Footy Skrevet 21. august 2011 Del Skrevet 21. august 2011 Sliter med at alle internettsider redircter meg til reklamepiss... Antivirus finner ingenting så nå satser vi på at dette hjelper. Noen som kunne vært en engel å se over kjapt? Malwarebytes Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversjon: 7525 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 21.08.2011 10:55:00 mbam-log-2011-08-21 (10-55-00).txt Skanntype: Hurtigsøk Objekter skannet: 182698 Tid tilbakelagt: 9 minutt(er), 33 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Combofix ComboFix 11-08-21.01 - Anne 21.08.2011 11:46:53.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2045.1304 [GMT 2:00] Kjører fra: c:\users\Anne\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag on the Web.url c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk c:\windows\system32\no c:\windows\system32\no\AuthFWSnapIn.Resources.dll c:\windows\system32\no\AuthFWWizFwk.Resources.dll c:\windows\system32\no\Narrator.resources.dll . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-07-21 til 2011-08-21 ))))))))))))))))))))))))))))))))) . . 2011-08-21 09:58 . 2011-08-21 09:58 -------- d-----w- c:\users\Anne\AppData\Local\temp 2011-08-21 09:58 . 2011-08-21 09:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-08-21 09:58 . 2011-08-21 09:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-08-21 09:58 . 2011-08-21 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-02 15:33 . 2011-05-25 19:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 17:52 . 2011-07-19 09:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-07-19 09:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-18 05:47 . 2011-04-30 21:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] "Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2008-12-04 114688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-07 293992] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2271840558-4011763898-2198543459-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-23 715248] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://paflikkq.info mStart Page = hxxp://paflikkq.info uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Trusted Zone: skandiabanken.no\secure Trusted Zone: skandiabanken.no\www FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no/ . - - - - TOMME PEKERE FJERNET - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-21 11:58 Windows 6.0.6002 Service Pack 2 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2011-08-21 12:04:14 ComboFix-quarantined-files.txt 2011-08-21 10:04 ComboFix2.txt 2011-01-09 17:06 . Pre-Run: 7 303 962 624 byte ledig Post-Run: 7 063 556 096 byte ledig . - - End Of File - - 7C0D41EE4FEFD2D80CCE30478045F1AD Lenke til kommentar
Dr.Geek Skrevet 21. august 2011 Del Skrevet 21. august 2011 (endret) Sliter med at alle internettsider redircter meg til reklamepiss... Antivirus finner ingenting så nå satser vi på at dette hjelper. Noen som kunne vært en engel å se over kjapt? Hai! Dette kan skyldes en MBR- infeksjon eller såkalte TDSS Rootkits. En Mbr infeksjon vil være vanskelig å oppdage av vanlige AV-Software. Scan med disse programene og post alle logene: > http://support.kaspersky.com/faq/?qid=208280684 > http://www.surfright.nl/en/hitmanpro Og: Har du valgt denne siden som internet startsiden og søkemotor?: uStart Page = hxxp://paflikkq.infomStart Page = hxxp://paflikkq.info Endret 21. august 2011 av TheGenius Lenke til kommentar
Footy Skrevet 21. august 2011 Forfatter Del Skrevet 21. august 2011 Hitman - <Log computer="ANNE-PC" scan="Normal" version="3.5.9.129" date="2011-08-21T15:17:00" timeSpentInSecs="343" filesProcessed="16060"> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ad.tek.no" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ad.yieldmanager.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ad.zanox.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:adbrite.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ads.as4x.tmcs.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ads.networldmedia.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ads.vg.no" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:adserver.adtechus.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:adtech.de" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:advertising.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:adviva.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:anrtx.tacoda.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:apmebf.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ar.atwola.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:at.atwola.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:atdmt.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:avgtechnologies.112.2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:bs.serving-sys.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:casalemedia.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:collective-media.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:content.yieldmanager.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:dmtracker.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:doubleclick.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:eas8.emediate.eu" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:fastclick.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:int.sitestat.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:interclick.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:invitemedia.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:kaspersky.122.2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:mediaplex.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:mtvn.112.2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:partsearch.122.2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:questionmarket.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:revsci.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:ru4.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:server.cpmstar.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:serving-sys.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:skandia.112.2o7.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:specificclick.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:stat.dealtime.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:statcounter.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:tacoda.at.atwola.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:tacoda.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:track.adform.net" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:tradedoubler.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:trafficmp.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:tribalfusion.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:www.googleadservices.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:www4.smartadserver.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:xiti.com" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\cookies.sqlite:zedo.com" /> </Item> - <Item type="Malware" malwareName="Trojan" score="114.0" status="Deleted"> - <Scanners> <Scanner id="G Data" name="Trojan.Generic.4949448, Trojan.Generic.1404348, Trojan.Generic.2467268, Application.Keylogger.Ardamax.Gen (2x) (Engine-A)" /> <Scanner id="Prevx" name="High Risk Cloaked Malware" /> <Scanner id="DrWeb" name="Infected" /> </Scanners> <File path="E:\Diablo II\Ardamax.Keylogger.3.0.SILENT.Cracked-ONY\ony-ak30s\ony-ak30s\silent_akl.exe" hash="69593AD7CF2BC0FC3B384309F4E4E32FB81432F6FDFFDDA5C19B8469EFB43B47" /> - <References> <Key path="HKU\S-1-5-21-2271840558-4011763898-2198543459-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\E:\Diablo II\Ardamax.Keylogger.3.0.SILENT.Cracked-ONY\ony-ak30s\ony-ak30s\silent_akl.exe" /> </References> </Item> </Log> TDSSKiller 2011/08/21 15:10:28.0871 5092 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17 2011/08/21 15:10:29.0770 5092 ================================================================================ 2011/08/21 15:10:29.0770 5092 SystemInfo: 2011/08/21 15:10:29.0770 5092 2011/08/21 15:10:29.0770 5092 OS Version: 6.0.6002 ServicePack: 2.0 2011/08/21 15:10:29.0771 5092 Product type: Workstation 2011/08/21 15:10:29.0771 5092 ComputerName: ANNE-PC 2011/08/21 15:10:29.0772 5092 UserName: Anne 2011/08/21 15:10:29.0772 5092 Windows directory: C:\Windows 2011/08/21 15:10:29.0772 5092 System windows directory: C:\Windows 2011/08/21 15:10:29.0772 5092 Processor architecture: Intel x86 2011/08/21 15:10:29.0772 5092 Number of processors: 2 2011/08/21 15:10:29.0772 5092 Page size: 0x1000 2011/08/21 15:10:29.0772 5092 Boot type: Normal boot 2011/08/21 15:10:29.0772 5092 ================================================================================ 2011/08/21 15:10:33.0543 5092 Initialize success 2011/08/21 15:10:39.0597 4840 ================================================================================ 2011/08/21 15:10:39.0597 4840 Scan started 2011/08/21 15:10:39.0597 4840 Mode: Manual; 2011/08/21 15:10:39.0597 4840 ================================================================================ 2011/08/21 15:10:41.0400 4840 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/08/21 15:10:41.0864 4840 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/08/21 15:10:42.0367 4840 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/08/21 15:10:42.0627 4840 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/08/21 15:10:42.0968 4840 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/08/21 15:10:43.0381 4840 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/08/21 15:10:43.0970 4840 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/08/21 15:10:44.0345 4840 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/08/21 15:10:44.0952 4840 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 2011/08/21 15:10:45.0287 4840 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/08/21 15:10:45.0532 4840 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 2011/08/21 15:10:45.0849 4840 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/08/21 15:10:46.0097 4840 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/08/21 15:10:46.0567 4840 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/08/21 15:10:46.0977 4840 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/08/21 15:10:47.0348 4840 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/21 15:10:47.0643 4840 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/08/21 15:10:48.0028 4840 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 2011/08/21 15:10:48.0414 4840 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 2011/08/21 15:10:48.0645 4840 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 2011/08/21 15:10:48.0943 4840 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 2011/08/21 15:10:49.0390 4840 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys 2011/08/21 15:10:49.0739 4840 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 2011/08/21 15:10:50.0710 4840 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys 2011/08/21 15:10:51.0258 4840 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 2011/08/21 15:10:51.0755 4840 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/08/21 15:10:52.0504 4840 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/08/21 15:10:53.0235 4840 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/21 15:10:53.0556 4840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/08/21 15:10:53.0876 4840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/08/21 15:10:54.0303 4840 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/08/21 15:10:54.0612 4840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/08/21 15:10:54.0944 4840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/08/21 15:10:55.0374 4840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/08/21 15:10:55.0776 4840 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/08/21 15:10:56.0135 4840 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/21 15:10:56.0387 4840 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/08/21 15:10:56.0674 4840 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/08/21 15:10:57.0202 4840 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/08/21 15:10:57.0630 4840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/21 15:10:57.0916 4840 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/21 15:10:58.0321 4840 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/08/21 15:10:58.0653 4840 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/08/21 15:10:59.0035 4840 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/21 15:10:59.0378 4840 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 2011/08/21 15:11:00.0156 4840 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/21 15:11:00.0805 4840 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/08/21 15:11:01.0193 4840 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/08/21 15:11:01.0743 4840 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/08/21 15:11:02.0126 4840 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/08/21 15:11:02.0628 4840 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/08/21 15:11:02.0974 4840 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/08/21 15:11:03.0253 4840 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/08/21 15:11:03.0634 4840 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/08/21 15:11:04.0152 4840 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/21 15:11:04.0659 4840 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/08/21 15:11:04.0940 4840 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/08/21 15:11:05.0388 4840 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/08/21 15:11:05.0920 4840 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/08/21 15:11:06.0268 4840 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/08/21 15:11:06.0610 4840 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/21 15:11:06.0933 4840 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/08/21 15:11:07.0274 4840 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/08/21 15:11:07.0548 4840 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/21 15:11:07.0992 4840 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/08/21 15:11:08.0350 4840 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/21 15:11:08.0573 4840 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/08/21 15:11:08.0915 4840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/08/21 15:11:09.0407 4840 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/08/21 15:11:09.0757 4840 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/21 15:11:10.0180 4840 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/21 15:11:10.0611 4840 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/08/21 15:11:10.0960 4840 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/21 15:11:11.0500 4840 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/08/21 15:11:11.0698 4840 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/08/21 15:11:12.0275 4840 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/08/21 15:11:12.0627 4840 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/08/21 15:11:12.0973 4840 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/08/21 15:11:13.0333 4840 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys 2011/08/21 15:11:13.0732 4840 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/08/21 15:11:14.0140 4840 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/21 15:11:14.0520 4840 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/08/21 15:11:14.0974 4840 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/08/21 15:11:15.0280 4840 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/08/21 15:11:15.0646 4840 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/21 15:11:16.0024 4840 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/21 15:11:16.0496 4840 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/08/21 15:11:16.0769 4840 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/08/21 15:11:17.0149 4840 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/08/21 15:11:17.0464 4840 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/08/21 15:11:17.0754 4840 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/21 15:11:18.0039 4840 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/08/21 15:11:18.0325 4840 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/08/21 15:11:18.0627 4840 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/21 15:11:18.0887 4840 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/21 15:11:19.0185 4840 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/21 15:11:19.0652 4840 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/21 15:11:20.0001 4840 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/08/21 15:11:20.0228 4840 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/08/21 15:11:20.0484 4840 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/08/21 15:11:20.0787 4840 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/08/21 15:11:21.0093 4840 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/08/21 15:11:21.0608 4840 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/08/21 15:11:21.0840 4840 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/21 15:11:22.0326 4840 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/21 15:11:22.0573 4840 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/21 15:11:22.0822 4840 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/08/21 15:11:23.0132 4840 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/08/21 15:11:23.0420 4840 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/21 15:11:23.0803 4840 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/08/21 15:11:24.0148 4840 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/08/21 15:11:24.0394 4840 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/21 15:11:24.0673 4840 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/21 15:11:24.0959 4840 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/21 15:11:25.0212 4840 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/08/21 15:11:25.0601 4840 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/08/21 15:11:25.0945 4840 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/08/21 15:11:26.0308 4840 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/08/21 15:11:26.0646 4840 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/21 15:11:26.0839 4840 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/21 15:11:27.0081 4840 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/08/21 15:11:27.0338 4840 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/08/21 15:11:27.0656 4840 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/21 15:11:27.0958 4840 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/08/21 15:11:28.0176 4840 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/08/21 15:11:28.0464 4840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/21 15:11:28.0813 4840 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/08/21 15:11:29.0047 4840 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/21 15:11:29.0289 4840 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/21 15:11:29.0562 4840 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/21 15:11:29.0945 4840 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/08/21 15:11:30.0359 4840 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/21 15:11:30.0792 4840 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/21 15:11:31.0405 4840 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/08/21 15:11:32.0098 4840 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/08/21 15:11:32.0522 4840 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/08/21 15:11:32.0890 4840 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/08/21 15:11:33.0222 4840 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/21 15:11:33.0553 4840 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/08/21 15:11:33.0914 4840 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/08/21 15:11:34.0167 4840 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/08/21 15:11:35.0189 4840 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/21 15:11:36.0687 4840 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 2011/08/21 15:11:37.0161 4840 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 2011/08/21 15:11:37.0672 4840 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/08/21 15:11:38.0333 4840 OEM02Dev (4db21d44fe49614e3a85e5c07ef09397) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2011/08/21 15:11:38.0618 4840 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2011/08/21 15:11:38.0828 4840 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/21 15:11:39.0334 4840 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/08/21 15:11:39.0629 4840 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/08/21 15:11:39.0895 4840 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/08/21 15:11:40.0540 4840 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/08/21 15:11:40.0929 4840 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys 2011/08/21 15:11:41.0229 4840 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/08/21 15:11:41.0726 4840 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/08/21 15:11:42.0330 4840 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/21 15:11:42.0567 4840 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/08/21 15:11:42.0886 4840 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/21 15:11:43.0116 4840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/08/21 15:11:43.0447 4840 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/08/21 15:11:43.0905 4840 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/08/21 15:11:44.0296 4840 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/21 15:11:44.0618 4840 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/21 15:11:44.0928 4840 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/21 15:11:45.0563 4840 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/21 15:11:45.0919 4840 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/21 15:11:46.0375 4840 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/21 15:11:46.0693 4840 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/21 15:11:46.0922 4840 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/08/21 15:11:47.0218 4840 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/21 15:11:47.0475 4840 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/08/21 15:11:47.0846 4840 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/08/21 15:11:48.0068 4840 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/08/21 15:11:48.0332 4840 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/08/21 15:11:48.0889 4840 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/08/21 15:11:49.0231 4840 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/21 15:11:49.0574 4840 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/08/21 15:11:49.0847 4840 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/08/21 15:11:50.0101 4840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/21 15:11:50.0416 4840 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/08/21 15:11:50.0614 4840 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/08/21 15:11:51.0122 4840 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/08/21 15:11:51.0459 4840 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/08/21 15:11:51.0837 4840 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/21 15:11:52.0141 4840 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/21 15:11:52.0374 4840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/08/21 15:11:52.0770 4840 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/08/21 15:11:53.0019 4840 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/08/21 15:11:53.0423 4840 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/08/21 15:11:53.0816 4840 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/08/21 15:11:54.0204 4840 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/08/21 15:11:54.0546 4840 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\system32\Drivers\sptd.sys 2011/08/21 15:11:54.0693 4840 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3 2011/08/21 15:11:54.0773 4840 sptd - detected LockedFile.Multi.Generic (1) 2011/08/21 15:11:55.0028 4840 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/08/21 15:11:55.0319 4840 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/21 15:11:55.0596 4840 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/21 15:11:56.0168 4840 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys 2011/08/21 15:11:56.0519 4840 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/21 15:11:56.0796 4840 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/08/21 15:11:57.0036 4840 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/08/21 15:11:57.0268 4840 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/08/21 15:11:57.0612 4840 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2011/08/21 15:11:58.0099 4840 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/08/21 15:11:58.0478 4840 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/21 15:11:58.0723 4840 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/21 15:11:59.0086 4840 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/08/21 15:11:59.0405 4840 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/08/21 15:11:59.0651 4840 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/21 15:11:59.0929 4840 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/21 15:12:00.0491 4840 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/21 15:12:00.0843 4840 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/08/21 15:12:01.0237 4840 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/21 15:12:01.0539 4840 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/08/21 15:12:01.0884 4840 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/21 15:12:02.0174 4840 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/21 15:12:02.0426 4840 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/08/21 15:12:02.0739 4840 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/08/21 15:12:02.0960 4840 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/08/21 15:12:03.0337 4840 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/21 15:12:03.0631 4840 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/08/21 15:12:03.0994 4840 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/21 15:12:04.0251 4840 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/08/21 15:12:04.0379 4840 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/21 15:12:04.0649 4840 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/21 15:12:04.0861 4840 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/08/21 15:12:05.0094 4840 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/21 15:12:05.0345 4840 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/21 15:12:05.0643 4840 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/21 15:12:05.0959 4840 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/08/21 15:12:06.0389 4840 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/08/21 15:12:06.0688 4840 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/21 15:12:06.0977 4840 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/08/21 15:12:07.0212 4840 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/08/21 15:12:07.0450 4840 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/08/21 15:12:07.0692 4840 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 2011/08/21 15:12:07.0958 4840 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/08/21 15:12:08.0256 4840 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/08/21 15:12:08.0615 4840 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/08/21 15:12:08.0939 4840 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/08/21 15:12:09.0325 4840 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/08/21 15:12:09.0639 4840 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/21 15:12:09.0723 4840 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/21 15:12:10.0115 4840 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/08/21 15:12:10.0410 4840 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/21 15:12:11.0038 4840 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/08/21 15:12:11.0553 4840 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/08/21 15:12:12.0040 4840 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/08/21 15:12:12.0375 4840 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/21 15:12:12.0719 4840 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/08/21 15:12:13.0065 4840 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/21 15:12:13.0338 4840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/08/21 15:12:13.0418 4840 Boot (0x1200) (7e5b34f97a812c17939756151b3a97a5) \Device\Harddisk0\DR0\Partition0 2011/08/21 15:12:13.0500 4840 Boot (0x1200) (367dc6b5852c49e41743bb61f59d4897) \Device\Harddisk0\DR0\Partition1 2011/08/21 15:12:13.0553 4840 Boot (0x1200) (c7898130e548d9866a6383bfc9cd6800) \Device\Harddisk0\DR0\Partition2 2011/08/21 15:12:13.0621 4840 Boot (0x1200) (776432b396a829eaa0f968e6dd4b4ade) \Device\Harddisk0\DR0\Partition3 2011/08/21 15:12:13.0642 4840 ================================================================================ 2011/08/21 15:12:13.0643 4840 Scan finished 2011/08/21 15:12:13.0643 4840 ================================================================================ 2011/08/21 15:12:13.0730 6068 Detected object count: 1 2011/08/21 15:12:13.0730 6068 Actual detected object count: 1 2011/08/21 15:14:54.0348 6068 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/08/21 15:16:20.0681 4580 Deinitialize success Ikke valgt den startsiden og søkemotor nei... Har dagbladet som startside og google som søkemotor Lenke til kommentar
Dr.Geek Skrevet 21. august 2011 Del Skrevet 21. august 2011 (endret) Har du lastet ned og installert en Keylogger Crack av denne keyloggern?: http://www.ardamax.com/keylogger/ Hva en keylogger er vet du vel. Post meg en Hijackthislog: > http://free.antivirus.com/hijackthis/ Endret 21. august 2011 av TheGenius Lenke til kommentar
Footy Skrevet 21. august 2011 Forfatter Del Skrevet 21. august 2011 (endret) Vet hva en Keylogger er ja... den er noe jeg bruker (nei, ikke til hva du tror).. Den har jeg hatt lenge, det er de siste ukene problemene har startet Hijacklog Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:46:04, on 21.08.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\OEM02Mon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\Mobile Partner\Mobile Partner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe" O4 - HKUS\S-1-5-21-2271840558-4011763898-2198543459-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2271840558-4011763898-2198543459-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://express.foto.com/ImageUploader5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D9916D2F-68E1-45F6-8945-E5E4A763B0CA}: NameServer = 212.169.123.67 212.45.188.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8008 bytes Endret 21. august 2011 av Footy Lenke til kommentar
Dr.Geek Skrevet 22. august 2011 Del Skrevet 22. august 2011 Vet hva en Keylogger er ja... den er noe jeg bruker (nei, ikke til hva du tror).. Den har jeg hatt lenge, det er de siste ukene problemene har startet Cracks og Keygens er ikke lovlig og det blir egentlig ikke gitt support til dette i et forum. Veldig mye av dette inneholder Malware eller tilbys på angripende websider. (Exploits) Jeg fraråder sterkt til å bruke dette! Etter at du har slettet all form for cracked software: Det ser ut til å väre noe galt med ditt installerte Antivirusprogram AVG 10. Det blir meldt inaktiv og er outdated. Avinstall dette programmet og install den nye versjonen > AVG 11. eller Microsoft security essentials Fix med Hijackthis: Scan med hijackthis, marker de to registrynöklene som vist nede og click: "Fix checked." R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.infoR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://paflikkq.info Det er ellers ingen tegn til Malware/Virus i loggene. Lenke til kommentar
Footy Skrevet 22. august 2011 Forfatter Del Skrevet 22. august 2011 Takk for hjelpen! da regner vi med dette er fixet Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå