc8f1757c0c9af2dfcb39da55c778 (SHA-1)
    dff41d12ea353dfacdf5c1c227d2d44d659eb8c484829651c90f8684ce2b9e49 (SHA-256)
  aswUpdSv
    "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    Gør det muligt at få automatisk opdatering til avast! antivirus.
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\aswupdsv.exe
    5debc3519d489411073fa7e56ffb4a93 (MD5)
    f0725cebf1b21a66c05df5446633d19c79c088b4 (SHA-1)
    40bbd69aa4896dd41ec30048f822af1e34ff24f9e3cf160fb09364c75434ea29 (SHA-256)
  avast! Antivirus
    "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    Administrer og implementer avast! antivirus tjenester for denne computer. Dette inkluderer resident beskyttelse, viruskisten og planlægningsværktøj.
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashserv.exe
    0aaf6b848185899cf76ae04e62eab3d2 (MD5)
    38efc4e5adbb8d36bc51466f58e2c31650bf5d7f (SHA-1)
    7349517c319d26be8f9382e3995d4130dc8f6c28499b4ae25ba05af13c4de638 (SHA-256)
  avast! Mail Scanner
    "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    Implementerer skanning af post i avast! antivirus.
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashmaisv.exe
    b2f564dc59b67763c73269e1a9da7f18 (MD5)
    f50810fe7cf28e842d30b3a4dd637fda3d4cc63c (SHA-1)
    2cfc9acb92c3860c38c0a990891207ae7efa43630963db6518815e569b17ad14 (SHA-256)
  avast! Web Scanner
    "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    Implementerer skanning af web (HTTP) i avast! antivirus.
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashwebsv.exe
    d86010c96abadda75356834d6113d37d (MD5)
    57b56b395acaecc8c35d15450483c776d8b40aca (SHA-1)
    4e0b30f2c76b10b2c3215bfe2cb020e11da2deec7ec51de9c26d777ef9e9ff15 (SHA-256)
  ePowerSvc
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
    Acer ePower Service
    Acer Incorporated
    4.5.3002.0
    c:\program files\packard bell\packard bell power management\epowersvc.exe
    7c35c6865957289d9efe6cc73f4ab2e1 (MD5)
    4629d12e596d59b58fde30bd7aee20dbc234a57d (SHA-1)
    2a57cc80ca39a6664dc271f0f159c649cb3eba210da4afe20a7b6ef939acde8f (SHA-256)
  FLEXnet Licensing Service
    "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
    This service performs licensing functions on behalf of FLEXnet enabled products.
    Macrovision Europe Ltd.
    11.5.0.0
    c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
    f76d04f7413b07daa029f6520b64b4e8 (MD5)
    4a28e7ffb7661816a7cd1e641c89eef274e1664d (SHA-1)
    3eb13c0efe737880853fb8952381e7a57723f9472e0e4ed7cda8a0d7de8dc90d (SHA-256)
  Greg_Service
    C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
    Global Registration Service
    Acer Incorporated
    1.0.2001.0
    c:\program files (x86)\packard bell\registration\greghsrw.exe
    816fd5a6f3c2f3d600900096632fc60e (MD5)
    059b2f4f8d5a1c20e67e2fab2bfc2439906a5403 (SHA-1)
    d92401c4b56663f8a12b6390562608a125713408b00266c53844129679e48e9c (SHA-256)
  Nero BackItUp Scheduler 4.0
    c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
    Nero AG
    4.2.3.100
    c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe
    b90e093e7a7250906f1054418b5339c0 (MD5)
    743600c2915546af6d0ad7b60b98ec8f8e61673b (SHA-1)
    f9a0bac5b4b29f14b5caca1047f8928a495efd56e485492bf71c856b296476d6 (SHA-256)
  NTI IScheduleSvc
    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    NTI IShadow Manage backup/Sync jobs and  etc...
    NewTech Infosystems, Inc.
    2.0.0.22
    c:\program files (x86)\newtech infosystems\packard bell mybackup\ischedulesvc.exe
    70e3eb0cef795d348f05e5a9b115f491 (MD5)
    9017b1653c6e888f15144fcf7d7ff79be9cb42f7 (SHA-1)
    f62ff02a34416e027bde57dd54c436ce29cb83758b9dab24bd6e042bb6a335b8 (SHA-256)
  Updater Service
    C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    Acer Update Service
    Acer
    1.0.0.6
    c:\program files\packard bell\packard bell updater\updaterservice.exe
    70dde3a86dbeb1d6c3c30ad687b1877a (MD5)
    f6997fdcf531818a0a35429e06b2adc5da666ca3 (SHA-1)
    2dae797240db8f521f1c9d1171524790052e186b060d58a1b102fbffc80ce48e (SHA-256)

HKLM\System\CurrentControlSet\Services
  adp94xx
    \SystemRoot\system32\DRIVERS\adp94xx.sys
    Adaptec Windows SAS/SATA Storport Driver
    Adaptec, Inc.
    1.6.6.4
    c:\windows\system32\drivers\adp94xx.sys
    2f6b34b83843f0c5118b63ac634f5bf4 (MD5)
    2f1e5cc89b811aab5983bfe20235d44450fe8361 (SHA-1)
    43e3f5fbfb5d33981ac503dee476868ec029815d459e7c36c4abc2d2f75b5735 (SHA-256)
  adpahci
    \SystemRoot\system32\DRIVERS\adpahci.sys
    Adaptec Windows SATA Storport Driver
    Adaptec, Inc.
    1.6.6.1
    c:\windows\system32\drivers\adpahci.sys
    597f78224ee9224ea1a13d6350ced962 (MD5)
    794decb2c5de49bd18e6a84b6c38d7843bde6a9a (SHA-1)
    da7fd99be5e3b7b98605bf5c13bf3f1a286c0de1240617570b46fe4605e59bdc (SHA-256)
  adpu320
    \SystemRoot\system32\DRIVERS\adpu320.sys
    Adaptec StorPort Ultra320 SCSI Driver (X64)
    Adaptec, Inc.
    7.2.0.0
    c:\windows\system32\drivers\adpu320.sys
    e109549c90f62fb570b9540c4b148e54 (MD5)
    d6dd0d5152a67fbfc7a71384db6ab2ac0288813d (SHA-1)
    e804563735153ea00a00641814244bc8a347b578e7d63a16f43fb17566ee5559 (SHA-256)
  aliide
    \SystemRoot\system32\DRIVERS\aliide.sys
    ALi mini IDE Driver
    Acer Laboratories Inc.
    1.2.0.0
    c:\windows\system32\drivers\aliide.sys
    5812713a477a3ad7363c7438ca2ee038 (MD5)
    c816b897a56e7d95a2aa0ca8ab38ed9d597d9a06 (SHA-1)
    a7316299470d2e57a11499c752a711bf4a71eb11c9cba731ed0945ff6a966721 (SHA-256)
  amdsata
    \SystemRoot\system32\DRIVERS\amdsata.sys
    AHCI 1.2 Device Driver
    Advanced Micro Devices
    1.1.2.4
    c:\windows\system32\drivers\amdsata.sys
    7a4b413614c055935567cf88a9734d38 (MD5)
    aff608118dccc9682ef4bab3596c556479808913 (SHA-1)
    a3bb7cdf3ee0eef67f89263e81145e73c7142ef5f0af265375c2ecce74f932c4 (SHA-256)
  amdsbs
    \SystemRoot\system32\DRIVERS\amdsbs.sys
    AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
    AMD Technologies Inc.
    3.6.1540.127
    c:\windows\system32\drivers\amdsbs.sys
    f67f933e79241ed32ff46a4f29b5120b (MD5)
    191c417029f652e4fef0cb605d5c21374f881180 (SHA-1)
    d6ef539058f159cc4dd14ca9b1fd924998feac9d325c823c7a2dd21fef1dc1a8 (SHA-256)
  amdxata
    system32\DRIVERS\amdxata.sys
    Storage Filter Driver
    Advanced Micro Devices
    1.1.2.4
    c:\windows\system32\drivers\amdxata.sys
    b4ad0cacbab298671dd6f6ef7e20679d (MD5)
    afa7f9d3197512a6b2010363ee8919043feee868 (SHA-1)
    fb566c892d0a3dc0a523ae20f35011996958d670937dd5c1a1fccd36aac714d7 (SHA-256)
  ApfiltrService
    system32\DRIVERS\Apfiltr.sys
    Alps Touch Pad Driver
    Alps Electric Co., Ltd.
    7.3.0.69
    c:\windows\system32\drivers\apfiltr.sys
    9815014f3e30357168da272088c6f12f (MD5)
    4676e880ddf78acbd76979f4a6e568f2f6ec6cdb (SHA-1)
    4a9832a9c646306cb3f2b3d714eeae0fd90cdb977ba248a6cd2c9a04ca682040 (SHA-256)
  arc
    \SystemRoot\system32\DRIVERS\arc.sys
    Adaptec RAID Storport Driver
    Adaptec, Inc.
    5.2.0.10384
    c:\windows\system32\drivers\arc.sys
    c484f8ceb1717c540242531db7845c4e (MD5)
    748eedc6972f78c75a57eaa103c25bcfb1db4c04 (SHA-1)
    c507ce26716eb923b864ed85e8fa0b24591e2784a2f4f0e78aeed7e9953311f6 (SHA-256)
  arcsas
    \SystemRoot\system32\DRIVERS\arcsas.sys
    Adaptec SAS RAID WS03 Driver
    Adaptec, Inc.
    5.2.0.16119
    c:\windows\system32\drivers\arcsas.sys
    019af6924aefe7839f61c830227fe79c (MD5)
    579f4eee6416d253193b535362a7a5fde4623b87 (SHA-1)
    5926b9ddfc9198043cdd6ea0b384c83b001ec225a8125628c4a45a3e6c42c72a (SHA-256)
  aswFsBlk
    system32\DRIVERS\aswFsBlk.sys
    avast! mini-filter driver (aswFsBlk)
    ALWIL Software
    4.8.1356.0
    c:\windows\system32\drivers\aswfsblk.sys
    5bab6d80435f9dff95a7e86c69110b32 (MD5)
    74e3372d3d5219cbd2ed19a584d0841c63729648 (SHA-1)
    fb8793755a5011bf6ebed0884d3d8fbe4e6d2fff4fa80965297ee787c166cae7 (SHA-256)
  aswMonFlt
    system32\DRIVERS\aswMonFlt.sys
    avast! mini-filter driver (aswMonFlt)
    ALWIL Software
    4.8.1356.0
    c:\windows\system32\drivers\aswmonflt.sys
    6067ec1c153f07a9e8e76b45df4d9f8d (MD5)
    6981673ad661752c77633fd897433753f1172cd5 (SHA-1)
    21ef7e582a3fafcbfda55f03fff4eef38cb723bf6ede913cc422adaae24a353c (SHA-256)
  aswRdr
    aswRdr
    avast! TDI RDR Driver
    ALWIL Software
    4.8.1356.0
    c:\windows\system32\drivers\aswrdr.sys
    e4928b11d24fc5490c92ed74ecd922d0 (MD5)
    ec5ea2df56dbc3ad47377574cfb60ab33368c079 (SHA-1)
    a74b11053c64edc0512b9c857abe721170de97121294ce2d2d59577d8ba1ede4 (SHA-256)
  aswSP
    aswSP
    avast! self protection module
    ALWIL Software
    4.8.1356.0
    c:\windows\system32\drivers\aswsp.sys
    c6c9a87dd1ba5815082cd900ebe0bfb1 (MD5)
    75b80b743f425f070aee7e2d42f826fb203f1988 (SHA-1)
    52585b1d0f5927e721984a63e79cdaa61851c2999a92d90156e250286f760a3a (SHA-256)
  aswTdi
    aswTdi
    avast! TDI Filter Driver
    ALWIL Software
    4.8.1356.0
    c:\windows\system32\drivers\aswtdi.sys
    d6cd3f4c869adf746c87b7188743664f (MD5)
    e0dac9d1407f08b319bbe8db06a72850f22adecb (SHA-1)
    796180f490f12a8fa2a0e8490e4f1948ffcbd826e3defcaadb3c62ec2d8b00ce (SHA-256)
  athr
    system32\DRIVERS\athrx.sys
    Atheros Extensible Wireless LAN device driver
    Atheros Communications, Inc.
    8.0.0.238
    c:\windows\system32\drivers\athrx.sys
    0acc06fcf46f64ed4f11e57ee461c1f4 (MD5)
    750c6189a106554f01e074d3092b3caa97b8a6bb (SHA-1)
    f2ab7198c7f7d36ab1d6d03c1fefd929ed402002ac835b909fc14938bc0ee24b (SHA-256)
  AtiHdmiService
    system32\drivers\AtiHdmi.sys
    Ati High Definition Audio Function Driver
    ATI Research Inc.
    5.0.7000.4
    c:\windows\system32\drivers\atihdmi.sys
    38467ff83c2b4265d51f418812a91e3c (MD5)
    366512efbdd8f72f1ca562ab860ea72ad044f504 (SHA-1)
    93f3c16e3b97edbe7315cc9b9008d2b77d658ebff14ecb184d521373e0b193d0 (SHA-256)
  atikmdag
    system32\DRIVERS\atikmdag.sys
    ATI Radeon Kernel Mode Driver
    ATI Technologies Inc.
    8.1.1.921
    c:\windows\system32\drivers\atikmdag.sys
    c5758bf1dfd762a5b17041ff061b7750 (MD5)
    eeee79103ebd258511f5922704906d207ffbfe6c (SHA-1)
    ba732e670536c73523da0880485e5028c682fbeaf048f564eb626da61364caad (SHA-256)
  AtiPcie
    system32\DRIVERS\AtiPcie.sys
    AMD PCIE Filter Driver for ATI PCIE chipset
    Advanced Micro Devices Inc.
    1.3.0.49
    c:\windows\system32\drivers\atipcie.sys
    7c5d273e29dcc5505469b299c6f29163 (MD5)
    9406074a2db85fc82c594a4134a6adf4f1025e75 (SHA-1)
    206cab85ce12a3953f0861c811575dc7fd000147436219eee334584a33370b3a (SHA-256)
  b06bdrv
    \SystemRoot\system32\DRIVERS\bxvbda.sys
    Broadcom NetXtreme II GigE VBD
    Broadcom Corporation
    4.8.2.0
    c:\windows\system32\drivers\bxvbda.sys
    3e5b191307609f7514148c6832bb0842 (MD5)
    43dbd3cfcd1b040db7e4da6866b9a7745b12ea17 (SHA-1)
    de011cb7aa4a2405faf21575182e0793a1d83dffc44e9a7864d59f3d51d8d580 (SHA-256)
  b57nd60a
    system32\DRIVERS\b57nd60a.sys
    Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
    Broadcom Corporation
    10.100.4.0
    c:\windows\system32\drivers\b57nd60a.sys
    b5ace6968304a3900eeb1ebfd9622df2 (MD5)
    6165271f5f1ec6d643a3b4f5e301d18cb2242b92 (SHA-1)
    1daa118d8ca3f97b34df3d3cda1c78eab2ed225699feabe89d331ae0cb7679fa (SHA-256)
  BCM43XX
    system32\DRIVERS\bcmwl664.sys
    Broadcom 802.11 Network Adapter wireless driver
    Broadcom Corporation
    4.176.75.18
    c:\windows\system32\drivers\bcmwl664.sys
    9e84a931dbee0292e38ed672f6293a99 (MD5)
    059b371c5ba4d06abda867cf1504cc4acb21da26 (SHA-1)
    2945eaf0ac091709e0c5508b45ec343ede507ac2b08a2d7d64f286d38424cbc4 (SHA-256)
  BrFiltLo
    \SystemRoot\system32\DRIVERS\BrFiltLo.sys
    Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
    Brother Industries, Ltd.
    1.10.0.2
    c:\windows\system32\drivers\brfiltlo.sys
    f09eee9edc320b5e1501f749fde686c8 (MD5)
    1869dc29f7782649e8d79f840fc99a973efb0b8e (SHA-1)
    66691114c42e12f4cc6dc4078d4d2fa4029759acdaf1b59d17383487180e84e3 (SHA-256)
  BrFiltUp
    \SystemRoot\system32\DRIVERS\BrFiltUp.sys
    Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
    Brother Industries, Ltd.
    1.4.0.1
    c:\windows\system32\drivers\brfiltup.sys
    b114d3098e9bdb8bea8b053685831be6 (MD5)
    06f6df046db6f6c6c309bf1e5167f39a4cebdffa (SHA-1)
    0ed23c1897f35fa00b9c2848de4ed200e18688aa7825674888054bbc3a3eb92c (SHA-256)
  Brserid
    \SystemRoot\System32\Drivers\Brserid.sys
    Brotehr Serial I/F Driver (WDM)
    Brother Industries Ltd.
    1.0.1.6
    c:\windows\system32\drivers\brserid.sys
    43bea8d483bf1870f018e2d02e06a5bd (MD5)
    e3889ce37a33ef9f8b93a98fd5673d390f56d46d (SHA-1)
    4e6f5a5fd8c796a110b0dc9ff29e31ea78c04518fc1c840ef61babd58ab10272 (SHA-256)
  BrSerWdm
    \SystemRoot\System32\Drivers\BrSerWdm.sys
    Brother Serial driver (WDM version)
    Brother Industries Ltd.
    1.0.0.20
    c:\windows\system32\drivers\brserwdm.sys
    a6eca2151b08a09caceca35c07f05b42 (MD5)
    ad76986bb716101cec523aed984c4b5d213d7725 (SHA-1)
    e2875bb7768abaf38c3377007aa0a3c281503474d1831e396fb6599721586b0c (SHA-256)
  BrUsbMdm
    \SystemRoot\System32\Drivers\BrUsbMdm.sys
    Brother USB MDM Driver
    Brother Industries Ltd.
    1.0.0.12
    c:\windows\system32\drivers\brusbmdm.sys
    b79968002c277e869cf38bd22cd61524 (MD5)
    69f87e8aa08ddc9f21a831d098e1163c0cd876c0 (SHA-1)
    50631836502237af4893ecdcea43b9031c3de97433f594d46af7c3c77f331983 (SHA-256)
  BrUsbSer
    \SystemRoot\System32\Drivers\BrUsbSer.sys
    Brother USB Serial Driver
    Brother Industries Ltd.
    1.0.1.3
    c:\windows\system32\drivers\brusbser.sys
    a87528880231c54e75ea7a44943b38bf (MD5)
    c3df5ad932bd6bdc8b110e40b67017b8b0858182 (SHA-1)
    4c8bbb29fda76a96840aa47a8613c15d4466f9273a13941c19507008629709c9 (SHA-256)
  cmdide
    \SystemRoot\system32\DRIVERS\cmdide.sys
    CMD PCI IDE Bus Driver
    CMD Technology, Inc.
    2.0.7.0
    c:\windows\system32\drivers\cmdide.sys
    e19d3f095812725d88f9001985b94edd (MD5)
    f07f4e428963c3d11c187e098e084064ae3dcbff (SHA-1)
    46243c5ccc4981cac6fa6452ffcec33329bf172448f1852d52592c9342e0e18b (SHA-256)
  CnxtHdAudService
    system32\drivers\CHDRT64.sys
    64-bit High Definition Audio Function Driver
    Conexant Systems Inc.
    4.98.9.0
    c:\windows\system32\drivers\chdrt64.sys
    20f3f8674d7dee5d90a352b775d5d5ba (MD5)
    507a067b99031f15c62415e252ac992efad03c29 (SHA-1)
    3d51276c77183652533a882f6c766075c7f5981dd116888567dc8e7ff3cf0d2d (SHA-256)
  DKbFltr
    SysWOW64\Drivers\DKbFltr.sys
    Dritek 64-bit PS/2 Keyboard Filter Driver
    Dritek System Inc.
    2.1.1.218
    c:\windows\syswow64\drivers\dkbfltr.sys
    d5bcb77be83cf99f508943945d46343d (MD5)
    cbc59ef05226a3f3e1059131ad8fc380a3d03a89 (SHA-1)
    00c5624ce970a05075a19168643bf6e8fa60c764333ecec088d7ffca10547833 (SHA-256)
  ebdrv
    \SystemRoot\system32\DRIVERS\evbda.sys
    Broadcom NetXtreme II 10 GigE VBD
    Broadcom Corporation
    4.8.13.0
    c:\windows\system32\drivers\evbda.sys
    dc5d737f51be844d8c82c695eb17372f (MD5)
    22845914869feed723ed524ec7139e48565a48aa (SHA-1)
    6d4022d9a46ede89cef0faeadcc94c903234dfc460c0180d24ff9e38e8853017 (SHA-256)
  elxstor
    \SystemRoot\system32\DRIVERS\elxstor.sys
    Storport Miniport Driver for LightPulse HBAs
    Emulex
    7.2.10.211
    c:\windows\system32\drivers\elxstor.sys
    0e5da5369a0fcaea12456dd852545184 (MD5)
    6018913d1bf9e2cbe53aabe6ea9d9011a3010a71 (SHA-1)
    9a64ac5396f978c3b92794edce84dca938e4662868250f8c18fa7c2c172233f8 (SHA-256)
  hcw85cir
    \SystemRoot\system32\drivers\hcw85cir.sys
    Hauppauge WinTV 885 Consumer IR Driver for eHome
    Hauppauge Computer Works, Inc.
    1.31.27127.0
    c:\windows\system32\drivers\hcw85cir.sys
    f2523ef6460fc42405b12248338ab2f0 (MD5)
    054c41df108a9a94b6e5e7276ebeee4f920dd9bc (SHA-1)
    b2f3de8de1f512d871bc2bc2e8d0e33ab03335bfbc07627c5f88b65024928e19 (SHA-256)
  HpSAMD
    \SystemRoot\system32\DRIVERS\HpSAMD.sys
    Smart Array SAS/SATA Controller Media Driver
    Hewlett-Packard Company
    6.12.4.64
    c:\windows\system32\drivers\hpsamd.sys
    0886d440058f203eba0e1825e4355914 (MD5)
    f416b25642ba726033eff0b01b621f2cb06689d2 (SHA-1)
    bc49c4cefe324a08c864a4bf4fea9a70151fab7cc30bdc28344f3ffd2f500070 (SHA-256)
  iaStorV
    \SystemRoot\system32\DRIVERS\iaStorV.sys
    Intel Matrix Storage Manager driver - x64
    Intel Corporation
    8.6.2.1012
    c:\windows\system32\drivers\iastorv.sys
    d83efb6fd45df9d55e9a1afc63640d50 (MD5)
    5f15dc59cccf66a1fb3cb397ed9eaf326674132a (SHA-1)
    0494f8f7cb3ed11fd8d0b838cb71271af7a3cbfcb7f2cb043a9392b5106a3c7b (SHA-256)
  igfx
    system32\DRIVERS\igdkmd64.sys
    Intel Graphics Kernel Mode Driver
    Intel Corporation
    8.15.10.1749
    c:\windows\system32\drivers\igdkmd64.sys
    a87261ef1546325b559374f5689cf5bc (MD5)
    e383f5da99dfa34b3058667471321d89367cbb2a (SHA-1)
    8de48a8a13a32aaac54cddf58f3f61be3e2802c1d9ca1ca98e57eb0d65fb6002 (SHA-256)
  iirsp
    \SystemRoot\system32\DRIVERS\iirsp.sys
    Intel/ICP Raid Storport Driver
    Intel Corp./ICP vortex GmbH
    5.4.22.0
    c:\windows\system32\drivers\iirsp.sys
    5c18831c61933628f5bb0ea2675b9d21 (MD5)
    8bcb89cbdd3471e576d044c6e3fbea77d4f33020 (SHA-1)
    5cd9de2f8c0256623a417b5c55bf55bb2562bd7ab2c3c83bb3d9886c2fbda4e4 (SHA-256)
  k57nd60a
    system32\DRIVERS\k57nd60a.sys
    Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver.
    Broadcom Corporation
    12.2.1.1
    c:\windows\system32\drivers\k57nd60a.sys
    249ee2d26cb1530f3bede0ac8b9e3099 (MD5)
    6586251627d8c36c28b9e75ddc444d192835f9d8 (SHA-1)
    6ebf72dccdc1efcd9fe712b895d61359f46c2af41f1ec47a3c486e79aa1bc026 (SHA-256)
  L1E
    system32\DRIVERS\L1E62x64.sys
    Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    Atheros Communications, Inc.
    1.0.0.15
    c:\windows\system32\drivers\l1e62x64.sys
    2ac603c3188c704cfce353659aa7ad71 (MD5)
    f8cdbb9f817d1821f5e78df20231505ab22e54c7 (SHA-1)
    0dac2e8858221145fa35883bae0d6484e60eb624158de9f063ff209951cd1cdf (SHA-256)
  LSI_FC
    \SystemRoot\system32\DRIVERS\lsi_fc.sys
    LSI Fusion-MPT FC Driver (StorPort)
    LSI Corporation
    1.28.3.52
    c:\windows\system32\drivers\lsi_fc.sys
    1a93e54eb0ece102495a51266dcdb6a6 (MD5)
    6daf46c2d3e18320d9a4aa60fc4bf1fb8427abe8 (SHA-1)
    db6aa86aa36c3a7988be96e87b5d3251be7617c54ee8f894d9dc2e267fe3255b (SHA-256)
  LSI_SAS
    \SystemRoot\system32\DRIVERS\lsi_sas.sys
    LSI Fusion-MPT SAS Driver (StorPort)
    LSI Corporation
    1.28.3.52
    c:\windows\system32\drivers\lsi_sas.sys
    1047184a9fdc8bdbff857175875ee810 (MD5)
    a703e2888e1814b571e99797f96b8f59f9e96044 (SHA-1)
    f2251edb7736a26d388a0c5cc2fe5fb9c5e109cbb1e3800993554cb21d81ae4b (SHA-256)
  LSI_SAS2
    \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    LSI SAS Gen2 Driver (StorPort)
    LSI Corporation
    2.0.2.71
    c:\windows\system32\drivers\lsi_sas2.sys
    30f5c0de1ee8b5bc9306c1f0e4a75f93 (MD5)
    f716bb286a39d3229e10f83fa63e7a05dd617c13 (SHA-1)
    88d5740a4e9cc3fa80fa18035dab441bdc5a039622d666bfdaa525cc9686bd06 (SHA-256)
  LSI_SCSI
    \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    LSI Fusion-MPT SCSI Driver (StorPort)
    LSI Corporation
    1.28.3.67
    c:\windows\system32\drivers\lsi_scsi.sys
    0504eacaff0d3c8aed161c4b0d369d4a (MD5)
    c2dc26eac246f0780b3124ac04e1b3acdae985ea (SHA-1)
    4d272237c189646f5c80822fd3cba7c2728e482e2daaf7a09c8aef811c89c54d (SHA-256)
  megasas
    \SystemRoot\system32\DRIVERS\megasas.sys
    MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
    LSI Corporation
    4.5.1.64
    c:\windows\system32\drivers\megasas.sys
    a55805f747c6edb6a9080d7c633bd0f4 (MD5)
    01eb358c13a516018cc65ea0117284098e61f594 (SHA-1)
    2da0e83bf3c8adef6f551b6cc1c0a3f6149cdbe6ec60413ba1767c4de425a728 (SHA-256)
  MegaSR
    \SystemRoot\system32\DRIVERS\MegaSR.sys
    LSI MegaRAID Software RAID Driver
    LSI Corporation, Inc.
    13.5.409.2009
    c:\windows\system32\drivers\megasr.sys
    baf74ce0072480c3b6b7c13b2a94d6b3 (MD5)
    238748298bcd242a28302ea45df560fe9c31d62f (SHA-1)
    85cbb4949c090a904464f79713a3418338753d20d7fb811e68f287fdac1dd834 (SHA-256)
  nfrd960
    \SystemRoot\system32\DRIVERS\nfrd960.sys
    IBM ServeRAID Controller Driver
    IBM Corporation
    7.10.0.0
    c:\windows\system32\drivers\nfrd960.sys
    77889813be4d166cdab78ddba990da92 (MD5)
    400cd9e08db734367704d58054bcfce1922a387e (SHA-1)
    2ef531ae502b943632eec66a309a8bfcdd36120a5e1473f4aaf3c2393ad0e6a3 (SHA-256)
  NTIDrvr
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    NTI CD-ROM Filter Driver
    NewTech Infosystems, Inc.
    1.0.0.9
    c:\windows\system32\drivers\ntidrvr.sys
    64ddd0dee976302f4bd93e5efcc2f013 (MD5)
    569a58922b617f701e5a8c6a6061f71a72e36ab8 (SHA-1)
    19f54b4549999ef96fae1b2b97973f281304843ade0cf5823574453ab41e3e9c (SHA-256)
  nvraid
    \SystemRoot\system32\DRIVERS\nvraid.sys
    NVIDIA® nForce(TM) RAID Driver
    NVIDIA Corporation
    10.6.0.16
    c:\windows\system32\drivers\nvraid.sys
    3e38712941e9bb4ddbee00affe3fed3d (MD5)
    7697ec906b9b3c780f11b48788f4b1baece8252a (SHA-1)
    03f27cc0ef0a86d0b2daab6f72838cb2ab57fe5d40074828d5b7f118cd5cbee7 (SHA-256)
  nvstor
    \SystemRoot\system32\DRIVERS\nvstor.sys
    NVIDIA® nForce(TM) Sata Performance Driver
    NVIDIA Corporation
    10.6.0.16
    c:\windows\system32\drivers\nvstor.sys
    477dc4d6deb99be37084c9ac6d013da1 (MD5)
    c3997132e495d4d27d0a785afdfe94e399c93e84 (SHA-1)
    e58c4d621caab1c68fb4a056576f48bc87913a5ebf0b511effb8f38c7d3e516e (SHA-256)
  PxHlpa64
    System32\Drivers\PxHlpa64.sys
    Px Engine Device Driver for 64-bit Windows
    Sonic Solutions
    3.0.83.0
    c:\windows\system32\drivers\pxhlpa64.sys
    fbf4db6d53585437e41a113300002a2b (MD5)
    2fd8f308e7ee128d83338b1c15d96dafa87bf9f6 (SHA-1)
    a0145ce87a95da3775b28a00e741660c26ade34bbcc7fc502ed809931482c8f2 (SHA-256)
  ql2300
    \SystemRoot\system32\DRIVERS\ql2300.sys
    QLogic Fibre Channel Stor Miniport Driver
    QLogic Corporation
    9.1.8.6
    c:\windows\system32\drivers\ql2300.sys
    a53a15a11ebfd21077463ee2c7afeef0 (MD5)
    bfd103310f198991b002252526c82573f46ef7ee (SHA-1)
    6002b012a75045dea62640a864a8721eade2f8b65beb5f5ba76d8cd819774489 (SHA-256)
  ql40xx
    \SystemRoot\system32\DRIVERS\ql40xx.sys
    QLogic iSCSI Storport Miniport Driver
    QLogic Corporation
    2.1.3.20
    c:\windows\system32\drivers\ql40xx.sys
    4f6d12b51de1aaeff7dc58c4d75423c8 (MD5)
    29529fc3edf901145d905f6f1575551b54f37dbf (SHA-1)
    fb6abab741ced66a79e31a45111649f2fa3e26cee77209b5296f789f6f7d08de (SHA-256)
  RSUSBSTOR
    System32\Drivers\RtsUStor.sys
    Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7
    Realtek Semiconductor Corp.
    6.1.7600.30104
    c:\windows\system32\drivers\rtsustor.sys
    db30aa4daa0d492fa5d7717d8181ffa1 (MD5)
    8a2133660582d49a1a3cd74caf0d5f5a0c7cf0ad (SHA-1)
    1126ad4998d410918cfb7dbd9c74da7f4066a4c0f90f0e7d689a6e65b2420817 (SHA-256)
  RtsUIR
    system32\DRIVERS\Rts516xIR.sys
    File not found: system32\DRIVERS\Rts516xIR.sys
  SASDIFSV
    \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
    SASDIFSV.SYS
    SUPERAdBlocker.com and SUPERAntiSpyware.com
    1.0.0.1014
    c:\program files (x86)\superantispyware\sasdifsv.sys
    5bf35c4ea3f00fa8d3f1e5bf03d24584 (MD5)
    eb3925c5bd552979b7f33041d2b8423227248466 (SHA-1)
    f2b57eace3e5259793d245243530537123ea87304432b91f12c1397f14d5d8d6 (SHA-256)
  SASENUM
    \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
    SASENUM.SYS
      SUPERAdBlocker.com and SUPERAntiSpyware.com
    1.0.0.1004
    c:\program files (x86)\superantispyware\sasenum.sys
    a22f08c98ac2f44587bf3a1fb52bf8cd (MD5)
    4dea85ab80305d77165f4bc0e23b8ffb4e048ef2 (SHA-1)
    9feba5491ae674c7b37c5089e491e2ff74a444da902e3ce2b15867dde5166901 (SHA-256)
  SASKUTIL
    \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
    SASKUTIL.SYS
    SUPERAdBlocker.com and SUPERAntiSpyware.com
    1.0.0.1070
    c:\program files (x86)\superantispyware\saskutil.sys
    c7d81c10d3befeee41f3408714637438 (MD5)
    4196d2637c3c75d6f887b90fb64b1c9603a6f6b1 (SHA-1)
    ed46b3de3195b80b34af0506b2b2940ebc6f243eac8fc7c485c594de88e058b2 (SHA-256)
  secdrv
    secdrv
    Macrovision SECURITY Driver
    Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
    4.3.86.0
    c:\windows\system32\drivers\secdrv.sys
    3ea8a16169c26afbeb544e0e48421186 (MD5)
    1d900e0f3791597aebfb9b1c91624b02ce2256ae (SHA-1)
    34bbb0459c96b3de94ccb0d73461562935c583d7bf93828da4e20a6bc9b7301d (SHA-256)
  SiSRaid2
    \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    SiS RAID Stor Miniport Driver
    Silicon Integrated Systems Corp.
    5.1.1039.2600
    c:\windows\system32\drivers\sisraid2.sys
    843caf1e5fde1ffd5ff768f23a51e2e1 (MD5)
    0072ee5a32ff1449d25f3d539e82c78bbf823098 (SHA-1)
    89ca9f516e42a6b905474d738cda2c121020a07dbd4e66cfe569dd77d79d7820 (SHA-256)
  SiSRaid4
    \SystemRoot\system32\DRIVERS\sisraid4.sys
    SiS AHCI Stor-Miniport Driver
    Silicon Integrated Systems
    5.1.1039.3600
    c:\windows\system32\drivers\sisraid4.sys
    6a6c106d42e9ffff8b9fcb4f754f6da4 (MD5)
    2988e9978ce8103512c59dd75db3b744b51b9d00 (SHA-1)
    87b85c66df7eb6fdb8a2341d05faa5261ff68a90ccfc63f0e4a03824f1e33e5e (SHA-256)
  sptd
    System32\Drivers\sptd.sys
    c:\windows\system32\drivers\sptd.sys
  SrvHsfHDA
    system32\DRIVERS\VSTAZL6.SYS
    HSF_HWAZL WDM driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstazl6.sys
    0c4540311e11664b245a263e1154cef8 (MD5)
    e3dca8f5408291d57ae5a5aaf565dcd8e237b38e (SHA-1)
    63376322bffaff2f166af3fdd3f1a346c21fae21f406f659f8630779d1d6525d (SHA-256)
  SrvHsfV92
    system32\DRIVERS\VSTDPV6.SYS
    HSF_DP driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstdpv6.sys
    02071d207a9858fbe3a48cbfd59c4a04 (MD5)
    31fe14c3e844b55ed25aada8b2558a2a479fd2ee (SHA-1)
    fea4debaec3465e0c7c1e8b721805922f6bbcb96a60a193b11688f4252f4b89e (SHA-256)
  SrvHsfWinac
    system32\DRIVERS\VSTCNXT6.SYS
    HSF_CNXT driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstcnxt6.sys
    18e40c245dbfaf36fd0134a7ef2df396 (MD5)
    c70ad4ca4e5acb0d5117688ffa95cb62c7848151 (SHA-1)
    0138a68958112101a5d3bd94114f320ce80b0c9a93e009ac78de7415fccc7de7 (SHA-256)
  stexstor
    \SystemRoot\system32\DRIVERS\stexstor.sys
    Promise  SuperTrak EX Series Driver for Windows
    Promise Technology
    5.0.1.1
    c:\windows\system32\drivers\stexstor.sys
    f3817967ed533d08327dc73bc4d5542a (MD5)
    7c3c96e3731d5ec11193ed1e48abada8e818f9e1 (SHA-1)
    1b204454408a690c0a86447f3e4aa9e7c58a9cfb567c94c17c21920ba648b4d5 (SHA-256)
  UBHelper
    \??\C:\Windows\system32\drivers\UBHelper.sys
    NTI CDROM Filter Driver
    NewTech Infosystems Corporation
    2.0.0.11
    c:\windows\system32\drivers\ubhelper.sys
    2e22c1fd397a5a9ffef55e9d1fc96c00 (MD5)
    64b29e5648e24909b453426e51126e063d6670ba (SHA-1)
    4646712b3f3af6188dbce1a95d92261e8b15e9583fe5dd538ec884f48b51759d (SHA-256)
  USBCCID
    system32\DRIVERS\usbccid.sys
    File not found: system32\DRIVERS\usbccid.sys
  usbfilter
    system32\DRIVERS\usbfilter.sys
    AMD USB Filter Driver
    Advanced Micro Devices
    1.0.11.82
    c:\windows\system32\drivers\usbfilter.sys
    6648c6d7323a2ce0c4776c36cefbcb14 (MD5)
    09d8cd62bf4d0a739f47e7b9397a57bb43f5a5b2 (SHA-1)
    31db869351bf3673284721b0d37fc1fc5d858829c7b19b563e3a9c3082d14631 (SHA-256)
  viaide
    \SystemRoot\system32\DRIVERS\viaide.sys
    VIA Generic PCI IDE Bus Driver
    VIA Technologies, Inc.
    6.0.6000.170
    c:\windows\system32\drivers\viaide.sys
    e5689d93ffe4e5d66c0178761240dd54 (MD5)
    ff5d225af841a5cacd92553d4790ba5bc4304961 (SHA-1)
    6d35ced80681b12aaf63bfa0da1c386e71d3838839b68a686990aa8031949d27 (SHA-256)
  vsmraid
    \SystemRoot\system32\DRIVERS\vsmraid.sys
    VIA RAID DRIVER FOR AMD-X86-64
    VIA Technologies Inc.,Ltd
    6.0.6000.6210
    c:\windows\system32\drivers\vsmraid.sys
    5e2016ea6ebaca03c04feac5f330d997 (MD5)
    658fb7caa4150ea4faf7ba811bbdccff3a5d1912 (SHA-1)
    53106eb877459fe55a459111f7ab0ee320bb3b4c954d3db6fa1642396001f2ac (SHA-256)

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
  LIDIL hpzlllhn
    hpzlllhn.dll
    LanguageMonitor
    Hewlett-Packard Company
    61.53.25.9
    c:\windows\system32\hpzlllhn.dll
    c835670705596ae67ee7e0ae92a12071 (MD5)
    aab84ffa56bb7f861d16d721b6e451f42eb85fdf (SHA-1)
    cec45f1315b320cd7d9db9307061bba21f6c23ec12002145318de1cb0e9ecf14 (SHA-256)

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
  rdpclip
    rdpclip
    File not found: rdpclip

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  cAudioFilterAgent
    C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    Conexant High Definition Audio Filter Agent
    Conexant Systems, Inc.
    1.7.4.0
    c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe
    d8ef04f75950915bdfa7587a22b24c29 (MD5)
    17a360a6d3d9fd57edb57f1d8697bf5e831633c2 (SHA-1)
    f91666bc69e1641e1f65b7135b0ce161fbb12467f3114f217a9724e6c629b105 (SHA-256)
  Apoint
    C:\Program Files\Apoint2K\Apoint.exe
    Alps Pointing-device Driver
    Alps Electric Co., Ltd.
    7.3.0.29
    c:\program files\apoint2k\apoint.exe
    83eb66a70a21ce8589507c878cdcd4e9 (MD5)
    0a3464cc3a294bc87b1ee18445711715aa22e848 (SHA-1)
    776a5b43db0b15d9ef7385463136e4bd3de51ef14190c4bfe5eaac7c87779287 (SHA-256)
  Acer ePower Management
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
    ePowerTray
    Acer Incorporated
    4.5.3002.0
    c:\program files\packard bell\packard bell power management\epowertray.exe
    0c4f4cffa3a613d175bb25728514c0c4 (MD5)
    d90f2084c1ca818eba2567594bba8d8c8abab86e (SHA-1)
    6ce71bf4cdd6f954aabdacd716a7716d28e737d328c88ae53c5501d8bd5191f6 (SHA-256)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
  BackupManagerTray
    "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
    Packard Bell MyBackup
    NewTech Infosystems, Inc.
    2.0.0.22
    c:\program files (x86)\newtech infosystems\packard bell mybackup\backupmanagertray.exe
    5aea1db5490429eeb0989a0ce2a52d5e (MD5)
    68943c08a0293bbe13bfacce20f4cc987419195c (SHA-1)
    e854757921398bfde6f2e1f4359cbdfceee36b645f435d4d039df73669e488bf (SHA-256)
  StartCCC
    "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    Catalyst® Control Center Launcher
    Advanced Micro Devices, Inc.
    1.0.0.1
    c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe
    cabf1df6108bde0ea1fdfaa67fa02760 (MD5)
    37eeacc6e5383798c2e26d486a674faaae83f965 (SHA-1)
    2ceb8e3c2a222c7542b5108de8280956a12496497fa65709e3830af8b8141dd5 (SHA-256)
  LManager
    C:\Program Files (x86)\Launch Manager\LManager.exe
    Launch Manager Keyboard Application
    Dritek System Inc.
    3.0.2.1150
    c:\program files (x86)\launch manager\lmanager.exe
    c7a9c4fdcea704a34a5997fe0a8a0a38 (MD5)
    b131ac77f0290f9762314bbdb192d30050d362a1 (SHA-1)
    3303348ace125e7bbbd74fe76596c3c7019f9b2c92538d6b7c1f03d91fed1564 (SHA-256)
  avast!
    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    avast! service GUI component
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashdisp.exe
    0a7e9fdf3bf1980ca09feeac7f52efbc (MD5)
    6af848df3be758fcfa50c02b846a324ac82dd25b (SHA-1)
    175d6b7533101c0e069fdf88617288246262aaf98e9a16dab304fa0dd0ab22fb (SHA-256)
  Adobe ARM
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Adobe Reader and Acrobat Manager
    Adobe Systems Incorporated
    1.0.5.0
    c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
    3103fe27c967675b019e880aa6da3d6d (MD5)
    79a198f891f7def459fe866679034ecf2f6f9347 (SHA-1)
    515e750acd28c3cfd8174b7f213e2aa741d8942fb68e57f701ebcbb92ec3f537 (SHA-256)
  SunJavaUpdateSched
    "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    Java(TM) Platform SE binary
    Sun Microsystems, Inc.
    6.0.170.4
    c:\program files (x86)\java\jre6\bin\jusched.exe
    3a0647bded81dbe0bcbb51d70b22c9e0 (MD5)
    f7390460fad962232af9cd1c0382f5ea053608ee (SHA-1)
    a151929ff68f3d51ede9599c0746bc3400f66f41639efe4c536fe055f94da041 (SHA-256)
  WinsysMon
    C:\Users\Michael\AppData\Roaming\setup.exe
     
    1.0.0.0
    c:\users\michael\appdata\roaming\setup.exe
    db50c6102e45622acaaa5f9d2196c1de (MD5)
    b62be33d0552af71f3b12cf62f83dec69a4eb190 (SHA-1)
    1c915f341e7a9ab521608c41f3e2adba3320014b22f92285dc577f95694c5e1b (SHA-256)

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  SUPERAntiSpyware
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    SUPERAntiSpyware Application
    SUPERAntiSpyware.com
    4.32.0.1000
    c:\program files (x86)\superantispyware\superantispyware.exe
    85f0744a53273f8e17599182e32d789f (MD5)
    bafa9c919b9ab08f5adc634b384be4ca78a20f47 (SHA-1)
    bc45349f0fd03c78edd53e747cfaa33f521b031ff5a55c3d4bb7e1e0afe34472 (SHA-256)
  PUT2VIDQLG
    C:\Users\Michael\AppData\Local\Temp\h.exe
    c:\users\michael\appdata\local\temp\h.exe
    cb36546ddb96be649b2a6e2e4fe18330 (MD5)
    d131b2015db6d1571537e6dbdaba3a2c2c470c48 (SHA-1)
    2905b3838559a3501744a54bf106a93658e3212118c3a02b38de96b92a409065 (SHA-256)
  MSWUpdate
    C:\Users\Michael\AppData\Roaming\lsass.exe
    GLipwa
    xJDVEbL
    2.41.0.81
    c:\users\michael\appdata\roaming\lsass.exe
    83354cab11097c04b88602418a6965af (MD5)
    c7c6aea30409cf6f0ec0ea8b5839dd0131e7b884 (SHA-1)
    77974a658f3f6c8d95f404e31176e025067e220365f317168ec3f2c6058f1810 (SHA-256)

Task Scheduler
  \{35DC3473-A719-4d14-B7C1-FD326CA84A0C}
    "C:\Windows\msb.exe"
    c:\windows\msb.exe
    8275d0897dafee7d78fa015da604c96c (MD5)
    43409c81e0367be6a0e111a9e1f53ed371c537d4 (SHA-1)
    626de7733b9230003e4679c43628315176092c8a6509d09e8b06ed405edba545 (SHA-256)
  \{66BA574B-1E11-49b8-909C-8CC9E0E8E015}
    "C:\Users\Michael\AppData\Local\Temp\h.exe"
    c:\users\michael\appdata\local\temp\h.exe
    cb36546ddb96be649b2a6e2e4fe18330 (MD5)
    d131b2015db6d1571537e6dbdaba3a2c2c470c48 (SHA-1)
    2905b3838559a3501744a54bf106a93658e3212118c3a02b38de96b92a409065 (SHA-256)
  \Apple\AppleSoftwareUpdate
    "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -task
    Apple Software Update
    Apple Inc.
    2.1.1.116
    c:\program files (x86)\apple software update\softwareupdate.exe
    7b43567b4c32ad7aded537cd3b1342b9 (MD5)
    8322f1c2c355d88432f1f03a1f231f63912186bd (SHA-1)
    050bbeb6b9aa404261b20989325c68433708367aaaed4e1dff3d24ae29a52d2a (SHA-256)
  \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
    HKCR\CLSID\{23E5D772-327A-42F5-BDEE-C65C6796BB2A}
  \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
    HKCR\CLSID\{177AFECE-9599-46CF-90D7-68EC9EEB27B4}
  \Microsoft\Windows\Media Center\PvrScheduleTask
    HKCR\CLSID\{CEF51277-5358-477B-858C-4E14F0C80BF7}
  \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
    HKCR\CLSID\{59116E30-02BD-4B84-BA1E-5D77E809B1A2}
  \Microsoft\Windows\NetTrace\GatherNetworkInfo
    "%windir%\system32\gatherNetworkInfo.vbs"
    c:\windows\system32\gathernetworkinfo.vbs
    2ae808cb0d9a667b0cf41ea74b3b9bac (MD5)
    628b6b4bf3cc7f77578cf3ccfcc587dbf9ec7e07 (SHA-1)
    a873a7d3b90c6f2d156e5026b72a5652d4893081cd188300141a95dc38cba56b (SHA-256)
  [DISABLED] \Microsoft\Windows\User Profile Service\HiveUploadTask
    HKCR\CLSID\{BA677074-762C-444B-94C8-8C83F93F6605}
  \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
    ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe""

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  Adobe PDF Link Helper
    HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    Adobe PDF Helper for Internet Explorer
    Adobe Systems Incorporated
    9.1.0.163
    c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
    5cf6190cd875da6b35256fee573e7908 (MD5)
    d3404c44712f5d6b9a069204e363c16775aa847c (SHA-1)
    23d6b0b642f1067a4f5c897014bca911b4c25832ea7d5ac6889854b2cd1f915f (SHA-256)
  Java(tm) Plug-In 2 SSV Helper
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Java(TM) Platform SE binary
    Sun Microsystems, Inc.
    6.0.170.4
    c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    c9ede29f223a27873e187d9fb6045ea6 (MD5)
    0706770d71783de79e0767a26acb77caa43e5534 (SHA-1)
    c630390430bd36f40ff4d2f318878d25e7f1064493d06a77d27a8a28e7a9b02c (SHA-256)

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  SABShellExecuteHook Class
    HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
    ShellExecuteHook
    SuperAdBlocker.com
    1.0.0.1012
    c:\program files (x86)\superantispyware\sasseh.dll
    ecd5517a6633826057d4f050927ddf56 (MD5)
    a42e761af5ab203be2507a36d32230a8d91ec327 (SHA-1)
    6e6599da9db33fb66af76f9252569ee02eff9f02078191735d09da64e661c9f7 (SHA-256)

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashsha64.dll
    69cb8f526500f99f702678135da27452 (MD5)
    09be1463c575d37249a0ce88405aac9ba316fb62 (SHA-1)
    39ec62818cc7101bcb3d5efe3bcdcf4d7963b88bf6b7331c6e9099323613d3ca (SHA-256)
  WinRAR
    HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
    c:\program files (x86)\winrar\rarext64.dll
    247ea5cbd57b9a05ca2a5234e7f238b4 (MD5)
    cd920848b4f38871a01ac937926e7b5036b1b142 (SHA-1)
    f0b63b663ace487290c5a3248a484f6cb748739ee2889448761b84e674b17768 (SHA-256)

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashshell.dll
    3aed3d57a27b07d017b53572ceb1a3ac (MD5)
    d07fae1eac7a9417c80bb4b329a3aab0e837e047 (SHA-1)
    d47a560fdbf66e8a1425428af54f415164bdbcdaf228f2b93545bb650a59f25d (SHA-256)
  WinRAR32
    HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    3.90.0.0
    c:\program files (x86)\winrar\rarext.dll
    a070b8c38ceb3a30cc18d1b7c433144c (MD5)
    7e818ba3bc4fd7aa20b289f54a124153b26ad33c (SHA-1)
    135134640cd5bccee8fe29d7b98ecd23bca1403c1d1c9196956e610462d33154 (SHA-256)
  SASContextMenu Class
    HKCR\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
    SUPERAntiSpyware Context Menu Extension
    SUPERAntiSpyware.com
    1.0.0.1004
    c:\program files (x86)\superantispyware\sasctxmn.dll
    d617404d119b1db10366692447d8a648 (MD5)
    d90dd40f7232fd4ef00e8f297825551d34a1960d (SHA-1)
    b5841af81ab07e1c1cccac9747b712fe7ba9df5bab6c5e6d4cb9716f49d6c85a (SHA-256)

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
  MBAMShlExt
    HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    Malwarebytes' Anti-Malware
    Malwarebytes Corporation
    1.3.0.0
    c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
    8560faa9ec3d3675a3fe041f809e994e (MD5)
    d50e23dcd20907f5f0c41816d097a9db23811f68 (SHA-1)
    0ee503b4a3d93aa3948ce30714321d520d3916465866b8258411c2e97088da8b (SHA-256)

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
  WinRAR
    HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
    c:\program files (x86)\winrar\rarext64.dll
    247ea5cbd57b9a05ca2a5234e7f238b4 (MD5)
    cd920848b4f38871a01ac937926e7b5036b1b142 (SHA-1)
    f0b63b663ace487290c5a3248a484f6cb748739ee2889448761b84e674b17768 (SHA-256)

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
  WinRAR32
    HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    3.90.0.0
    c:\program files (x86)\winrar\rarext.dll
    a070b8c38ceb3a30cc18d1b7c433144c (MD5)
    7e818ba3bc4fd7aa20b289f54a124153b26ad33c (SHA-1)
    135134640cd5bccee8fe29d7b98ecd23bca1403c1d1c9196956e610462d33154 (SHA-256)
  SASContextMenu Class
    HKCR\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
    SUPERAntiSpyware Context Menu Extension
    SUPERAntiSpyware.com
    1.0.0.1004
    c:\program files (x86)\superantispyware\sasctxmn.dll
    d617404d119b1db10366692447d8a648 (MD5)
    d90dd40f7232fd4ef00e8f297825551d34a1960d (SHA-1)
    b5841af81ab07e1c1cccac9747b712fe7ba9df5bab6c5e6d4cb9716f49d6c85a (SHA-256)

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
  WinRAR
    HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
    c:\program files (x86)\winrar\rarext64.dll
    247ea5cbd57b9a05ca2a5234e7f238b4 (MD5)
    cd920848b4f38871a01ac937926e7b5036b1b142 (SHA-1)
    f0b63b663ace487290c5a3248a484f6cb748739ee2889448761b84e674b17768 (SHA-256)

HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers
  WinRAR32
    HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    3.90.0.0
    c:\program files (x86)\winrar\rarext.dll
    a070b8c38ceb3a30cc18d1b7c433144c (MD5)
    7e818ba3bc4fd7aa20b289f54a124153b26ad33c (SHA-1)
    135134640cd5bccee8fe29d7b98ecd23bca1403c1d1c9196956e610462d33154 (SHA-256)

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
  PDF Shell Extension
    HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
    PDF Shell Extension
    Adobe Systems, Inc.
    9.1.0.163
    c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
    481b9ccfe45a50085e8254c921c0ac30 (MD5)
    e2da85bf626f011c3230092734f776a4305317a8 (SHA-1)
    652cad510b7092d826755f81fd784801bc9e1995e9bd99240d1be834cc77ed08 (SHA-256)

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashsha64.dll
    69cb8f526500f99f702678135da27452 (MD5)
    09be1463c575d37249a0ce88405aac9ba316fb62 (SHA-1)
    39ec62818cc7101bcb3d5efe3bcdcf4d7963b88bf6b7331c6e9099323613d3ca (SHA-256)
  MBAMShlExt
    HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    Malwarebytes' Anti-Malware
    Malwarebytes Corporation
    1.3.0.0
    c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
    8560faa9ec3d3675a3fe041f809e994e (MD5)
    d50e23dcd20907f5f0c41816d097a9db23811f68 (SHA-1)
    0ee503b4a3d93aa3948ce30714321d520d3916465866b8258411c2e97088da8b (SHA-256)
  WinRAR
    HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
    c:\program files (x86)\winrar\rarext64.dll
    247ea5cbd57b9a05ca2a5234e7f238b4 (MD5)
    cd920848b4f38871a01ac937926e7b5036b1b142 (SHA-1)
    f0b63b663ace487290c5a3248a484f6cb748739ee2889448761b84e674b17768 (SHA-256)

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashshell.dll
    3aed3d57a27b07d017b53572ceb1a3ac (MD5)
    d07fae1eac7a9417c80bb4b329a3aab0e837e047 (SHA-1)
    d47a560fdbf66e8a1425428af54f415164bdbcdaf228f2b93545bb650a59f25d (SHA-256)
  WinRAR32
    HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    3.90.0.0
    c:\program files (x86)\winrar\rarext.dll
    a070b8c38ceb3a30cc18d1b7c433144c (MD5)
    7e818ba3bc4fd7aa20b289f54a124153b26ad33c (SHA-1)
    135134640cd5bccee8fe29d7b98ecd23bca1403c1d1c9196956e610462d33154 (SHA-256)

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
  ACE
    HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
    AMD Desktop Control Panel
    Advanced Micro Devices, Inc.
    6.14.10.2001
    c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll
    d679ddae6121bafc28237b6e7be43ffb (MD5)
    73bc4fceb9d835445e38c12ed8ac0c6f1e874c26 (SHA-1)
    e5e336abd583a6c71c14400e2c1d0021e27fb3d5565c67ae23fdf1c60846186f (SHA-256)

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
  Display CPL Extension
    HKCR\CLSID\{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}
    AMD Desktop Control Panel
    Advanced Micro Devices, Inc.
    6.14.10.2001
    c:\program files (x86)\ati technologies\ati.ace\core-static\atiama64.dll
    50862adb65cd56eec6fcb0ed79ad0698 (MD5)
    058ea19b52086cab7ff647adc22f2bd0bbca9115 (SHA-1)
    a7c730dafd6989e41f6fdac07d7fbe89dbee1e54013980fe10325805a66690b1 (SHA-256)
  Catalyst Context Menu extension
    HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
    AMD Desktop Control Panel
    Advanced Micro Devices, Inc.
    6.14.10.2001
    c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll
    d679ddae6121bafc28237b6e7be43ffb (MD5)
    73bc4fceb9d835445e38c12ed8ac0c6f1e874c26 (SHA-1)
    e5e336abd583a6c71c14400e2c1d0021e27fb3d5565c67ae23fdf1c60846186f (SHA-256)
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashsha64.dll
    69cb8f526500f99f702678135da27452 (MD5)
    09be1463c575d37249a0ce88405aac9ba316fb62 (SHA-1)
    39ec62818cc7101bcb3d5efe3bcdcf4d7963b88bf6b7331c6e9099323613d3ca (SHA-256)

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
  avast
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
    avast! Shell Extension
    ALWIL Software
    4.8.1367.0
    c:\program files\alwil software\avast4\ashshell.dll
    3aed3d57a27b07d017b53572ceb1a3ac (MD5)
    d07fae1eac7a9417c80bb4b329a3aab0e837e047 (SHA-1)
    d47a560fdbf66e8a1425428af54f415164bdbcdaf228f2b93545bb650a59f25d (SHA-256)
  WinRAR shell extension
    HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    3.90.0.0
    c:\program files (x86)\winrar\rarext.dll
    a070b8c38ceb3a30cc18d1b7c433144c (MD5)
    7e818ba3bc4fd7aa20b289f54a124153b26ad33c (SHA-1)
    135134640cd5bccee8fe29d7b98ecd23bca1403c1d1c9196956e610462d33154 (SHA-256)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
  msacm.l3acm
    C:\Windows\System32\l3codeca.acm
    MPEG Layer-3 Audio Codec for MSACM
    Fraunhofer Institut Integrierte Schaltungen IIS
    1.9.0.401
    c:\windows\system32\l3codeca.acm
    5046e55184021406c27e8d48a1b2c9d2 (MD5)
    d0a7f57063383953af49de2020c8d3dfac215a41 (SHA-1)
    da592e05f2ba21a540b409fd2156a5bdf253eb3b50b30eedcae325dd026993d7 (SHA-256)

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
  msacm.l3acm
    C:\Windows\SysWOW64\l3codeca.acm
    MPEG Layer-3 Audio Codec for MSACM
    Fraunhofer Institut Integrierte Schaltungen IIS
    1.9.0.401
    c:\windows\syswow64\l3codeca.acm
    1c7f1c3ea5894995e6c563e9ae9f029f (MD5)
    8f85e3dda2dc8afb790df6f5805fcd8ea488a31e (SHA-1)
    992f3206d4aad0e22ec361c1dadf8a771ca5f2e6f0b999b43f56ece8c412d414 (SHA-256)
  vidc.cvid
    iccvid.dll
    Cinepak® Codec
    Radius Inc.
    1.10.0.12
    c:\windows\syswow64\iccvid.dll
    ffc7eee106e6d7ba87df82ed58518f6c (MD5)
    fc280afae00fabdca6e6313eae0d9b09181d59cb (SHA-1)
    b20a7246941dc5191e3d2d70dffe53bee8714a9fe375db8a5805dffaf1924fcc (SHA-256)

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
  ffdshow Video Decoder
    HKCR\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}
    DirectShow and VFW video and audio decoding/encoding/processing filter
    1.0.7.3135
    c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax
    2b7513da802d175e910f9c9841547fe5 (MD5)
    5bf4e5e331ef5d92d1d2da3a9cccce6de6c5b1ef (SHA-1)
    c7a5e8329e7b9af0a45189b11423b674b9d433ff59bd08973f1c053b104503ea (SHA-256)
  ffdshow raw video filter
    HKCR\CLSID\{0B390488-D80F-4A68-8408-48DC199F0E97}
    DirectShow and VFW video and audio decoding/encoding/processing filter
    1.0.7.3135
    c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax
    2b7513da802d175e910f9c9841547fe5 (MD5)
    5bf4e5e331ef5d92d1d2da3a9cccce6de6c5b1ef (SHA-1)
    c7a5e8329e7b9af0a45189b11423b674b9d433ff59bd08973f1c053b104503ea (SHA-256)
  ffdshow Audio Decoder
    HKCR\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}
    DirectShow and VFW video and audio decoding/encoding/processing filter
    1.0.7.3135
    c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax
    2b7513da802d175e910f9c9841547fe5 (MD5)
    5bf4e5e331ef5d92d1d2da3a9cccce6de6c5b1ef (SHA-1)
    c7a5e8329e7b9af0a45189b11423b674b9d433ff59bd08973f1c053b104503ea (SHA-256)
  Track2Filter
    HKCR\CLSID\{1CE6B82A-6CDD-491F-A105-9A35835B6F62}
    c:\program files (x86)\adobe\photoshop elements 7.0\track2filter.dll
    7becf89924622b30298771ec7946049d (MD5)
    8a28d840ba08c48bdc09b416f67e739acddc3960 (SHA-1)
    ded69aca975eb65f6c2110f0ff4e5cecb713039be4aabc96696bf1f0925ac265 (SHA-256)
  CyberLink Digest Filter (PDVD8)
    HKCR\CLSID\{29FDE071-0136-47A2-B248-5FE32B7FC584}
    DigestFilter Dynamic Link Library
    CyberLink
    1.0.0.2112
    c:\program files (x86)\cyberlink\powerdvd8\digestfilter.dll
    3b338c59ff391156abb3c225ed8bdb72 (MD5)
    e9c8dfff1cfaebce86da9700c034eb14f81ee51d (SHA-1)
    0b9739d4dfb0e5a6f7a3927321e0981461c8d39e7049531fa396a6f06560a73e (SHA-256)
  CyberLink HD/BD Mixer (PDVD8.0)
    HKCR\CLSID\{2D3B9446-DB6C-47E1-AA44-C5C9C76ED3A3}
    CLHBMixer
     
    2.0.0.1720
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\clhbmixer.ax
    891c2a3e14eeb11324a087c2d77e54ec (MD5)
    41bf61f7e70799f4d3a9e14accc32cb585f3485f (SHA-1)
    9b9bfec67054a15cce41f6be1a1e669ddc19328577203941b07b0ab553507292 (SHA-256)
  CyberLink TimeStretch Filter (PDVD8)
    HKCR\CLSID\{3232D23B-9891-4E3F-965E-A9A80EF93F4F}
    CLAuTS.ax
    CyberLink Corp.
    1.0.0.5423
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\clauts.ax
    e5b319ae4e403c88d98aa627242f48b2 (MD5)
    39f0e7e11caddcc1997a72cc0cac9c4d4c4a084e (SHA-1)
    636fecf98185d8f7133bf70b8f3dd579e7bcc6ece6cc364d0781d69b8d96197a (SHA-256)
  CyberLink Demux (PDVD8)
    HKCR\CLSID\{33F6948B-CFBA-4020-99F5-7071E833FD87}
    MPEG-2 Dempltiplexer
    CyberLink Corp.
    1.0.0.7830
    c:\program files (x86)\cyberlink\powerdvd8\navfilter\cldemuxer.ax
    01ae7e69fa701baa1c43c9292e596efc (MD5)
    52c11ec115dfba3b76f60a0e4fcbdb65c505f9d4 (SHA-1)
    715e0c8d107ec474ec38882467b604c0607583ecf3de74b32d96971ff9d525c7 (SHA-256)
  CyberLink Video/SP Decoder (PDVD8)
    HKCR\CLSID\{37991D68-42A3-40E3-8C05-037170E1A42A}
    CyberLink Video/SP Filter
    CyberLink Corp.
    8.4.0.615
    c:\program files (x86)\cyberlink\powerdvd8\videofilter\clvsd.ax
    49748d4478f3a4fca954d567565425f0 (MD5)
    3de93e857bd673290a43c68ea31d2aea7f94bb74 (SHA-1)
    e4b5ed678aa7a713ab67eff7ef217aec6619e42b38263508bd1afffda7a8b3dd (SHA-256)
  MPC - MP4 Source
    HKCR\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    MP4 Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax
    942ab07127fc6a8655e23b781fdefd3e (MD5)
    abd43fe6646d7e8ac8e3ae34eac8eb11cc19f9ca (SHA-1)
    9e8927ad64e2b548c77ef1ea2d52a9a134839337ab83109816a458976eb0f9c5 (SHA-256)
  MPC - FLV Splitter (Gabest)
    HKCR\CLSID\{47E792CF-0BBE-4F7A-859C-194B0768650A}
    FLV Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax
    656274576ad56c994120ed758c76fab0 (MD5)
    f10b6de0da9f07309217a137dfa4dfce725c50d2 (SHA-1)
    ae7394f76c7c5bbdd2387e84bf3b225d5b60c605125511c27176e731a37d873c (SHA-256)
  CyberLink DVD Navigator (PDVD8)
    HKCR\CLSID\{4952BAA4-3EC4-4A58-B7C7-4C812B172A30}
    CyberLink DVD Navigation Filter
    CyberLink Corp.
    8.0.4.3206
    c:\program files (x86)\cyberlink\powerdvd8\navfilter\clnavx.ax
    30b4b4ebdb270d8522d9d26ae30ae0d2 (MD5)
    33f0ca8b472d92010a7c9b8879e18027e879a7d4 (SHA-1)
    a8a322767d6c32782538c289224eb315c0daa0aa3e78e47e4d2e61c25c72883d (SHA-256)
  Cyberlink SubTitle Importor (PDVD8)
    HKCR\CLSID\{4FBA51ED-8973-4456-8D98-89345DD4BCA8}
    CLSubTitle.ax
    CyberLink Corp.
    1.0.0.6016
    c:\program files (x86)\cyberlink\powerdvd8\videofilter\clsubtitle.ax
    381173a036997691834963793b2f82dd (MD5)
    e6382e9b910c42cf81702c1f9c1863e8e9d100f7 (SHA-1)
    19c5f94bb14001a16448fe83e0019216c913ca3c5d5b2cee488f51d30a7f913b (SHA-256)
  Haali Media Splitter
    HKCR\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}
    Haali Media Splitter
    1.9.42.1
    c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax
    674fb3d19ec45abdb40f03659c781f7c (MD5)
    9a9e00cb31673f2d7363136df11e89836ca042a3 (SHA-1)
    b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3 (SHA-256)
  Haali Media Splitter (AR)
    HKCR\CLSID\{564FD788-86C9-4444-971E-CC4A243DA150}
    Haali Media Splitter
    1.9.42.1
    c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax
    674fb3d19ec45abdb40f03659c781f7c (MD5)
    9a9e00cb31673f2d7363136df11e89836ca042a3 (SHA-1)
    b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3 (SHA-256)
  MPC - MP4 Splitter
    HKCR\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    MP4 Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax
    942ab07127fc6a8655e23b781fdefd3e (MD5)
    abd43fe6646d7e8ac8e3ae34eac8eb11cc19f9ca (SHA-1)
    9e8927ad64e2b548c77ef1ea2d52a9a134839337ab83109816a458976eb0f9c5 (SHA-256)
  CyberLink MPEG-4 Splitter (PDVD8)
    HKCR\CLSID\{676A7058-2E4B-40C2-873B-086D9D4F3C11}
    CyberLink MPEG-4 Splitter
    CyberLink Corp.
    1.1.0.1817
    c:\program files (x86)\cyberlink\powerdvd8\navfilter\clm4splt.ax
    7341a31203c17dd0534d9f93f07ba3a7 (MD5)
    012f93b2270af56e844d68669ffff733dc806dae (SHA-1)
    3fbab971b586dc095f207d7e13e37dc03426fd3feaaa863c840d96ce3ed0bba0 (SHA-256)
  CyberLink Audio Wizard
    HKCR\CLSID\{6B842B1E-840D-49A4-BA45-E993AC9B8447}
    CyberLink Audio Wizard Filter
    CyberLink Corp.
    1.0.0.3616
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudwizard.ax
    81620193aa76187eb5d27c0ff9a724bc (MD5)
    381c50b8a58eeb4b23999a0b46285d738ad232c9 (SHA-1)
    77516fa7371af097d6b351937d745044731c53596408521be110f782ca4397b6 (SHA-256)
  Haali Video Renderer
    HKCR\CLSID\{760A8F35-97E7-479D-AAF5-DA9EFF95D751}
    c:\program files (x86)\k-lite codec pack\filters\haali\dxr.dll
    656a5c612e0f259cf0b06b67465646cd (MD5)
    7338fba1ed3dd90c7d71353778acaa27a236478f (SHA-1)
    d222614600ff0467c8fe339df3538539dc98d248e6c96721017ce9f55337c710 (SHA-256)
  Haali Simple Media Splitter
    HKCR\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}
    Haali Media Splitter
    1.9.42.1
    c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax
    674fb3d19ec45abdb40f03659c781f7c (MD5)
    9a9e00cb31673f2d7363136df11e89836ca042a3 (SHA-1)
    b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3 (SHA-256)
  CyberLink Audio Decoder (PDVD8)
    HKCR\CLSID\{93509808-E912-46EF-BB97-0BFFE8655E60}
    CyberLink Audio Decoder Filter
    CyberLink Corp.
    6.3.0.1908
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claud.ax
    b322577554647bae129b381840b80049 (MD5)
    cde40ba63ab2ea6390be81aab149655b61ae1bc8 (SHA-1)
    98843319089e0a8f37cb92dc6a6d6baac46e08df7099c3a8e0ecf459a85a6ef6 (SHA-256)
  DirectVobSub
    HKCR\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}
    VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
    Gabest
    2.39.5.3
    c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll
    759f4fd42d4ef27b82ad706f9de9b1a1 (MD5)
    cade92d4be43906dc3e291ed73b0d80941cf4503 (SHA-1)
    dd3a361ed91ebcc32340d57672c1e87b6c078db18739f980ca1f1db84c3fd02a (SHA-256)
  DirectVobSub (auto-loading version)
    HKCR\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
    VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
    Gabest
    2.39.5.3
    c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll
    759f4fd42d4ef27b82ad706f9de9b1a1 (MD5)
    cade92d4be43906dc3e291ed73b0d80941cf4503 (SHA-1)
    dd3a361ed91ebcc32340d57672c1e87b6c078db18739f980ca1f1db84c3fd02a (SHA-256)
  Haali Matroska Muxer
    HKCR\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}
    Haali Media Splitter
    1.9.42.1
    c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax
    674fb3d19ec45abdb40f03659c781f7c (MD5)
    9a9e00cb31673f2d7363136df11e89836ca042a3 (SHA-1)
    b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3 (SHA-256)
  CyberLink AudioCD Filter (PDVD8)
    HKCR\CLSID\{AD243728-5916-4332-98E9-06C0182F3784}
    CyberLink AudioCD Filter
    CyberLink Corp.
    5.0.0.5316
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudiocd.ax
    5bcc589971d576bf1041ea3fb8bb65f1 (MD5)
    e2a4b0f09f3b7266717c0abf4786df462bb7337b (SHA-1)
    66be473b00c217473c640c402074b0feb50029e82005f33abbc2b3c34680ae77 (SHA-256)
  ffdshow Audio Processor
    HKCR\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}
    DirectShow and VFW video and audio decoding/encoding/processing filter
    1.0.7.3135
    c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax
    2b7513da802d175e910f9c9841547fe5 (MD5)
    5bf4e5e331ef5d92d1d2da3a9cccce6de6c5b1ef (SHA-1)
    c7a5e8329e7b9af0a45189b11423b674b9d433ff59bd08973f1c053b104503ea (SHA-256)
  MPC - FLV Source (Gabest)
    HKCR\CLSID\{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}
    FLV Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax
    656274576ad56c994120ed758c76fab0 (MD5)
    f10b6de0da9f07309217a137dfa4dfce725c50d2 (SHA-1)
    ae7394f76c7c5bbdd2387e84bf3b225d5b60c605125511c27176e731a37d873c (SHA-256)
  CyberLink Tzan Filter (PDVD8)
    HKCR\CLSID\{C9F39C23-DF36-480B-B1EC-470E3A2C35A3}
    Cyberlink Tzan Filter
    CyberLink Corp.
    3.5.0.1901
    c:\program files (x86)\cyberlink\powerdvd8\videofilter\cltzan.ax
    4ada1998bce7b682b0d685a6406e295b (MD5)
    8fe84d6a8c6835af0be472b0a3f0d6a1ecfbb055 (SHA-1)
    991501a8022bc969df8a19e8914da76bc4ab7bfdefe965eab268a7d4ff2a9570 (SHA-256)
  MPC - MPEG4 Video Splitter
    HKCR\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}
    MP4 Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax
    942ab07127fc6a8655e23b781fdefd3e (MD5)
    abd43fe6646d7e8ac8e3ae34eac8eb11cc19f9ca (SHA-1)
    9e8927ad64e2b548c77ef1ea2d52a9a134839337ab83109816a458976eb0f9c5 (SHA-256)
  CyberLink Line21 Decoder (PDVD8)
    HKCR\CLSID\{D8F1A349-80EF-4C46-B14F-78303FCD9670}
    CyberLink Line21 Decoder Filter
    CyberLink Corp.
    4.0.0.9818
    c:\program files (x86)\cyberlink\powerdvd8\videofilter\clline21.ax
    6cda202214af57d600b15936b0d72d67 (MD5)
    844186c00ef8c47e7e1b7e60db0e1c23928f7c97 (SHA-1)
    648961b600eb1e0db6f1cf6592e96b4435fc2eb3e486fc98b0570db9deded4fb (SHA-256)
  ffdshow subtitles filter
    HKCR\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}
    DirectShow and VFW video and audio decoding/encoding/processing filter
    1.0.7.3135
    c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax
    2b7513da802d175e910f9c9841547fe5 (MD5)
    5bf4e5e331ef5d92d1d2da3a9cccce6de6c5b1ef (SHA-1)
    c7a5e8329e7b9af0a45189b11423b674b9d433ff59bd08973f1c053b104503ea (SHA-256)
  CyberLink Audio Effect (PDVD8)
    HKCR\CLSID\{DDCA2596-0640-4C38-895D-2A810A9B8EC1}
    CyberLink Audio Effect Filter
    CyberLink Corporation
    6.0.0.6525
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudfx.ax
    4f69ca3a33770ad0ce8ad04d0685c062 (MD5)
    f6e11813d27d05ae02811823d3f058d2ee68674e (SHA-1)
    cff4eaef70943702d4df2d98537af3de6d5cab117f9968ae1b08c2120c10dbd9 (SHA-256)
  MPC - MPEG4 Video Source
    HKCR\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    MP4 Splitter
    Gabest
    1.3.1405.0
    c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax
    942ab07127fc6a8655e23b781fdefd3e (MD5)
    abd43fe6646d7e8ac8e3ae34eac8eb11cc19f9ca (SHA-1)
    9e8927ad64e2b548c77ef1ea2d52a9a134839337ab83109816a458976eb0f9c5 (SHA-256)
  Haali Video Sink
    HKCR\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC}
    Haali Media Splitter
    1.9.42.1
    c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax
    674fb3d19ec45abdb40f03659c781f7c (MD5)
    9a9e00cb31673f2d7363136df11e89836ca042a3 (SHA-1)
    b7ab7be5ea978617f2f6b5019092256a1bccd1d74d1e888a0207892c89b464d3 (SHA-256)
  Track1Filter
    HKCR\CLSID\{F2F27689-0611-46FA-A5FC-5C20FE938D3A}
    c:\program files (x86)\adobe\photoshop elements 7.0\track1filter.dll
    3c84b171b6f6da6338bf943902c65bb2 (MD5)
    48182232f75b4ed60ccd2be5d90cbbf9f18659f9 (SHA-1)
    5890d6d88a8cda3fb42332794a890c556da815ed9c154f66e08abcd50457019a (SHA-256)
  CyberLink Audio Spectrum Analyzer (PDVD8)
    HKCR\CLSID\{F5E1683C-35E0-4BE9-B870-96CDBF361AC8}
    CLAudSpa.ax
    CyberLink Corp.
    1.0.0.924
    c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudspa.ax
    2ef2d8ce4ca81661fcae7583ab3dbeb6 (MD5)
    5194ed630457bd0e4461761ec125d55646ff0e26 (SHA-1)
    03af2a9ab093324793011a8137027a9bdc03f4897b6b75b8ad5e74fc0ad2e459 (SHA-256)
Avatar billede f-arn Guru
04. januar 2010 - 22:25 #26
Fint, det var det jeg ville ha'. Jeg ser på det i morgen, når jeg er mere frisk.
Avatar billede spider006 Nybegynder
05. januar 2010 - 19:40 #27
nu er c:\users\michael\appdata\local\temp\c.exe kommet igen, jeg smed den en tur igennem http://virusscan.jotti.org/
og her er resultatet ( ved ikke om du kan bruge det nu.)
sig til hvis du også giver op.

[ArcaVir]    
2010-01-05 Found nothing
    [F-Secure Anti-Virus]    
2010-01-05 Trojan.Win32.FraudPack.ajqb
[A-Squared]    
2010-01-05 Found nothing
    [G DATA]    
2010-01-05 Found nothing
[Avast! antivirus]    
2010-01-05 Found nothing
    [Ikarus]    
2010-01-05 Trojan.Win32.FakeAV
[Grisoft AVG Anti-Virus]    
2010-01-05 Downloader.Agent2.QCJ
    [Kaspersky Anti-Virus]    
2010-01-05 Trojan.Win32.FraudPack.ajqb
[Avira AntiVir]    
2010-01-05 TR/Refpron.I
    [ESET NOD32]    
2010-01-05 Win32/Kryptik.BKE
[Softwin BitDefender]    
2010-01-05 Found nothing
    [Panda Antivirus]    
2010-01-05 Found nothing
[ClamAV]    
2010-01-05 Found nothing
    [Quick Heal]    
2010-01-05 Win32.Packed.Krap.ag.4
[CPsecure]    
2010-01-05 Found nothing
    [Sophos]    
2010-01-05 Mal/Krap-H
[Dr.Web]    
2010-01-05 Trojan.MulDrop.56460
    [VirusBlokAda VBA32]    
2010-01-04 Found nothing
[Frisk F-Prot Antivirus]    
2010-01-05 Found nothing
    [VirusBuster]    
2010-01-05 Found nothing
Avatar billede spider006 Nybegynder
03. september 2010 - 14:27 #28
lukker den
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester