Just nu i M3-nätverket
Gå till innehåll

Skit i datorn...


Ultra

Rekommendera Poster

Hej,

 

Har en dator här som kanske har använts till lite "skumma" saker :blush: Han som använder den säger att antivirusprogramet (Norman) den senaste tiden har varnat för några trojaner eller liknande men han har fortsatt att använda datorn och den har varit seg och nu på slutet har detibland varit svårt att komma ut på nätet. Nu försöker jag hjälpa honom och jag hoppas att vi kan få hjälp här. Börjar väl medd DDS:arna

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Tomas Stenlund at 11:15:48 on 2012-07-04

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1376 [GMT 2:00]

.

AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\Program\Norman\Npm\Bin\elogsvc.exe

C:\Program\Norman\Ngs\Bin\Nnf.exe

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

svchost.exe

svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Secunia\PSI\PSIA.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\Program\Secunia\PSI\sua.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Logitech\MediaLife\MediaLifeService.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe

C:\Program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Secunia\PSI\psi_tray.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\iPod\bin\iPodService.exe

svchost.exe

C:\Program\Norman\npf\bin\npfuser.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\Program\Yahoo!\Messenger\ymsgr_tray.exe

C:\Documents and Settings\Tomas Stenlund\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

C:\Program\Norman\Nvc\bin\nhs.exe

C:\Program\Norman\Nvc\Bin\nvcoas.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Documents and Settings\Tomas Stenlund\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Page_URL = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program\yahoo!\search protection\ysp.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\program\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Xaosa] "c:\documents and settings\tomas stenlund\application data\ogli\uzeqv.exe"

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [MediaLifeService] "c:\program\logitech\medialife\MediaLifeService.exe"

mRun: [MMTray] "c:\program\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [mmtask] "c:\program\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [nmctxth] "c:\program\delade filer\pure networks shared\platform\nmctxth.exe"

mRun: [Linksys Wireless Manager] "c:\program\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1053

mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\allian~1.lnk - \\bokföring\c\allians\allians\data\AlliansPathfinder.exe

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\flipto~1.lnk - c:\program\fliptoast\fliptoast.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\acroba~1.lnk - c:\program\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~2.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\secuni~1.lnk - c:\program\secunia\psi\psi_tray.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program\yahoo!\search protection\ysp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127129685578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{188CA1A0-EAC7-42AE-B1A6-AC3854AE4924} : DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program\delade filer\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-9-23 47080]

R1 NGS;Norman General Security Driver;c:\program\norman\ngs\bin\ngs.sys [2010-9-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2010-9-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-9-23 457048]

R2 BBDemon;Backbone Service;c:\program\dassault systemes\b20\intel_a\code\bin\CATSysDemon.exe [2010-1-9 36864]

R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\ndiskio.sys [2010-9-23 22880]

R2 NHS;Norman Hash Server;c:\program\norman\nvc\bin\nhs.exe [2012-5-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\norman\ngs\bin\nnf.exe [2010-9-23 231216]

R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\zanda.exe [2010-5-18 431320]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2012-5-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2010-9-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\norman\ngs\bin\nregsec.sys [2010-9-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\norman\npm\bin\nvoy.exe [2010-9-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\secunia\psi\psia.exe --start-service --> c:\program\secunia\psi\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\secunia\psi\sua.exe --start-service --> c:\program\secunia\psi\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-9-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\norman\ngs\bin\nnetsecc.sys [2010-8-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\nsesvc.exe [2010-9-23 288072]

R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\nvcoas.exe [2012-5-14 286760]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\norman\npm\bin\scheduler.exe [2010-9-23 99312]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 257224]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-7-7 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-2 644096]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-5-3 23040]

.

=============== Created Last 30 ================

.

2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-01 21:19:54 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Zyiti

2012-07-01 21:19:54 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Vuyr

2012-07-01 21:19:54 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Nuwuma

2012-06-30 20:07:00 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Etdo

2012-06-30 20:07:00 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Emcydo

2012-06-30 20:07:00 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Diqo

2012-06-30 19:15:56 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Pauzwi

2012-06-30 19:15:56 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Ogli

2012-06-30 19:15:56 -------- d-----w- c:\documents and settings\tomas stenlund\application data\Nimi

.

==================== Find3M ====================

.

2012-07-01 16:49:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-01 16:49:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-05-21 14:21:01 47080 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-04-11 13:55:27 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55:17 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:55:03 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 11:17:43,17 ===============

attach.txt

Länk till kommentar
Dela på andra webbplatser

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Länk till kommentar
Dela på andra webbplatser

ComboFix 12-07-04.01 - Tomas Stenlund 2012-07-04 12:35:18.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1403 [GMT 2:00]

Körs från: c:\documents and settings\Tomas Stenlund\Skrivbord\ComboFix.exe

AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\default\us_sres.data

c:\documents and settings\Tomas Stenlund\Application Data\Diqo

c:\documents and settings\Tomas Stenlund\Application Data\Diqo\barie.exe

c:\documents and settings\Tomas Stenlund\Application Data\Emcydo

c:\documents and settings\Tomas Stenlund\Application Data\Emcydo\zaku.rip

c:\documents and settings\Tomas Stenlund\Application Data\Ogli

c:\documents and settings\Tomas Stenlund\Application Data\Ogli\uzeqv.exe

c:\documents and settings\Tomas Stenlund\Application Data\Pauzwi

c:\documents and settings\Tomas Stenlund\Application Data\Pauzwi\hoywh.zex

c:\documents and settings\Tomas Stenlund\Application Data\Vuyr

c:\documents and settings\Tomas Stenlund\Application Data\Vuyr\eltab.exe

c:\documents and settings\Tomas Stenlund\Application Data\Zyiti

c:\documents and settings\Tomas Stenlund\Application Data\Zyiti\ohele.boy

c:\windows\Installer\{c76c325b-8795-4c21-6876-3cca2914a682}\@

c:\windows\Installer\{c76c325b-8795-4c21-6876-3cca2914a682}\n

c:\windows\Installer\{c76c325b-8795-4c21-6876-3cca2914a682}\U\00000001.@

c:\windows\Installer\{c76c325b-8795-4c21-6876-3cca2914a682}\U\800000cb.@

c:\windows\system32\CCXPButton.ocx

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-04 till 2012-07-04 ))))))))))))))))))))))))))))))

.

.

2023-04-03 13:06 . 2023-04-03 13:06 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-01 21:19 . 2012-07-01 21:19 -------- d-----w- c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma

2012-07-01 16:54 . 2012-07-01 16:54 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\Google

2012-07-01 16:49 . 2012-07-01 16:49 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Google

2012-06-30 20:07 . 2012-06-30 20:07 -------- d-----w- c:\documents and settings\Tomas Stenlund\Application Data\Etdo

2012-06-30 19:15 . 2012-07-04 10:09 -------- d-----w- c:\documents and settings\Tomas Stenlund\Application Data\Nimi

2012-06-22 08:46 . 2012-06-22 08:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-01 16:49 . 2012-03-29 11:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-01 16:49 . 2011-11-11 08:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2005-09-19 18:10 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2005-09-19 18:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2005-09-19 18:10 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2005-09-19 18:37 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2005-09-19 18:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2005-09-19 18:10 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2004-08-04 19:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-06-20 19:55 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2005-09-19 18:10 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2005-09-19 18:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-07-29 21:15 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-07-29 21:15 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-07-29 21:15 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 19:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-05-21 14:21 . 2010-09-23 10:22 47080 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-04-11 13:55 . 2004-08-04 08:25 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2004-08-04 19:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:55 . 2004-08-04 19:00 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]

"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

"Messenger (Yahoo!)"="c:\program\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-01 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"MediaLifeService"="c:\program\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]

"MMTray"="c:\program\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]

"mmtask"="c:\program\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]

"nmctxth"="c:\program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"Linksys Wireless Manager"="c:\program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]

"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Tomas Stenlund\Start-meny\Program\Autostart\

Alliansserver.lnk - \\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe [2006-7-12 396288]

fliptoast.lnk - c:\program\fliptoast\fliptoast.exe [N/A]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Acrobat Assistant.lnk - c:\program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-4-17 49254]

Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-13 67128]

Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2007-1-3 450560]

Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-5-3 939920]

Secunia PSI Tray.lnk - c:\program\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

R1 NGS;Norman General Security Driver;c:\program\Norman\Ngs\Bin\ngs.sys [2010-09-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2010-09-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-09-23 457048]

R2 BBDemon;Backbone Service;c:\program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2010-01-09 36864]

R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\ndiskio.sys [2010-09-23 22880]

R2 NHS;Norman Hash Server;c:\program\Norman\Nvc\Bin\nhs.exe [2012-05-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\Norman\Ngs\Bin\nnf.exe [2010-09-23 231216]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\npf\bin\npfsvc32.exe [2012-05-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2010-09-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\Norman\Ngs\Bin\nregsec.sys [2010-09-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\Norman\Npm\Bin\nvoy.exe [2010-09-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\Secunia\PSI\PSIA.exe --start-service --> c:\program\Secunia\PSI\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\Secunia\PSI\sua.exe --start-service --> c:\program\Secunia\PSI\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-09-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\Norman\Ngs\Bin\nnetsecc.sys [2010-08-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\nsesvc.exe [2010-09-23 288072]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\Norman\Npm\Bin\scheduler.exe [2010-09-23 99312]

S0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-09-23 47080]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-07-07 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]

S3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\Nvc\Bin\nvcoas.exe [2012-05-14 286760]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-05-03 23040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 16:49]

.

2012-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2012-07-04 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-21 14:50]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

HKCU-Run-Xaosa - c:\documents and settings\Tomas Stenlund\Application Data\Ogli\uzeqv.exe

HKLM-Run-SunJavaUpdateSched - c:\program\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-04 12:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Sluttid: 2012-07-04 12:57:04

ComboFix-quarantined-files.txt 2012-07-04 10:56

.

Före genomsökningen: 11 961 180 160 byte ledigt

Efter genomsökningen: 12 194 762 752 byte ledigt

.

- - End Of File - - E052A447710CFC47BEC785BC7BEF8339

Länk till kommentar
Dela på andra webbplatser

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:dir
c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma
c:\documents and settings\Tomas Stenlund\Application Data\Etdo
c:\documents and settings\Tomas Stenlund\Application Data\Nimi

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Länk till kommentar
Dela på andra webbplatser

SystemLook 30.07.11 by jpshortstuff

Log created at 15:20 on 04/07/2012 by Tomas Stenlund

Administrator - Elevation successful

 

========== dir ==========

 

c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma - Parameters: "(none)"

 

---Files---

leseo.saa --a---- 265810 bytes [02:05 26/10/2009] [08:10 04/07/2012]

 

---Folders---

None found.

 

c:\documents and settings\Tomas Stenlund\Application Data\Etdo - Parameters: "(none)"

 

---Files---

ehfie.ixu --a---- 222356 bytes [13:49 01/01/2011] [16:00 01/07/2012]

 

---Folders---

None found.

 

c:\documents and settings\Tomas Stenlund\Application Data\Nimi - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

None found.

 

-= EOF =-

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma
c:\documents and settings\Tomas Stenlund\Application Data\Etdo
c:\documents and settings\Tomas Stenlund\Application Data\Nimi

och klistra in i Anteckningar.Se till att du inte får några radbrytningar mitt i filnamn.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny DDS-logg.

Länk till kommentar
Dela på andra webbplatser

ComboFix 12-07-04.01 - Tomas Stenlund 2012-07-04 16:11:28.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1349 [GMT 2:00]

Körs från: c:\documents and settings\Tomas Stenlund\Skrivbord\ComboFix.exe

Kommandoväxlar som använts :: c:\documents and settings\Tomas Stenlund\Skrivbord\CFScript.txt

AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Tomas Stenlund\Application Data\Etdo

c:\documents and settings\Tomas Stenlund\Application Data\Etdo\ehfie.ixu

c:\documents and settings\Tomas Stenlund\Application Data\Nimi

c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma

c:\documents and settings\Tomas Stenlund\Application Data\Nuwuma\leseo.saa

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-04 till 2012-07-04 ))))))))))))))))))))))))))))))

.

.

2023-04-03 13:06 . 2023-04-03 13:06 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-01 16:54 . 2012-07-01 16:54 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\Google

2012-07-01 16:49 . 2012-07-01 16:49 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Google

2012-06-22 08:46 . 2012-06-22 08:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-01 16:49 . 2012-03-29 11:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-01 16:49 . 2011-11-11 08:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2005-09-19 18:10 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2005-09-19 18:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2005-09-19 18:10 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2005-09-19 18:37 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2005-09-19 18:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2005-09-19 18:10 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2004-08-04 19:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-06-20 19:55 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2005-09-19 18:10 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2005-09-19 18:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-07-29 21:15 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-07-29 21:15 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-07-29 21:15 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 19:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-05-21 14:21 . 2010-09-23 10:22 47080 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-04-11 13:55 . 2004-08-04 08:25 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2004-08-04 19:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:55 . 2004-08-04 19:00 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-04_10.52.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-04 14:28 . 2012-07-04 14:28 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-07-04 14:32 . 2012-07-04 14:32 16384 c:\windows\temp\Perflib_Perfdata_bf0.dat

+ 2012-07-04 14:27 . 2012-07-04 14:27 16384 c:\windows\temp\Perflib_Perfdata_524.dat

+ 2012-07-04 14:28 . 2012-07-04 14:28 16384 c:\windows\temp\History\History.IE5\index.dat

+ 2012-07-04 14:28 . 2012-07-04 14:28 16384 c:\windows\temp\Cookies\index.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]

"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

"Messenger (Yahoo!)"="c:\program\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-01 39408]

"Xaosa"="c:\documents and settings\Tomas Stenlund\Application Data\Ogli\uzeqv.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"MediaLifeService"="c:\program\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]

"MMTray"="c:\program\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]

"mmtask"="c:\program\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]

"nmctxth"="c:\program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"Linksys Wireless Manager"="c:\program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]

"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Tomas Stenlund\Start-meny\Program\Autostart\

Alliansserver.lnk - \\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe [2006-7-12 396288]

fliptoast.lnk - c:\program\fliptoast\fliptoast.exe [N/A]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Acrobat Assistant.lnk - c:\program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-4-17 49254]

Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-13 67128]

Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2007-1-3 450560]

Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-5-3 939920]

Secunia PSI Tray.lnk - c:\program\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

.

R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-09-23 46816]

R1 NGS;Norman General Security Driver;c:\program\Norman\Ngs\Bin\ngs.sys [2010-09-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2010-09-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-09-23 457048]

R2 BBDemon;Backbone Service;c:\program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2010-01-09 36864]

R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\ndiskio.sys [2010-09-23 22880]

R2 NHS;Norman Hash Server;c:\program\Norman\Nvc\Bin\nhs.exe [2012-05-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\Norman\Ngs\Bin\nnf.exe [2010-09-23 231216]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\npf\bin\npfsvc32.exe [2012-05-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2010-09-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\Norman\Ngs\Bin\nregsec.sys [2010-09-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\Norman\Npm\Bin\nvoy.exe [2010-09-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\Secunia\PSI\PSIA.exe --start-service --> c:\program\Secunia\PSI\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\Secunia\PSI\sua.exe --start-service --> c:\program\Secunia\PSI\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-09-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\Norman\Ngs\Bin\nnetsecc.sys [2010-08-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\nsesvc.exe [2010-09-23 288072]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\Norman\Npm\Bin\scheduler.exe [2010-09-23 99312]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-07-07 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]

S3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\Nvc\Bin\nvcoas.exe [2012-07-04 287312]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-05-03 23040]

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 16:49]

.

2012-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2012-07-04 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-21 14:50]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-04 16:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(1268)

c:\program\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Norman\Npm\Bin\elogsvc.exe

c:\program\Norman\Npm\Bin\Zanda.exe

c:\windows\System32\SCardSvr.exe

c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program\Secunia\PSI\PSIA.exe

c:\program\Analog Devices\SoundMAX\SMAgent.exe

c:\program\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program\Windows Media Player\WMPNetwk.exe

c:\windows\system32\RUNDLL32.EXE

c:\program\iPod\bin\iPodService.exe

c:\program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

c:\program\Secunia\PSI\sua.exe

c:\program\Norman\Npm\Bin\Njeeves.exe

.

**************************************************************************

.

Sluttid: 2012-07-04 16:39:07 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-04 14:39

ComboFix2.txt 2012-07-04 10:57

.

Före genomsökningen: 12 089 761 792 byte ledigt

Efter genomsökningen: 12 091 756 544 byte ledigt

.

- - End Of File - - 97226A02E197A7EF507EA0A5D98F6E2B

Länk till kommentar
Dela på andra webbplatser

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Tomas Stenlund at 16:46:42 on 2012-07-04

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1426 [GMT 2:00]

.

AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\Program\Norman\Npm\Bin\elogsvc.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Norman\Npm\Bin\Zanda.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Secunia\PSI\PSIA.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Logitech\MediaLife\MediaLifeService.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe

C:\Program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Secunia\PSI\psi_tray.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\Secunia\PSI\sua.exe

C:\Program\Norman\npm\bin\nvoy.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\Program\Norman\Nvc\bin\nhs.exe

C:\Program\Norman\Ngs\Bin\Nnf.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\explorer.exe

C:\Program\Norman\Nvc\Bin\nvcoas.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program\yahoo!\search protection\ysp.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [Messenger (Yahoo!)] "c:\program\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Xaosa] "c:\documents and settings\tomas stenlund\application data\ogli\uzeqv.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [MediaLifeService] "c:\program\logitech\medialife\MediaLifeService.exe"

mRun: [MMTray] "c:\program\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [mmtask] "c:\program\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [nmctxth] "c:\program\delade filer\pure networks shared\platform\nmctxth.exe"

mRun: [Linksys Wireless Manager] "c:\program\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1053

mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\allian~1.lnk - \\bokföring\c\allians\allians\data\AlliansPathfinder.exe

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\flipto~1.lnk - c:\program\fliptoast\fliptoast.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\acroba~1.lnk - c:\program\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~2.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\secuni~1.lnk - c:\program\secunia\psi\psi_tray.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program\yahoo!\search protection\ysp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127129685578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{188CA1A0-EAC7-42AE-B1A6-AC3854AE4924} : DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program\delade filer\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-9-23 46816]

R1 NGS;Norman General Security Driver;c:\program\norman\ngs\bin\ngs.sys [2010-9-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2010-9-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-9-23 457048]

R2 BBDemon;Backbone Service;c:\program\dassault systemes\b20\intel_a\code\bin\CATSysDemon.exe [2010-1-9 36864]

R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\ndiskio.sys [2010-9-23 22880]

R2 NHS;Norman Hash Server;c:\program\norman\nvc\bin\nhs.exe [2012-5-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\norman\ngs\bin\nnf.exe [2010-9-23 231216]

R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\zanda.exe [2010-5-18 431320]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2012-5-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2010-9-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\norman\ngs\bin\nregsec.sys [2010-9-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\norman\npm\bin\nvoy.exe [2010-9-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\secunia\psi\psia.exe --start-service --> c:\program\secunia\psi\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\secunia\psi\sua.exe --start-service --> c:\program\secunia\psi\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-9-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\norman\ngs\bin\nnetsecc.sys [2010-8-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\nsesvc.exe [2010-9-23 288072]

R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\nvcoas.exe [2012-7-4 287312]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\norman\npm\bin\scheduler.exe [2010-9-23 99312]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 257224]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-7-7 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-2 644096]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-5-3 23040]

.

=============== Created Last 30 ================

.

2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-04 10:31:40 98816 ----a-w- c:\windows\sed.exe

2012-07-04 10:31:40 518144 ----a-w- c:\windows\SWREG.exe

2012-07-04 10:31:40 256000 ----a-w- c:\windows\PEV.exe

2012-07-04 10:31:40 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2012-07-01 16:49:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-01 16:49:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-27 12:42:01 46816 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55:27 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55:17 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:55:03 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 16:47:01,75 ===============

attach2.txt

Länk till kommentar
Dela på andra webbplatser

En liten rest kvar.

 

Kopiera alla rader i rutan:

Killall::
DDS::
uRun: [Xaosa] "c:\documents and settings\tomas stenlund\application data\ogli\uzeqv.exe"

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

 

Hur fungerar datorn nu?

Hittar Norman något?

Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser

Brynäsarn

Jag ser i DDS-loggen att det finns en gammal java-version som har säkerhetshål,som gör

att datorn lätt kan bli smittad via en infekterad webbsida,avinstallera gamla

versionen och hämta senaste här http://www.java.com/sv/ när datorn är ren.

Länk till kommentar
Dela på andra webbplatser

ComboFix 12-07-05.02 - Tomas Stenlund 2012-07-05 9:50.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1476 [GMT 2:00]

Körs från: c:\documents and settings\Tomas Stenlund\Skrivbord\ComboFix.exe

Kommandoväxlar som använts :: c:\documents and settings\Tomas Stenlund\Skrivbord\CFScript.txt

AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-05 till 2012-07-05 ))))))))))))))))))))))))))))))

.

.

2023-04-03 13:06 . 2023-04-03 13:06 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-01 16:54 . 2012-07-01 16:54 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\Google

2012-07-01 16:49 . 2012-07-01 16:49 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Google

2012-06-22 08:46 . 2012-06-22 08:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-01 16:49 . 2012-03-29 11:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-01 16:49 . 2011-11-11 08:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-27 12:42 . 2010-09-23 10:22 46816 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2005-09-19 18:10 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2005-09-19 18:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2005-09-19 18:10 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2005-09-19 18:37 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2005-09-19 18:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2005-09-19 18:10 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2004-08-04 19:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2007-06-20 19:55 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2007-06-20 19:55 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2005-09-19 18:10 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2005-09-19 18:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-07-29 21:15 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-07-29 21:15 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-07-29 21:15 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 19:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:55 . 2004-08-04 08:25 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2004-08-04 19:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:55 . 2004-08-04 19:00 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-04_10.52.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-05 08:09 . 2012-07-05 08:09 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-07-05 08:05 . 2012-07-05 08:05 16384 c:\windows\temp\Perflib_Perfdata_36c.dat

+ 2012-07-05 08:09 . 2012-07-05 08:09 16384 c:\windows\temp\History\History.IE5\index.dat

+ 2012-07-05 08:09 . 2012-07-05 08:09 16384 c:\windows\temp\Cookies\index.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]

"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

"Messenger (Yahoo!)"="c:\program\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-01 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"MediaLifeService"="c:\program\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]

"MMTray"="c:\program\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]

"mmtask"="c:\program\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]

"nmctxth"="c:\program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"Linksys Wireless Manager"="c:\program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]

"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Tomas Stenlund\Start-meny\Program\Autostart\

Alliansserver.lnk - \\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe [2006-7-12 396288]

fliptoast.lnk - c:\program\fliptoast\fliptoast.exe [N/A]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Acrobat Assistant.lnk - c:\program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-4-17 49254]

Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-13 67128]

Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2007-1-3 450560]

Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2010-5-3 939920]

Secunia PSI Tray.lnk - c:\program\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

.

R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-09-23 46816]

R1 NGS;Norman General Security Driver;c:\program\Norman\Ngs\Bin\ngs.sys [2010-09-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2010-09-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-09-23 457048]

R2 BBDemon;Backbone Service;c:\program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2010-01-09 36864]

R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\ndiskio.sys [2010-09-23 22880]

R2 NHS;Norman Hash Server;c:\program\Norman\Nvc\Bin\nhs.exe [2012-05-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\Norman\Ngs\Bin\nnf.exe [2010-09-23 231216]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\npf\bin\npfsvc32.exe [2012-05-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2010-09-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\Norman\Ngs\Bin\nregsec.sys [2010-09-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\Norman\Npm\Bin\nvoy.exe [2010-09-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\Secunia\PSI\PSIA.exe --start-service --> c:\program\Secunia\PSI\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\Secunia\PSI\sua.exe --start-service --> c:\program\Secunia\PSI\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-09-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\Norman\Ngs\Bin\nnetsecc.sys [2010-08-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\nsesvc.exe [2010-09-23 288072]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\Norman\Npm\Bin\scheduler.exe [2010-09-23 99312]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-07-07 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]

S3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\Nvc\Bin\nvcoas.exe [2012-07-04 287312]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-05-03 23040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 16:49]

.

2012-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2012-07-05 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-21 14:50]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2012-07-01 16:49]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-05 10:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(3840)

c:\program\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Norman\Npm\Bin\elogsvc.exe

c:\program\Norman\Npm\Bin\Zanda.exe

c:\windows\System32\SCardSvr.exe

c:\program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program\Secunia\PSI\PSIA.exe

c:\program\Analog Devices\SoundMAX\SMAgent.exe

c:\program\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program\Windows Media Player\WMPNetwk.exe

c:\program\Norman\Npm\Bin\Njeeves.exe

c:\program\Secunia\PSI\sua.exe

c:\windows\system32\RUNDLL32.EXE

c:\program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2012-07-05 10:14:43 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-05 08:14

ComboFix2.txt 2012-07-04 16:32

ComboFix3.txt 2012-07-04 14:39

ComboFix4.txt 2012-07-04 10:57

.

Före genomsökningen: 12 070 281 216 byte ledigt

Efter genomsökningen: 12 048 957 440 byte ledigt

.

- - End Of File - - 856691E4AF490D77B62528E8F654AACE

Länk till kommentar
Dela på andra webbplatser

Så, nu har jag gjort allt enligt era instruktioner och uppdaterat JAVA. Håller på att köra en genomsökning med Norman, återkommer om den hittar något.

 

Datorn verkar fungera som den ska nu (det lilla som jag har kört den). Det jag glömde berätta i början var att ikonerna hela tiden hamnade längst till vänster på skrivbordet, inte i den ordningen som var från början men det rättade till sig efter en ComboFix-körning.

Länk till kommentar
Dela på andra webbplatser

ComboFix nollställer en del inställningar så det var nog en felaktig inställning som ställde till det med ikonerna på skrivbordet.

 

Då väntar jag på resultatet från Norman innan jag skriver hur du ska avinstallera ComboFix.

Länk till kommentar
Dela på andra webbplatser

Norman tog en jäkla tid på sig så den fick stå och tugga under natten. Norman säger att den har hittat angrepp men när jag ska klicka fram loggfilen så säger den att "Loggfilen fins inte". Jag trodde att det blivit nåt fel på skanningen så jag drog igång det igen och det har tagit hela dagen. Så noga som Norman nu har letat så borde den väl ha varit överallt i datorn :D

 

Hur som helst så säger den nu att "4 angrepp är upptäckta" men det går fortfarande inte att få fram någon loggfil. Behöver du veta något av det som nu står i Norman-fönstret?

Länk till kommentar
Dela på andra webbplatser

Om du kan få fram vilka filer och mappar det gäller så vore det ju jättebra så att man kan ta bort filerna manuellt om nu inte Norman klarar av det.

Länk till kommentar
Dela på andra webbplatser

Jag vet inte riktigt vart jag ska kolla men så här står det i rutan "spårningslogg":

 

Sabotageprogram upptäckt: W32/Delf.FFWG. Typ: Trojansk häst. (0) 0xB3FCE000

 

 

Det finns en hårddisk installerad som "slav" eller vad det kan heta, den används inte men är inkopplad för att ev. kunna hämta gamla filer som finns på den och där verkar Norman ha hittat tre saker:

 

Sabotageprogram upptäckt: W32/Malware.COLC. Typ: Trojansk häst (Data1.cab?WinExplorer.exe)

Sabotageprogram upptäckt: W32/Suspicious_Gen2.PJHUE. Typ: Trojansk häst. (Data1.cab?mirc32.exe

Sabotageprogram upptäckt: W32/Malware.HJIA. Typ trojansk häst: (Data1.cab?CardWriter.exe)

Länk till kommentar
Dela på andra webbplatser

Inte lätt att veta var någonstans det första döljer sig, men då kan vi söka med några andra program i stället.

 

Sånt som ligger i en .CAB-fil är packat (som i en zip-fil) och det är ju inget som körs inifrån den typen av filer.

 

1. Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

 

Klicka på Start Scan.

 

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

2. Spara aswMBR på skrivbordet: http://public.avast.com/~gmerek/aswMBR.exe

Starta om datorn och låt bli att starta några program.

Dubbel-klicka på aswMBR.exe för att köra programmet.

Klicka på Scan-knappen för att börja genomsökningen.

När den är klar så spara (Save) loggen på skrivbordet.

Klistra in loggen i ditt svar här.

Länk till kommentar
Dela på andra webbplatser

TDSSKiller hittade inget.

 

 

18:16:46.0906 4832 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

18:16:47.0203 4832 ============================================================

18:16:47.0203 4832 Current date / time: 2012/07/06 18:16:47.0203

18:16:47.0203 4832 SystemInfo:

18:16:47.0203 4832

18:16:47.0203 4832 OS Version: 5.1.2600 ServicePack: 3.0

18:16:47.0203 4832 Product type: Workstation

18:16:47.0203 4832 ComputerName: TOMAS

18:16:47.0203 4832 UserName: Tomas Stenlund

18:16:47.0203 4832 Windows directory: C:\WINDOWS

18:16:47.0203 4832 System windows directory: C:\WINDOWS

18:16:47.0203 4832 Processor architecture: Intel x86

18:16:47.0203 4832 Number of processors: 2

18:16:47.0203 4832 Page size: 0x1000

18:16:47.0203 4832 Boot type: Normal boot

18:16:47.0203 4832 ============================================================

18:16:50.0296 4832 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:16:50.0296 4832 ============================================================

18:16:50.0296 4832 \Device\Harddisk0\DR0:

18:16:50.0296 4832 MBR partitions:

18:16:50.0296 4832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x993531, BlocksNum 0x1C831050

18:16:50.0296 4832 ============================================================

18:16:50.0328 4832 C: <-> \Device\Harddisk0\DR0\Partition0

18:16:50.0328 4832 ============================================================

18:16:50.0328 4832 Initialize success

18:16:50.0328 4832 ============================================================

18:16:54.0140 3008 ============================================================

18:16:54.0140 3008 Scan started

18:16:54.0140 3008 Mode: Manual;

18:16:54.0140 3008 ============================================================

18:16:54.0984 3008 Abiosdsk - ok

18:16:55.0000 3008 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:16:55.0046 3008 abp480n5 - ok

18:16:55.0078 3008 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:16:55.0140 3008 ACPI - ok

18:16:55.0156 3008 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:16:55.0203 3008 ACPIEC - ok

18:16:55.0296 3008 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:16:55.0296 3008 AdobeFlashPlayerUpdateSvc - ok

18:16:55.0312 3008 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:16:55.0390 3008 adpu160m - ok

18:16:55.0437 3008 aeaudio (6803453f3ff53cf353cdbef5ffaa8b7e) C:\WINDOWS\system32\drivers\aeaudio.sys

18:16:55.0500 3008 aeaudio - ok

18:16:55.0546 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:16:55.0593 3008 aec - ok

18:16:55.0640 3008 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:16:55.0687 3008 AFD - ok

18:16:55.0703 3008 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:16:55.0734 3008 agp440 - ok

18:16:55.0765 3008 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:16:55.0796 3008 agpCPQ - ok

18:16:55.0828 3008 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:16:55.0875 3008 Aha154x - ok

18:16:55.0875 3008 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:16:55.0953 3008 aic78u2 - ok

18:16:55.0953 3008 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:16:56.0015 3008 aic78xx - ok

18:16:56.0781 3008 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

18:16:57.0031 3008 ALCXWDM - ok

18:16:57.0156 3008 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll

18:16:57.0203 3008 Alerter - ok

18:16:57.0234 3008 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe

18:16:57.0328 3008 ALG - ok

18:16:57.0375 3008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:16:57.0421 3008 AliIde - ok

18:16:57.0437 3008 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:16:57.0468 3008 alim1541 - ok

18:16:57.0484 3008 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:16:57.0515 3008 amdagp - ok

18:16:57.0515 3008 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:16:57.0562 3008 amsint - ok

18:16:57.0703 3008 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:16:57.0750 3008 Apple Mobile Device - ok

18:16:57.0796 3008 AppMgmt (6912d676607594c3554c2e43f4b1feee) C:\WINDOWS\System32\appmgmts.dll

18:16:57.0859 3008 AppMgmt - ok

18:16:57.0859 3008 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:16:57.0921 3008 asc - ok

18:16:57.0921 3008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:16:57.0968 3008 asc3350p - ok

18:16:57.0968 3008 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:16:58.0000 3008 asc3550 - ok

18:16:58.0125 3008 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:16:58.0187 3008 aspnet_state - ok

18:16:58.0234 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:16:58.0265 3008 AsyncMac - ok

18:16:58.0281 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:16:58.0281 3008 atapi - ok

18:16:58.0281 3008 Atdisk - ok

18:16:58.0312 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:16:58.0359 3008 Atmarpc - ok

18:16:58.0390 3008 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll

18:16:58.0453 3008 AudioSrv - ok

18:16:58.0484 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:16:58.0515 3008 audstub - ok

18:16:58.0828 3008 BBDemon (584f96e8ca59f2ec987e8fd6712d666e) C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe

18:17:14.0734 3008 BBDemon - ok

18:17:14.0890 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:17:14.0906 3008 Beep - ok

18:17:15.0031 3008 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program\Bonjour\mDNSResponder.exe

18:17:15.0031 3008 Bonjour Service - ok

18:17:15.0093 3008 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll

18:17:15.0156 3008 Browser - ok

18:17:15.0156 3008 catchme - ok

18:17:15.0171 3008 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:17:15.0234 3008 cbidf - ok

18:17:15.0234 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:17:15.0234 3008 cbidf2k - ok

18:17:15.0265 3008 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:17:15.0281 3008 CCDECODE - ok

18:17:15.0281 3008 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:17:15.0312 3008 cd20xrnt - ok

18:17:15.0343 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:17:15.0390 3008 Cdaudio - ok

18:17:15.0406 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:17:15.0437 3008 Cdfs - ok

18:17:15.0484 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:17:15.0546 3008 Cdrom - ok

18:17:15.0546 3008 Changer - ok

18:17:15.0578 3008 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe

18:17:15.0609 3008 CiSvc - ok

18:17:15.0640 3008 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe

18:17:15.0718 3008 ClipSrv - ok

18:17:15.0812 3008 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:17:15.0921 3008 clr_optimization_v2.0.50727_32 - ok

18:17:15.0921 3008 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:17:15.0968 3008 CmdIde - ok

18:17:15.0968 3008 COMSysApp - ok

18:17:15.0984 3008 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:17:16.0031 3008 Cpqarray - ok

18:17:16.0078 3008 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll

18:17:16.0125 3008 CryptSvc - ok

18:17:16.0140 3008 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:17:16.0218 3008 dac2w2k - ok

18:17:16.0218 3008 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:17:16.0265 3008 dac960nt - ok

18:17:16.0296 3008 DCamUSBIntel (751513f94f50b243ca9ea123e7fdeb0c) C:\WINDOWS\system32\Drivers\TP6800.sys

18:17:16.0359 3008 DCamUSBIntel - ok

18:17:16.0421 3008 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll

18:17:16.0437 3008 DcomLaunch - ok

18:17:16.0859 3008 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll

18:17:16.0921 3008 Dhcp - ok

18:17:16.0937 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:17:16.0968 3008 Disk - ok

18:17:16.0984 3008 dmadmin - ok

18:17:17.0046 3008 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

18:17:17.0125 3008 dmboot - ok

18:17:17.0156 3008 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

18:17:17.0218 3008 dmio - ok

18:17:17.0234 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:17:17.0265 3008 dmload - ok

18:17:17.0468 3008 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll

18:17:17.0531 3008 dmserver - ok

18:17:17.0593 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:17:17.0640 3008 DMusic - ok

18:17:17.0671 3008 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll

18:17:17.0734 3008 Dnscache - ok

18:17:17.0781 3008 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll

18:17:18.0031 3008 Dot3svc - ok

18:17:18.0078 3008 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

18:17:18.0125 3008 dot4 - ok

18:17:18.0156 3008 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

18:17:18.0203 3008 Dot4Print - ok

18:17:18.0234 3008 dot4usb (6653cb27a6be66572ce6ab7cc86b4751) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

18:17:18.0265 3008 dot4usb - ok

18:17:18.0265 3008 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:17:18.0328 3008 dpti2o - ok

18:17:18.0343 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:17:18.0375 3008 drmkaud - ok

18:17:18.0406 3008 E100B (c6a2dc3ae99c7a462fbfd9d302d4d190) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:17:18.0468 3008 E100B - ok

18:17:18.0500 3008 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll

18:17:18.0562 3008 EapHost - ok

18:17:18.0687 3008 eLoggerSvc6 (05cc05c83efae4e98eeae223dc22234f) C:\Program\Norman\Npm\Bin\elogsvc.exe

18:17:18.0843 3008 eLoggerSvc6 - ok

18:17:18.0875 3008 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll

18:17:18.0921 3008 ERSvc - ok

18:17:18.0968 3008 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe

18:17:19.0140 3008 Eventlog - ok

18:17:19.0203 3008 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll

18:17:19.0203 3008 EventSystem - ok

18:17:19.0250 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:17:19.0281 3008 Fastfat - ok

18:17:19.0343 3008 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll

18:17:19.0375 3008 FastUserSwitchingCompatibility - ok

18:17:19.0390 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:17:19.0421 3008 Fdc - ok

18:17:19.0437 3008 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

18:17:19.0484 3008 Fips - ok

18:17:19.0531 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:17:19.0562 3008 Flpydisk - ok

18:17:19.0593 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:17:19.0640 3008 FltMgr - ok

18:17:19.0718 3008 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:17:19.0750 3008 FontCache3.0.0.0 - ok

18:17:19.0781 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:17:19.0812 3008 Fs_Rec - ok

18:17:19.0828 3008 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:17:19.0875 3008 Ftdisk - ok

18:17:19.0906 3008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:17:19.0937 3008 GEARAspiWDM - ok

18:17:20.0000 3008 getPlusHelper (3ee179e233ee2b87047570b233d3284f) C:\Program\NOS\bin\getPlus_Helper.dll

18:17:20.0109 3008 getPlusHelper - ok

18:17:20.0109 3008 GMSIPCI - ok

18:17:20.0125 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:17:20.0171 3008 Gpc - ok

18:17:20.0296 3008 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program\Google\Update\GoogleUpdate.exe

18:17:20.0296 3008 gupdate - ok

18:17:20.0296 3008 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program\Google\Update\GoogleUpdate.exe

18:17:20.0312 3008 gupdatem - ok

18:17:20.0375 3008 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

18:17:20.0375 3008 gusvc - ok

18:17:20.0468 3008 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys

18:17:21.0062 3008 Hardlock - ok

18:17:21.0171 3008 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:17:21.0218 3008 helpsvc - ok

18:17:21.0265 3008 HidServ (71aace06b5f93cf02d05e4e2ec479aac) C:\WINDOWS\System32\hidserv.dll

18:17:21.0312 3008 HidServ - ok

18:17:21.0343 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:17:21.0359 3008 HidUsb - ok

18:17:21.0390 3008 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll

18:17:21.0453 3008 hkmsvc - ok

18:17:21.0500 3008 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:17:21.0546 3008 hpn - ok

18:17:21.0593 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:17:21.0656 3008 HTTP - ok

18:17:21.0703 3008 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll

18:17:21.0734 3008 HTTPFilter - ok

18:17:21.0781 3008 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

18:17:21.0859 3008 hwdatacard - ok

18:17:21.0875 3008 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:17:21.0906 3008 i2omgmt - ok

18:17:21.0906 3008 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:17:21.0937 3008 i2omp - ok

18:17:21.0953 3008 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:17:22.0000 3008 i8042prt - ok

18:17:22.0125 3008 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

18:17:22.0312 3008 IDriverT - ok

18:17:22.0453 3008 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:17:22.0468 3008 idsvc - ok

18:17:22.0500 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:17:22.0531 3008 Imapi - ok

18:17:22.0578 3008 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe

18:17:22.0734 3008 ImapiService - ok

18:17:22.0781 3008 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:17:22.0843 3008 ini910u - ok

18:17:22.0843 3008 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:17:22.0859 3008 IntelIde - ok

18:17:22.0906 3008 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:17:22.0937 3008 intelppm - ok

18:17:22.0968 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:17:23.0031 3008 Ip6Fw - ok

18:17:23.0046 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:17:23.0093 3008 IpFilterDriver - ok

18:17:23.0109 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:17:23.0156 3008 IpInIp - ok

18:17:23.0203 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:17:23.0250 3008 IpNat - ok

18:17:23.0375 3008 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program\iPod\bin\iPodService.exe

18:17:23.0609 3008 iPod Service - ok

18:17:23.0640 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:17:23.0687 3008 IPSec - ok

18:17:23.0718 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:17:23.0750 3008 IRENUM - ok

18:17:23.0781 3008 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:17:23.0812 3008 isapnp - ok

18:17:23.0953 3008 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

18:17:24.0015 3008 JavaQuickStarterService - ok

18:17:24.0062 3008 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:17:24.0093 3008 Kbdclass - ok

18:17:24.0093 3008 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:17:24.0140 3008 kbdhid - ok

18:17:24.0171 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:17:24.0203 3008 kmixer - ok

18:17:24.0234 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:17:24.0281 3008 KSecDD - ok

18:17:24.0296 3008 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

18:17:24.0343 3008 L8042Kbd - ok

18:17:24.0375 3008 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

18:17:24.0421 3008 L8042mou - ok

18:17:24.0437 3008 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll

18:17:24.0484 3008 lanmanserver - ok

18:17:24.0515 3008 lanmanworkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll

18:17:24.0562 3008 lanmanworkstation - ok

18:17:24.0562 3008 lbrtfdc - ok

18:17:24.0625 3008 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll

18:17:24.0656 3008 LmHosts - ok

18:17:24.0687 3008 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

18:17:24.0718 3008 LMouKE - ok

18:17:24.0750 3008 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\WINDOWS\system32\drivers\LUMDriver.sys

18:17:24.0781 3008 LUMDriver - ok

18:17:24.0937 3008 MDM (f95a44992948074d564d38efcae4f5c4) C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

18:17:25.0093 3008 MDM - ok

18:17:25.0125 3008 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll

18:17:25.0171 3008 Messenger - ok

18:17:25.0203 3008 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys

18:17:25.0265 3008 MidiSyn - ok

18:17:25.0312 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:17:25.0343 3008 mnmdd - ok

18:17:25.0359 3008 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe

18:17:25.0406 3008 mnmsrvc - ok

18:17:25.0421 3008 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

18:17:25.0453 3008 Modem - ok

18:17:25.0484 3008 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:17:25.0515 3008 Mouclass - ok

18:17:25.0562 3008 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:17:25.0609 3008 mouhid - ok

18:17:25.0640 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:17:25.0687 3008 MountMgr - ok

18:17:25.0687 3008 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:17:25.0734 3008 mraid35x - ok

18:17:25.0781 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:17:25.0828 3008 MRxDAV - ok

18:17:25.0875 3008 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:17:25.0937 3008 MRxSmb - ok

18:17:25.0968 3008 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe

18:17:26.0015 3008 MSDTC - ok

18:17:26.0031 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:17:26.0062 3008 Msfs - ok

18:17:26.0062 3008 MSICPL - ok

18:17:26.0062 3008 MSIServer - ok

18:17:26.0093 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:17:26.0125 3008 MSKSSRV - ok

18:17:26.0140 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:17:26.0171 3008 MSPCLOCK - ok

18:17:26.0187 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:17:26.0234 3008 MSPQM - ok

18:17:26.0250 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:17:26.0296 3008 mssmbios - ok

18:17:26.0312 3008 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:17:26.0343 3008 MSTEE - ok

18:17:26.0375 3008 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:17:26.0406 3008 Mup - ok

18:17:26.0437 3008 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:17:26.0500 3008 NABTSFEC - ok

18:17:26.0562 3008 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll

18:17:26.0718 3008 napagent - ok

18:17:27.0109 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:17:27.0218 3008 NDIS - ok

18:17:27.0250 3008 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:17:27.0281 3008 NdisIP - ok

18:17:27.0453 3008 Ndiskio (725123f7aebfef717e3f26b25b149d7a) C:\Program\Norman\Nse\Bin\NDISKIO.SYS

18:17:27.0484 3008 Ndiskio - ok

18:17:27.0546 3008 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:17:27.0578 3008 NdisTapi - ok

18:17:27.0625 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:17:27.0640 3008 Ndisuio - ok

18:17:27.0671 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:17:27.0718 3008 NdisWan - ok

18:17:27.0750 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:17:27.0781 3008 NDProxy - ok

18:17:27.0828 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:17:27.0890 3008 NetBIOS - ok

18:17:27.0937 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:17:28.0000 3008 NetBT - ok

18:17:28.0031 3008 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe

18:17:28.0203 3008 NetDDE - ok

18:17:28.0203 3008 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe

18:17:28.0203 3008 NetDDEdsdm - ok

18:17:28.0250 3008 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe

18:17:28.0296 3008 Netlogon - ok

18:17:28.0343 3008 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll

18:17:28.0390 3008 Netman - ok

18:17:28.0500 3008 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:17:28.0500 3008 NetTcpPortSharing - ok

18:17:28.0593 3008 NGS (0d439f6337adc15b1393060d108ca8d8) c:\program\norman\ngs\bin\ngs.sys

18:17:28.0625 3008 NGS - ok

18:17:28.0765 3008 NHS (af6af4685fba9ef80589b688c231cbaa) C:\Program\Norman\Nvc\bin\nhs.exe

18:17:28.0984 3008 NHS - ok

18:17:29.0031 3008 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll

18:17:29.0046 3008 Nla - ok

18:17:29.0187 3008 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

18:17:29.0187 3008 nmservice - ok

18:17:29.0250 3008 nnetsec (a22f51bc86ac93a69163b5a296aa0ef0) C:\WINDOWS\system32\DRIVERS\nnetsec.sys

18:17:29.0281 3008 nnetsec - ok

18:17:29.0390 3008 NNetSecC (7ff3cf57660e17b928d78d8f086e9912) C:\Program\Norman\ngs\bin\nnetsecc.sys

18:17:29.0453 3008 NNetSecC - ok

18:17:29.0515 3008 NNFSVC (efb8638c018cd428b9dd78b7f89e2faf) C:\Program\Norman\Ngs\Bin\Nnf.exe

18:17:29.0687 3008 NNFSVC - ok

18:17:29.0750 3008 Norman NJeeves (c4d2d678f08f11f0edb3bb4e89ce2b7a) C:\Program\Norman\Npm\Bin\Njeeves.exe

18:17:29.0921 3008 Norman NJeeves - ok

18:17:29.0984 3008 Norman ZANDA (88ca218696cf13b260db003787ab65ae) C:\Program\Norman\Npm\Bin\Zanda.exe

18:17:29.0984 3008 Norman ZANDA - ok

18:17:30.0046 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:17:30.0078 3008 Npfs - ok

18:17:30.0140 3008 NPFSvc32 (6b4345ba4059d72026d3b530f6a675a5) C:\Program\Norman\npf\bin\npfsvc32.exe

18:17:30.0156 3008 NPFSvc32 - ok

18:17:30.0218 3008 NPROSEC (0fddfe0cf41b5eb87689e465e34ddd18) C:\Program\Norman\Ngs\Bin\nprosec.sys

18:17:30.0281 3008 NPROSEC - ok

18:17:30.0343 3008 NPROSECSVC (a7c274dab79d0f50bd4202a678684a71) C:\Program\Norman\Ngs\Bin\Nprosec.exe

18:17:30.0515 3008 NPROSECSVC - ok

18:17:30.0562 3008 nregsec (82a058999d0cfb5c285fc22856e235c2) C:\Program\Norman\Ngs\Bin\nregsec.sys

18:17:30.0625 3008 nregsec - ok

18:17:30.0687 3008 nsesvc (9cda7f164e8149dcf3f28ccf5db3cf4d) C:\Program\Norman\Nse\Bin\NSESVC.EXE

18:17:30.0890 3008 nsesvc - ok

18:17:30.0890 3008 NTACCESS - ok

18:17:30.0968 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:17:31.0046 3008 Ntfs - ok

18:17:31.0093 3008 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe

18:17:31.0093 3008 NtLmSsp - ok

18:17:31.0156 3008 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll

18:17:31.0234 3008 NtmsSvc - ok

18:17:31.0281 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:17:31.0312 3008 Null - ok

18:17:31.0562 3008 nv (6f6f92603a4311a466f0241e8ef951fb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:17:31.0796 3008 nv - ok

18:17:32.0000 3008 NvcMFlt (1e41d6ea5dd8799ba0d442b1d73f4060) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys

18:17:32.0031 3008 NvcMFlt - ok

18:17:32.0218 3008 nvcoas (ff04b683f1260468789804c95077e1d4) C:\Program\Norman\Nvc\Bin\nvcoas.exe

18:17:32.0218 3008 nvcoas - ok

18:17:32.0281 3008 NVOY (98cdb972fd946b904cd1c6d5ecf2e878) C:\Program\Norman\npm\bin\nvoy.exe

18:17:32.0406 3008 NVOY - ok

18:17:32.0453 3008 NVSvc (fb028320103b37ebbc683ea3afa507cb) C:\WINDOWS\system32\nvsvc32.exe

18:17:32.0578 3008 NVSvc - ok

18:17:32.0593 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:17:32.0640 3008 NwlnkFlt - ok

18:17:32.0671 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:17:32.0703 3008 NwlnkFwd - ok

18:17:32.0750 3008 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys

18:17:32.0812 3008 Parport - ok

18:17:32.0843 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:17:32.0890 3008 PartMgr - ok

18:17:32.0906 3008 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

18:17:32.0937 3008 ParVdm - ok

18:17:32.0953 3008 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

18:17:32.0984 3008 PCI - ok

18:17:33.0000 3008 PCIDump - ok

18:17:33.0031 3008 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:17:33.0062 3008 PCIIde - ok

18:17:33.0109 3008 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:17:33.0156 3008 Pcmcia - ok

18:17:33.0171 3008 PDCOMP - ok

18:17:33.0171 3008 PDFRAME - ok

18:17:33.0171 3008 PDRELI - ok

18:17:33.0187 3008 PDRFRAME - ok

18:17:33.0187 3008 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:17:33.0234 3008 perc2 - ok

18:17:33.0250 3008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:17:33.0281 3008 perc2hib - ok

18:17:33.0343 3008 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe

18:17:33.0343 3008 PlugPlay - ok

18:17:33.0390 3008 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys

18:17:33.0437 3008 pnarp - ok

18:17:33.0500 3008 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe

18:17:33.0500 3008 PolicyAgent - ok

18:17:33.0546 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:17:33.0593 3008 PptpMiniport - ok

18:17:33.0625 3008 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys

18:17:33.0687 3008 Processor - ok

18:17:33.0687 3008 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe

18:17:33.0687 3008 ProtectedStorage - ok

18:17:33.0703 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:17:33.0765 3008 PSched - ok

18:17:33.0781 3008 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

18:17:33.0812 3008 PSI - ok

18:17:33.0828 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:17:33.0875 3008 Ptilink - ok

18:17:33.0890 3008 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys

18:17:33.0921 3008 purendis - ok

18:17:33.0953 3008 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:17:34.0000 3008 PxHelp20 - ok

18:17:34.0000 3008 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:17:34.0062 3008 ql1080 - ok

18:17:34.0062 3008 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:17:34.0109 3008 Ql10wnt - ok

18:17:34.0125 3008 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:17:34.0171 3008 ql12160 - ok

18:17:34.0187 3008 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:17:34.0218 3008 ql1240 - ok

18:17:34.0234 3008 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:17:34.0281 3008 ql1280 - ok

18:17:34.0296 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:17:34.0328 3008 RasAcd - ok

18:17:34.0375 3008 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll

18:17:34.0406 3008 RasAuto - ok

18:17:34.0437 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:17:34.0500 3008 Rasl2tp - ok

18:17:34.0546 3008 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll

18:17:34.0593 3008 RasMan - ok

18:17:34.0625 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:17:34.0687 3008 RasPppoe - ok

18:17:34.0718 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:17:34.0750 3008 Raspti - ok

18:17:34.0796 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:17:34.0859 3008 Rdbss - ok

18:17:34.0875 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:17:34.0906 3008 RDPCDD - ok

18:17:34.0953 3008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:17:35.0015 3008 rdpdr - ok

18:17:35.0078 3008 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:17:35.0140 3008 RDPWD - ok

18:17:35.0171 3008 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe

18:17:35.0312 3008 RDSessMgr - ok

18:17:35.0343 3008 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:17:35.0390 3008 redbook - ok

18:17:35.0406 3008 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll

18:17:35.0437 3008 RemoteAccess - ok

18:17:35.0500 3008 RemoteRegistry (66bc81fea0c86632255b696a69ba9827) C:\WINDOWS\system32\regsvc.dll

18:17:35.0531 3008 RemoteRegistry - ok

18:17:35.0562 3008 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe

18:17:35.0656 3008 RpcLocator - ok

18:17:35.0718 3008 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\System32\rpcss.dll

18:17:35.0734 3008 RpcSs - ok

18:17:35.0765 3008 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe

18:17:35.0875 3008 RSVP - ok

18:17:35.0937 3008 rt2870 (19a0b57164830df3c699e3cc93f68e37) C:\WINDOWS\system32\DRIVERS\rt2870.sys

18:17:36.0015 3008 rt2870 - ok

18:17:36.0046 3008 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

18:17:36.0093 3008 RTL8023xp - ok

18:17:36.0140 3008 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe

18:17:36.0140 3008 SamSs - ok

18:17:36.0140 3008 SANDRA - ok

18:17:36.0187 3008 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe

18:17:36.0296 3008 SCardSvr - ok

18:17:36.0343 3008 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll

18:17:36.0484 3008 Schedule - ok

18:17:36.0609 3008 Scheduler (5fd85727e19476c24acb8e7bffbce26c) C:\Program\Norman\Npm\Bin\scheduler.exe

18:17:36.0609 3008 Scheduler - ok

18:17:36.0656 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:17:36.0703 3008 Secdrv - ok

18:17:36.0937 3008 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll

18:17:36.0984 3008 seclogon - ok

18:17:37.0000 3008 Secunia PSI Agent - ok

18:17:37.0015 3008 Secunia Update Agent - ok

18:17:37.0187 3008 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys

18:17:37.0250 3008 senfilt - ok

18:17:37.0296 3008 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll

18:17:37.0296 3008 SENS - ok

18:17:37.0328 3008 Sentinel (da17773297995d1135dfd1aceef07d58) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

18:17:37.0390 3008 Sentinel - ok

18:17:37.0421 3008 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:17:37.0437 3008 Serenum - ok

18:17:37.0500 3008 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys

18:17:37.0546 3008 Serial - ok

18:17:37.0562 3008 SetupNTGLM7X - ok

18:17:37.0578 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:17:37.0625 3008 Sfloppy - ok

18:17:37.0671 3008 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll

18:17:37.0765 3008 SharedAccess - ok

18:17:37.0828 3008 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll

18:17:37.0828 3008 ShellHWDetection - ok

18:17:37.0828 3008 Simbad - ok

18:17:37.0875 3008 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:17:37.0906 3008 sisagp - ok

18:17:37.0937 3008 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:17:37.0968 3008 SLIP - ok

18:17:38.0031 3008 smwdm (db74141bbcbe8f22acfb53215e8af0d1) C:\WINDOWS\system32\drivers\smwdm.sys

18:17:38.0171 3008 smwdm - ok

18:17:38.0187 3008 Sntnlusb (cff0eb1647b02e074be154dc03e02928) C:\WINDOWS\System32\Drivers\SNTNLUSB.SYS

18:17:38.0234 3008 Sntnlusb - ok

18:17:38.0312 3008 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program\Analog Devices\SoundMAX\SMAgent.exe

18:17:38.0328 3008 SoundMAX Agent Service (default) - ok

18:17:38.0343 3008 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:17:38.0390 3008 Sparrow - ok

18:17:38.0437 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:17:38.0468 3008 splitter - ok

18:17:38.0515 3008 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:17:38.0640 3008 Spooler - ok

18:17:38.0671 3008 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

18:17:38.0687 3008 sr - ok

18:17:38.0750 3008 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll

18:17:38.0796 3008 srservice - ok

18:17:38.0875 3008 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:17:38.0953 3008 Srv - ok

18:17:39.0000 3008 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll

18:17:39.0046 3008 SSDPSRV - ok

18:17:39.0093 3008 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll

18:17:39.0140 3008 stisvc - ok

18:17:39.0171 3008 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:17:39.0203 3008 streamip - ok

18:17:39.0250 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:17:39.0281 3008 swenum - ok

18:17:39.0328 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:17:39.0375 3008 swmidi - ok

18:17:39.0375 3008 SwPrv - ok

18:17:39.0390 3008 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:17:39.0453 3008 symc810 - ok

18:17:39.0453 3008 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:17:39.0500 3008 symc8xx - ok

18:17:39.0515 3008 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:17:39.0562 3008 sym_hi - ok

18:17:39.0562 3008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:17:39.0625 3008 sym_u3 - ok

18:17:39.0656 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:17:39.0687 3008 sysaudio - ok

18:17:39.0718 3008 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe

18:17:39.0796 3008 SysmonLog - ok

18:17:39.0828 3008 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll

18:17:39.0875 3008 TapiSrv - ok

18:17:39.0937 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:17:40.0000 3008 Tcpip - ok

18:17:40.0062 3008 tdi_nf (15b59a42b169a137b5f05d6644091c94) C:\WINDOWS\system32\drivers\tdi_nf.sys

18:17:40.0125 3008 tdi_nf - ok

18:17:40.0140 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:17:40.0171 3008 TDPIPE - ok

18:17:40.0187 3008 TdsNordecr (45fe2294261ff05aa986cdc757e7b524) C:\WINDOWS\system32\DRIVERS\nordecr.sys

18:17:40.0234 3008 TdsNordecr - ok

18:17:40.0250 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:17:40.0296 3008 TDTCP - ok

18:17:40.0328 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:17:40.0359 3008 TermDD - ok

18:17:40.0406 3008 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll

18:17:40.0453 3008 TermService - ok

18:17:40.0500 3008 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll

18:17:40.0500 3008 Themes - ok

18:17:40.0546 3008 TlntSvr (cc4c1aae22088304c715ac9d26f2d4c1) C:\WINDOWS\system32\tlntsvr.exe

18:17:40.0656 3008 TlntSvr - ok

18:17:40.0703 3008 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys

18:17:40.0750 3008 TosIde - ok

18:17:40.0796 3008 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll

18:17:40.0843 3008 TrkWks - ok

18:17:40.0875 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:17:40.0906 3008 Udfs - ok

18:17:40.0937 3008 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:17:40.0984 3008 ultra - ok

18:17:41.0046 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:17:41.0093 3008 Update - ok

18:17:41.0156 3008 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll

18:17:41.0203 3008 upnphost - ok

18:17:41.0234 3008 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe

18:17:41.0281 3008 UPS - ok

18:17:41.0312 3008 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:17:41.0375 3008 USBAAPL - ok

18:17:41.0421 3008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:17:41.0453 3008 usbccgp - ok

18:17:41.0468 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:17:41.0515 3008 usbehci - ok

18:17:41.0531 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:17:41.0562 3008 usbhub - ok

18:17:41.0578 3008 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:17:41.0625 3008 usbprint - ok

18:17:41.0656 3008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:17:41.0687 3008 usbscan - ok

18:17:41.0718 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:17:41.0765 3008 USBSTOR - ok

18:17:41.0812 3008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:17:41.0859 3008 usbuhci - ok

18:17:41.0859 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:17:41.0906 3008 VgaSave - ok

18:17:41.0937 3008 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:17:41.0984 3008 viaagp - ok

18:17:42.0000 3008 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:17:42.0015 3008 ViaIde - ok

18:17:42.0046 3008 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

18:17:42.0062 3008 VolSnap - ok

18:17:42.0109 3008 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe

18:17:42.0218 3008 VSS - ok

18:17:42.0265 3008 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll

18:17:42.0296 3008 W32Time - ok

18:17:42.0343 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:17:42.0390 3008 Wanarp - ok

18:17:42.0390 3008 WDICA - ok

18:17:42.0437 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:17:42.0468 3008 wdmaud - ok

18:17:42.0515 3008 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll

18:17:42.0546 3008 WebClient - ok

18:17:42.0640 3008 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:17:42.0734 3008 winmgmt - ok

18:17:42.0781 3008 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

18:17:42.0828 3008 WmdmPmSN - ok

18:17:42.0906 3008 Wmi (b5ff0001533be01dfbd995d7a60a7daa) C:\WINDOWS\System32\advapi32.dll

18:17:42.0921 3008 Wmi - ok

18:17:42.0953 3008 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:17:43.0062 3008 WmiApSrv - ok

18:17:43.0234 3008 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe

18:17:43.0250 3008 WMPNetworkSvc - ok

18:17:43.0343 3008 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:17:43.0375 3008 WS2IFSL - ok

18:17:43.0421 3008 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll

18:17:43.0468 3008 wscsvc - ok

18:17:43.0500 3008 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:17:43.0546 3008 WSTCODEC - ok

18:17:43.0578 3008 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll

18:17:43.0609 3008 wuauserv - ok

18:17:43.0640 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:17:43.0687 3008 WudfPf - ok

18:17:43.0703 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:17:43.0781 3008 WudfRd - ok

18:17:43.0812 3008 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

18:17:43.0859 3008 WudfSvc - ok

18:17:44.0078 3008 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll

18:17:44.0140 3008 WZCSVC - ok

18:17:44.0171 3008 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll

18:17:44.0234 3008 xmlprov - ok

18:17:44.0390 3008 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe

18:17:44.0390 3008 YahooAUService - ok

18:17:44.0437 3008 MBR (0x1B8) (27bdc332fc9476d82119d130d4c85957) \Device\Harddisk0\DR0

18:17:44.0484 3008 \Device\Harddisk0\DR0 - ok

18:17:44.0484 3008 Boot (0x1200) (4615a016a3bbf18916dd23f80971220c) \Device\Harddisk0\DR0\Partition0

18:17:44.0484 3008 \Device\Harddisk0\DR0\Partition0 - ok

18:17:44.0484 3008 ============================================================

18:17:44.0484 3008 Scan finished

18:17:44.0484 3008 ============================================================

18:17:44.0500 6012 Detected object count: 0

18:17:44.0500 6012 Actual detected object count: 0

18:19:15.0468 5864 Deinitialize success

 

 

 

 

 

 

 

 

 

 

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-06 18:30:28

-----------------------------

18:30:28.125 OS Version: Windows 5.1.2600 Service Pack 3

18:30:28.125 Number of processors: 2 586 0x403

18:30:28.140 ComputerName: TOMAS UserName:

18:30:29.046 Initialize success

18:30:39.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10

18:30:39.203 Disk 0 Vendor: SAMSUNG_SP2504C VT100-33 Size: 238475MB BusType: 3

18:30:39.218 Disk 0 MBR read successfully

18:30:39.218 Disk 0 MBR scan

18:30:39.218 Disk 0 unknown MBR code

18:30:39.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 233570 MB offset 10040625

18:30:39.250 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 4902 MB offset 63

18:30:39.250 Disk 0 scanning sectors +488392065

18:30:39.328 Disk 0 scanning C:\WINDOWS\system32\drivers

18:30:47.906 Service scanning

18:30:51.484 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21

18:30:53.343 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21

18:30:55.031 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21

18:30:56.875 Service SANDRA D:\SANDRA.sys **LOCKED** 21

18:30:57.453 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21

18:31:00.890 Modules scanning

18:31:20.296 Module: C:\WINDOWS\system32\drivers\hardlock.sys **SUSPICIOUS**

18:31:35.921 Disk 0 trace - called modules:

18:31:35.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

18:31:35.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6feab8]

18:31:35.953 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8a7da5b0]

18:31:35.953 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a700940]

18:31:35.953 Scan finished successfully

18:33:53.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tomas Stenlund\Skrivbord\MBR.dat"

18:33:53.687 The log file has been saved successfully to "C:\Documents and Settings\Tomas Stenlund\Skrivbord\aswMBR.txt"

Länk till kommentar
Dela på andra webbplatser

Båda ser bra ut. Jag hittade ett exempel på internet där Norman hade visat samma trojan-beskrivning och i den tråden kom de fram till att Norman reagerade på ComboFix. Du får avinstallera ComboFix och så kan du söka igenom med Norman under natten (helst utan den externa hårddisken) så får vi se om Norman hittar något då. Se till att Norman är uppdaterad också.

 

1. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

 

Observera att det är ett mellanrum före /

Klicka på OK.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://www.geekstogo.com/forum/files/download/403-otc-oldtimers-clean-it/

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det finns gamla programversioner i datorn med kända säkerhetshål och det gör det väldigt lätt att infektera datorn från en webbsida. Secunias program på länken ovan är bra på att hitta dessa gamla osäkra program så använd det.

Länk till kommentar
Dela på andra webbplatser

Hej igen,

 

Den där länken till OTC verkar inte funka för det kommer bara upp ett felmeddelande.

Länk till kommentar
Dela på andra webbplatser

Okej, så Norman anser att Google Chrome har använts för att ladda ner ett rootkit. Du har använt två program för att söka efter aktiva rootkit i datorn utan att hitta något. Vet du hur man tömmer cachen (tillfälliga filer) i Chrome?

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=078f50ecbee3e14dae1610092d4e342e

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-01-31 11:50:31

# local_time=2012-01-31 12:50:31 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5378 16777189 100 93 4818 103233099 0 0

# compatibility_mode=8192 67108863 100 0 3731 3731 0 0

# scanned=436332

# found=2

# cleaned=0

# scan_time=12672

C:\System Volume Information\_restore{592A3F05-6A58-4395-BDE2-24F5FE0238D7}\RP1933\A0264463.exe a variant of Win32/Kryptik.YVV trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{592A3F05-6A58-4395-BDE2-24F5FE0238D7}\RP1937\A0266554.exe Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=078f50ecbee3e14dae1610092d4e342e

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-07-09 05:28:44

# local_time=2012-07-09 07:28:44 (+0100, Västeuropa, sommartid)

# country="Sweden"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5378 16777190 100 91 1922 117078870 0 0

# compatibility_mode=8192 67108863 100 0 13849502 13849502 0 0

# scanned=429413

# found=0

# cleaned=0

# scan_time=11194

Länk till kommentar
Dela på andra webbplatser

Den första halvan av loggen är från i januari så inget hittades denna gången. Jag tycker det verkar som att din dator är ren.

 

Har du kört Secunias program eller på annat sätt kontrollerat att du bara har uppdaterade program i datorn?

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...