Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torpig in home network


  • This topic is locked This topic is locked
23 replies to this topic

#1 Frank Sovik

Frank Sovik

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 12:44 PM

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_37
Run by bruker at 18:41:26 on 2012-11-11
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1916.1232 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Programfiler\Microsoft Security Client\MsMpEng.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programfiler\Atheros\ACU.exe
C:\Programfiler\Camera Assistant Software for Toshiba\traybar.exe
C:\windows\RTHDCPL.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programfiler\Microsoft Security Client\msseces.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Microsoft ActiveSync\wcescomm.exe
C:\Programfiler\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programfiler\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\bruker\Programdata\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programfiler\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\TeamViewer\Version7\TeamViewer_Service.exe
C:\Programfiler\TomTom HOME 2\TomTomHOMEService.exe
C:\Programfiler\TeamViewer\Version7\TeamViewer.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\TeamViewer\Version7\tv_w32.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startsiden.no/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programfiler\windows live\messenger\msnmsgr.exe" /background
uRun: [H/PC Connection Agent] "c:\programfiler\microsoft activesync\wcescomm.exe"
uRun: [TomTomHOME.exe] "c:\programfiler\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [WMPNSCFG] c:\programfiler\windows media player\WMPNSCFG.exe
uRun: [Spotify Web Helper] "c:\programfiler\spotify\data\SpotifyWebHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ACU] c:\programfiler\atheros\ACU.exe -nogui
mRun: [Camera Assistant Software] "c:\programfiler\camera assistant software for toshiba\traybar.exe" /start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\programfiler\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\programfiler\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\felles~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\bruker\start-~1\progra~1\oppstart\dropbox.lnk - c:\documents and settings\bruker\programdata\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programfiler\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programfiler\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{67E9B9E4-182F-417E-A60C-C1AFEABC7B83} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFA4DA84-1C7E-487D-8880-F6915AD97858} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bruker\programdata\mozilla\firefox\profiles\l0zpueq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/
FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p=
FF - plugin: c:\documents and settings\bruker\programdata\mozilla\firefox\profiles\l0zpueq1.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\programfiler\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programfiler\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programfiler\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programfiler\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\programfiler\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-10 22:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programfiler\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-07 13:08; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programfiler\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R2 TeamViewer7;TeamViewer 7;c:\programfiler\teamviewer\version7\TeamViewer_Service.exe [2012-11-7 2848168]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys --> c:\windows\system32\drivers\usbaapl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
.
=============== Created Last 30 ================
.
2012-11-11 16:32:13 6918632 ----a-w- c:\documents and settings\all users\programdata\microsoft\microsoft antimalware\definition updates\{ccdea216-0bef-4310-87c8-f5fbbbfc56fe}\mpengine.dll
2012-11-07 12:11:09 6918632 ------w- c:\documents and settings\all users\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-10-10 22:17:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 22:17:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 14:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 20:33:46 666624 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:33:45 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 13:53:44 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27:32 2194688 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:32 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 18:43:16,95 ===============

BC AdBot (Login to Remove)

 


#2 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 12:45 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02.03.2009 11:50:49
System Uptime: 11.11.2012 18:34:03 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Genuine Intel® CPU 585 @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 94,45 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP1312: 10.10.2012 22:10:51 - Software Distribution Service 3.0
RP1313: 10.10.2012 22:15:06 - Installed Java™ 6 Update 35
RP1314: 11.10.2012 11:00:37 - Software Distribution Service 3.0
RP1315: 12.10.2012 11:12:21 - Software Distribution Service 3.0
RP1316: 13.10.2012 11:11:47 - Software Distribution Service 3.0
RP1317: 14.10.2012 01:49:44 - Software Distribution Service 3.0
RP1318: 14.10.2012 11:10:53 - Software Distribution Service 3.0
RP1319: 15.10.2012 11:11:49 - Software Distribution Service 3.0
RP1320: 07.11.2012 13:06:37 - Installed Java™ 6 Update 37
RP1321: 07.11.2012 13:11:19 - Software Distribution Service 3.0
RP1322: 11.11.2012 17:32:09 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 - Norsk
Advertising Center
Atheros Client Utility
Atheros for Acer Driver v7.6.1.184_Foxconn Installation Program
Camera Assistant Software for Toshiba
CCleaner
Compatibility Pack for the 2007 Office system
DocProc
DocProcQFolder
DolbyFiles
Dropbox
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjon for Windows XP (KB2158563)
Hurtigreparasjon for Windows XP (KB2443685)
Hurtigreparasjon for Windows XP (KB2570791)
Hurtigreparasjon for Windows XP (KB2633952)
Hurtigreparasjon for Windows XP (KB2756822)
Hurtigreparasjon for Windows XP (KB952287)
Hurtigreparasjon for Windows XP (KB961118)
Hurtigreparasjon for Windows XP (KB970653-v3)
Hurtigreparasjon for Windows XP (KB976098-v2)
Hurtigreparasjon for Windows XP (KB979306)
Hurtigreparasjon for Windows XP (KB981793)
ImagXpress
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 37
Junk Mail filter update
Kritisk oppdatering for Windows Media Player 11 (KB959772)
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.5 Language Pack SP1 - nor
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware Service NB-NO Language Pack
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider-pakke
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Client NB-NO Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Movie Templates - Starter Kit
Mozilla Firefox 14.0.1 (x86 nb-NO)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
Operatør konfigurator
Oppdatering for Microsoft Windows (KB971513)
Oppdatering for Windows XP (KB2141007)
Oppdatering for Windows XP (KB2345886)
Oppdatering for Windows XP (KB2467659)
Oppdatering for Windows XP (KB2541763)
Oppdatering for Windows XP (KB2607712)
Oppdatering for Windows XP (KB2616676)
Oppdatering for Windows XP (KB2641690)
Oppdatering for Windows XP (KB2661254-v2)
Oppdatering for Windows XP (KB2718704)
Oppdatering for Windows XP (KB2736233)
Oppdatering for Windows XP (KB2749655)
Oppdatering for Windows XP (KB943729)
Oppdatering for Windows XP (KB951978)
Oppdatering for Windows XP (KB955759)
Oppdatering for Windows XP (KB955839)
Oppdatering for Windows XP (KB961503)
Oppdatering for Windows XP (KB967715)
Oppdatering for Windows XP (KB968389)
Oppdatering for Windows XP (KB971029)
Oppdatering for Windows XP (KB971737)
Oppdatering for Windows XP (KB973687)
Oppdatering for Windows XP (KB973815)
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Search 4 - KB963093
Sikkerhetsoppdatering for Microsoft Windows (KB2564958)
Sikkerhetsoppdatering for Windows Media Player (KB2378111)
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player (KB954155)
Sikkerhetsoppdatering for Windows Media Player (KB968816)
Sikkerhetsoppdatering for Windows Media Player (KB973540)
Sikkerhetsoppdatering for Windows Media Player (KB975558)
Sikkerhetsoppdatering for Windows Media Player (KB978695)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)
Sikkerhetsoppdatering for Windows XP (KB2079403)
Sikkerhetsoppdatering for Windows XP (KB2115168)
Sikkerhetsoppdatering for Windows XP (KB2121546)
Sikkerhetsoppdatering for Windows XP (KB2160329)
Sikkerhetsoppdatering for Windows XP (KB2229593)
Sikkerhetsoppdatering for Windows XP (KB2259922)
Sikkerhetsoppdatering for Windows XP (KB2279986)
Sikkerhetsoppdatering for Windows XP (KB2286198)
Sikkerhetsoppdatering for Windows XP (KB2296011)
Sikkerhetsoppdatering for Windows XP (KB2296199)
Sikkerhetsoppdatering for Windows XP (KB2347290)
Sikkerhetsoppdatering for Windows XP (KB2360131)
Sikkerhetsoppdatering for Windows XP (KB2360937)
Sikkerhetsoppdatering for Windows XP (KB2387149)
Sikkerhetsoppdatering for Windows XP (KB2393802)
Sikkerhetsoppdatering for Windows XP (KB2412687)
Sikkerhetsoppdatering for Windows XP (KB2416400)
Sikkerhetsoppdatering for Windows XP (KB2419632)
Sikkerhetsoppdatering for Windows XP (KB2423089)
Sikkerhetsoppdatering for Windows XP (KB2436673)
Sikkerhetsoppdatering for Windows XP (KB2440591)
Sikkerhetsoppdatering for Windows XP (KB2443105)
Sikkerhetsoppdatering for Windows XP (KB2476490)
Sikkerhetsoppdatering for Windows XP (KB2476687)
Sikkerhetsoppdatering for Windows XP (KB2478960)
Sikkerhetsoppdatering for Windows XP (KB2478971)
Sikkerhetsoppdatering for Windows XP (KB2479628)
Sikkerhetsoppdatering for Windows XP (KB2479943)
Sikkerhetsoppdatering for Windows XP (KB2481109)
Sikkerhetsoppdatering for Windows XP (KB2483185)
Sikkerhetsoppdatering for Windows XP (KB2485376)
Sikkerhetsoppdatering for Windows XP (KB2485663)
Sikkerhetsoppdatering for Windows XP (KB2503658)
Sikkerhetsoppdatering for Windows XP (KB2503665)
Sikkerhetsoppdatering for Windows XP (KB2506212)
Sikkerhetsoppdatering for Windows XP (KB2506223)
Sikkerhetsoppdatering for Windows XP (KB2507618)
Sikkerhetsoppdatering for Windows XP (KB2507938)
Sikkerhetsoppdatering for Windows XP (KB2508272)
Sikkerhetsoppdatering for Windows XP (KB2508429)
Sikkerhetsoppdatering for Windows XP (KB2509553)
Sikkerhetsoppdatering for Windows XP (KB2510581)
Sikkerhetsoppdatering for Windows XP (KB2511455)
Sikkerhetsoppdatering for Windows XP (KB2524375)
Sikkerhetsoppdatering for Windows XP (KB2535512)
Sikkerhetsoppdatering for Windows XP (KB2536276-v2)
Sikkerhetsoppdatering for Windows XP (KB2536276)
Sikkerhetsoppdatering for Windows XP (KB2544521)
Sikkerhetsoppdatering for Windows XP (KB2544893-v2)
Sikkerhetsoppdatering for Windows XP (KB2544893)
Sikkerhetsoppdatering for Windows XP (KB2555917)
Sikkerhetsoppdatering for Windows XP (KB2562937)
Sikkerhetsoppdatering for Windows XP (KB2566454)
Sikkerhetsoppdatering for Windows XP (KB2567053)
Sikkerhetsoppdatering for Windows XP (KB2567680)
Sikkerhetsoppdatering for Windows XP (KB2570222)
Sikkerhetsoppdatering for Windows XP (KB2570947)
Sikkerhetsoppdatering for Windows XP (KB2584146)
Sikkerhetsoppdatering for Windows XP (KB2585542)
Sikkerhetsoppdatering for Windows XP (KB2592799)
Sikkerhetsoppdatering for Windows XP (KB2598479)
Sikkerhetsoppdatering for Windows XP (KB2603381)
Sikkerhetsoppdatering for Windows XP (KB2618451)
Sikkerhetsoppdatering for Windows XP (KB2619339)
Sikkerhetsoppdatering for Windows XP (KB2620712)
Sikkerhetsoppdatering for Windows XP (KB2621440)
Sikkerhetsoppdatering for Windows XP (KB2624667)
Sikkerhetsoppdatering for Windows XP (KB2631813)
Sikkerhetsoppdatering for Windows XP (KB2633171)
Sikkerhetsoppdatering for Windows XP (KB2639417)
Sikkerhetsoppdatering for Windows XP (KB2641653)
Sikkerhetsoppdatering for Windows XP (KB2646524)
Sikkerhetsoppdatering for Windows XP (KB2647518)
Sikkerhetsoppdatering for Windows XP (KB2653956)
Sikkerhetsoppdatering for Windows XP (KB2655992)
Sikkerhetsoppdatering for Windows XP (KB2659262)
Sikkerhetsoppdatering for Windows XP (KB2660465)
Sikkerhetsoppdatering for Windows XP (KB2661637)
Sikkerhetsoppdatering for Windows XP (KB2675157)
Sikkerhetsoppdatering for Windows XP (KB2676562)
Sikkerhetsoppdatering for Windows XP (KB2685939)
Sikkerhetsoppdatering for Windows XP (KB2686509)
Sikkerhetsoppdatering for Windows XP (KB2691442)
Sikkerhetsoppdatering for Windows XP (KB2695962)
Sikkerhetsoppdatering for Windows XP (KB2698365)
Sikkerhetsoppdatering for Windows XP (KB2699988)
Sikkerhetsoppdatering for Windows XP (KB2705219-v2)
Sikkerhetsoppdatering for Windows XP (KB2707511)
Sikkerhetsoppdatering for Windows XP (KB2709162)
Sikkerhetsoppdatering for Windows XP (KB2712808)
Sikkerhetsoppdatering for Windows XP (KB2718523)
Sikkerhetsoppdatering for Windows XP (KB2719985)
Sikkerhetsoppdatering for Windows XP (KB2723135-v2)
Sikkerhetsoppdatering for Windows XP (KB2724197)
Sikkerhetsoppdatering for Windows XP (KB2731847-v2)
Sikkerhetsoppdatering for Windows XP (KB2744842)
Sikkerhetsoppdatering for Windows XP (KB923561)
Sikkerhetsoppdatering for Windows XP (KB923789)
Sikkerhetsoppdatering for Windows XP (KB938464-v2)
Sikkerhetsoppdatering for Windows XP (KB938464)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951066)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952004)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB954211)
Sikkerhetsoppdatering for Windows XP (KB954459)
Sikkerhetsoppdatering for Windows XP (KB954600)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956572)
Sikkerhetsoppdatering for Windows XP (KB956744)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB956841)
Sikkerhetsoppdatering for Windows XP (KB956844)
Sikkerhetsoppdatering for Windows XP (KB957097)
Sikkerhetsoppdatering for Windows XP (KB958215)
Sikkerhetsoppdatering for Windows XP (KB958644)
Sikkerhetsoppdatering for Windows XP (KB958687)
Sikkerhetsoppdatering for Windows XP (KB958690)
Sikkerhetsoppdatering for Windows XP (KB958869)
Sikkerhetsoppdatering for Windows XP (KB959426)
Sikkerhetsoppdatering for Windows XP (KB960225)
Sikkerhetsoppdatering for Windows XP (KB960714)
Sikkerhetsoppdatering for Windows XP (KB960715)
Sikkerhetsoppdatering for Windows XP (KB960803)
Sikkerhetsoppdatering for Windows XP (KB960859)
Sikkerhetsoppdatering for Windows XP (KB961371)
Sikkerhetsoppdatering for Windows XP (KB961373)
Sikkerhetsoppdatering for Windows XP (KB961501)
Sikkerhetsoppdatering for Windows XP (KB963027)
Sikkerhetsoppdatering for Windows XP (KB968537)
Sikkerhetsoppdatering for Windows XP (KB969059)
Sikkerhetsoppdatering for Windows XP (KB969898)
Sikkerhetsoppdatering for Windows XP (KB969947)
Sikkerhetsoppdatering for Windows XP (KB970238)
Sikkerhetsoppdatering for Windows XP (KB970430)
Sikkerhetsoppdatering for Windows XP (KB971468)
Sikkerhetsoppdatering for Windows XP (KB971486)
Sikkerhetsoppdatering for Windows XP (KB971557)
Sikkerhetsoppdatering for Windows XP (KB971633)
Sikkerhetsoppdatering for Windows XP (KB971657)
Sikkerhetsoppdatering for Windows XP (KB971961)
Sikkerhetsoppdatering for Windows XP (KB972270)
Sikkerhetsoppdatering for Windows XP (KB973346)
Sikkerhetsoppdatering for Windows XP (KB973354)
Sikkerhetsoppdatering for Windows XP (KB973507)
Sikkerhetsoppdatering for Windows XP (KB973525)
Sikkerhetsoppdatering for Windows XP (KB973869)
Sikkerhetsoppdatering for Windows XP (KB973904)
Sikkerhetsoppdatering for Windows XP (KB974112)
Sikkerhetsoppdatering for Windows XP (KB974318)
Sikkerhetsoppdatering for Windows XP (KB974392)
Sikkerhetsoppdatering for Windows XP (KB974571)
Sikkerhetsoppdatering for Windows XP (KB975025)
Sikkerhetsoppdatering for Windows XP (KB975467)
Sikkerhetsoppdatering for Windows XP (KB975560)
Sikkerhetsoppdatering for Windows XP (KB975561)
Sikkerhetsoppdatering for Windows XP (KB975562)
Sikkerhetsoppdatering for Windows XP (KB975713)
Sikkerhetsoppdatering for Windows XP (KB977165)
Sikkerhetsoppdatering for Windows XP (KB977816)
Sikkerhetsoppdatering for Windows XP (KB977914)
Sikkerhetsoppdatering for Windows XP (KB978037)
Sikkerhetsoppdatering for Windows XP (KB978251)
Sikkerhetsoppdatering for Windows XP (KB978262)
Sikkerhetsoppdatering for Windows XP (KB978338)
Sikkerhetsoppdatering for Windows XP (KB978542)
Sikkerhetsoppdatering for Windows XP (KB978601)
Sikkerhetsoppdatering for Windows XP (KB978706)
Sikkerhetsoppdatering for Windows XP (KB979309)
Sikkerhetsoppdatering for Windows XP (KB979482)
Sikkerhetsoppdatering for Windows XP (KB979559)
Sikkerhetsoppdatering for Windows XP (KB979683)
Sikkerhetsoppdatering for Windows XP (KB979687)
Sikkerhetsoppdatering for Windows XP (KB980195)
Sikkerhetsoppdatering for Windows XP (KB980218)
Sikkerhetsoppdatering for Windows XP (KB980232)
Sikkerhetsoppdatering for Windows XP (KB980436)
Sikkerhetsoppdatering for Windows XP (KB981322)
Sikkerhetsoppdatering for Windows XP (KB981349)
Sikkerhetsoppdatering for Windows XP (KB981852)
Sikkerhetsoppdatering for Windows XP (KB981957)
Sikkerhetsoppdatering for Windows XP (KB981997)
Sikkerhetsoppdatering for Windows XP (KB982132)
Sikkerhetsoppdatering for Windows XP (KB982214)
Sikkerhetsoppdatering for Windows XP (KB982665)
Sikkerhetsoppdatering for Windows XP (KB982802)
SoundTrax
Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
Synaptics Pointing Device Driver
TeamViewer 7
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
TOSHIBA Software Modem
TotalAudioConverter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Live Call
Windows Live Essentials
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Mobile-ressurser
Windows XP Service Pack 3
WinRAR archiver
Xerox Phaser 6121MFP
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================

#3 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 01:30 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-11 19:28:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: l2nwhnub.exe; Driver: C:\DOCUME~1\bruker\LOKALE~1\Temp\ugloiuog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\bruker\LOKALE~1\Temp\mbr.sys Systemet finner ikke angitt fil. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programfiler\Mozilla Firefox\firefox.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0117B52A C:\Programfiler\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programfiler\Mozilla Firefox\firefox.exe[1360] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0142B6F5 C:\Programfiler\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programfiler\Mozilla Firefox\firefox.exe[1360] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0142B6D2 C:\Programfiler\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programfiler\Mozilla Firefox\firefox.exe[1360] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0142B653 C:\Programfiler\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programfiler\Camera Assistant Software for Toshiba\CEC_MAIN.exe[1660] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [90]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xFC 0xD3 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x44 0x76 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x33 0xB5 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xFC 0xD3 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x44 0x76 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x33 0xB5 0xF1 ...

---- EOF - GMER 1.0.15 ----

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 11 November 2012 - 01:34 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 01:50 PM

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 19:46:08
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : bruker - FRANK_SKOLE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\bruker\Mine dokumenter\Nedlastinger\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Programdata\AGI

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1385 octets] - [11/11/2012 19:46:08]

########## EOF - C:\AdwCleaner[S1].txt - [1445 octets] ##########

#6 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 01:52 PM

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : bruker [Admin rights]
Mode : Remove -- Date : 11/11/2012 19:51:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
HP001635509730 HP001635509730


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-26VAT0 +++++
--- User ---
[MBR] 3993e57fd6106e2e9014f7927ba46fdf
[BSP] 6866ac8bb176e4c33dec065568485af0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11112012_02d1951.txt >>
RKreport[1]_S_11112012_02d1951.txt ; RKreport[2]_D_11112012_02d1951.txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 11 November 2012 - 02:10 PM

Those reports look good



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 02:28 PM

ComboFix 12-11-10.01 - bruker 11.11.2012 20:20:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1916.1316 [GMT 1:00]
Kjører fra: c:\documents and settings\bruker\Mine dokumenter\Nedlastinger\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-11 til 2012-11-11 )))))))))))))))))))))))))))))))))
.
.
2012-11-11 16:32 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCDEA216-0BEF-4310-87C8-F5FBBBFC56FE}\mpengine.dll
2012-11-07 12:11 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-07 12:09 . 2012-11-07 12:09 -------- d-----w- c:\programfiler\Fellesfiler\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 22:17 . 2012-04-02 07:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 22:17 . 2011-05-30 04:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-06-25 09:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-04-28 08:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-06-25 09:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 20:33 . 2004-08-03 22:03 666624 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:33 . 2004-08-03 19:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:03 . 2010-03-25 20:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 13:53 . 2004-08-03 22:03 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-04 00:58 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-03 21:58 2194688 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-20 04:42 . 2011-12-20 16:10 136672 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Spotify Web Helper"="c:\programfiler\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-28 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-28 141848]
"ACU"="c:\programfiler\Atheros\ACU.exe" [2008-04-14 450648]
"Camera Assistant Software"="c:\programfiler\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-03 16860672]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\programfiler\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\
Dropbox.lnk - c:\documents and settings\bruker\Programdata\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\bruker\\Programdata\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programfiler\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programfiler\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 TeamViewer7;TeamViewer 7;c:\programfiler\TeamViewer\Version7\TeamViewer_Service.exe [07.11.2012 13:03 2848168]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\TomTom HOME 2\TomTomHOMEService.exe [24.06.2010 15:41 92008]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [07.01.2008 09:37 25088]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.03.2009 11:40 717296]
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:17]
.
2012-11-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programfiler\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-11-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\bruker\Programdata\Mozilla\Firefox\Profiles\l0zpueq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/
FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p=
FF - ExtSQL: 2012-10-10 22:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-07 13:08; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-WMPNSCFG - c:\programfiler\Windows Media Player\WMPNSCFG.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ...
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\athgina.dll
.
Tidspunkt ferdig: 2012-11-11 20:26:10
ComboFix-quarantined-files.txt 2012-11-11 19:25
.
Pre-Run: 101 904 261 120 byte ledig
Post-Run: 102 628 843 520 byte ledig
.
- - End Of File - - 0128FB30BE21B964ABD759000345FCFB

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 11 November 2012 - 02:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 03:37 PM

21:36:34.0812 2504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:36:34.0968 2504 ============================================================
21:36:34.0968 2504 Current date / time: 2012/11/11 21:36:34.0968
21:36:34.0968 2504 SystemInfo:
21:36:34.0968 2504
21:36:34.0968 2504 OS Version: 5.1.2600 ServicePack: 3.0
21:36:34.0968 2504 Product type: Workstation
21:36:34.0968 2504 ComputerName: FRANK_SKOLE
21:36:34.0968 2504 UserName: bruker
21:36:34.0968 2504 Windows directory: C:\windows
21:36:34.0968 2504 System windows directory: C:\windows
21:36:34.0968 2504 Processor architecture: Intel x86
21:36:34.0968 2504 Number of processors: 1
21:36:34.0968 2504 Page size: 0x1000
21:36:34.0968 2504 Boot type: Normal boot
21:36:34.0968 2504 ============================================================
21:36:35.0234 2504 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:36:35.0234 2504 ============================================================
21:36:35.0234 2504 \Device\Harddisk0\DR0:
21:36:35.0234 2504 MBR partitions:
21:36:35.0234 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:36:35.0234 2504 ============================================================
21:36:35.0281 2504 C: <-> \Device\Harddisk0\DR0\Partition1
21:36:35.0281 2504 ============================================================
21:36:35.0281 2504 Initialize success
21:36:35.0281 2504 ============================================================
21:36:58.0703 1416 ============================================================
21:36:58.0703 1416 Scan started
21:36:58.0703 1416 Mode: Manual;
21:36:58.0703 1416 ============================================================
21:36:58.0921 1416 ================ Scan system memory ========================
21:36:58.0921 1416 System memory - ok
21:36:58.0921 1416 ================ Scan services =============================
21:36:59.0031 1416 Abiosdsk - ok
21:36:59.0031 1416 abp480n5 - ok
21:36:59.0093 1416 [ 7E3B0F07B0DCB6155FD4EAF4047F0C72 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
21:36:59.0093 1416 ACPI - ok
21:36:59.0125 1416 [ EAB54EA21AB7EA92FB9975C02779080B ] ACPIEC C:\windows\system32\DRIVERS\ACPIEC.sys
21:36:59.0125 1416 ACPIEC - ok
21:36:59.0187 1416 [ 2BAD567DDBA52CC96518B06682E78940 ] ACS C:\WINDOWS\system32\acs.exe
21:36:59.0187 1416 ACS - ok
21:36:59.0265 1416 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:59.0265 1416 AdobeFlashPlayerUpdateSvc - ok
21:36:59.0281 1416 adpu160m - ok
21:36:59.0343 1416 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
21:36:59.0343 1416 aec - ok
21:36:59.0406 1416 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
21:36:59.0406 1416 AFD - ok
21:36:59.0453 1416 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
21:36:59.0453 1416 AgereModemAudio - ok
21:36:59.0515 1416 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
21:36:59.0531 1416 AgereSoftModem - ok
21:36:59.0531 1416 Aha154x - ok
21:36:59.0531 1416 aic78u2 - ok
21:36:59.0546 1416 aic78xx - ok
21:36:59.0593 1416 [ C6D59F08DF319E5E4D2C8D5ADB324F71 ] Alerter C:\windows\system32\alrsvc.dll
21:36:59.0593 1416 Alerter - ok
21:36:59.0625 1416 [ E3915EB1F3D908AE1FDF268E08A45AF6 ] ALG C:\windows\System32\alg.exe
21:36:59.0625 1416 ALG - ok
21:36:59.0625 1416 AliIde - ok
21:36:59.0640 1416 amsint - ok
21:36:59.0687 1416 [ 7920FE96610CB24CE59ADC5667D27858 ] AppMgmt C:\windows\System32\appmgmts.dll
21:36:59.0687 1416 AppMgmt - ok
21:36:59.0781 1416 [ 6C21F270AFEC1E423C00E96D3BD234DC ] AR5416 C:\windows\system32\DRIVERS\athw.sys
21:36:59.0781 1416 AR5416 - ok
21:36:59.0796 1416 asc - ok
21:36:59.0796 1416 asc3350p - ok
21:36:59.0812 1416 asc3550 - ok
21:36:59.0968 1416 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:36:59.0968 1416 aspnet_state - ok
21:37:00.0031 1416 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:37:00.0031 1416 AsyncMac - ok
21:37:00.0062 1416 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\drivers\atapi.sys
21:37:00.0062 1416 atapi - ok
21:37:00.0078 1416 Atdisk - ok
21:37:00.0093 1416 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
21:37:00.0093 1416 Atmarpc - ok
21:37:00.0140 1416 [ E64C1B1D83C030495D8D21FB150DDCF0 ] AudioSrv C:\windows\System32\audiosrv.dll
21:37:00.0140 1416 AudioSrv - ok
21:37:00.0203 1416 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
21:37:00.0203 1416 audstub - ok
21:37:00.0265 1416 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
21:37:00.0265 1416 Beep - ok
21:37:00.0328 1416 [ A9C69D3337D8D553A0F87B295CE04BCF ] BITS C:\windows\system32\qmgr.dll
21:37:00.0328 1416 BITS - ok
21:37:00.0390 1416 [ 678BBDA31A059C1697C362443AD7F637 ] Browser C:\windows\System32\browser.dll
21:37:00.0390 1416 Browser - ok
21:37:00.0578 1416 catchme - ok
21:37:00.0593 1416 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
21:37:00.0593 1416 cbidf2k - ok
21:37:00.0609 1416 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys
21:37:00.0609 1416 CCDECODE - ok
21:37:00.0625 1416 cd20xrnt - ok
21:37:00.0687 1416 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
21:37:00.0687 1416 Cdaudio - ok
21:37:00.0750 1416 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
21:37:00.0750 1416 Cdfs - ok
21:37:00.0765 1416 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:37:00.0765 1416 Cdrom - ok
21:37:00.0781 1416 Changer - ok
21:37:00.0796 1416 [ 5BCCAA5C89863C06F0D7BBCC60772FC4 ] CiSvc C:\windows\system32\cisvc.exe
21:37:00.0796 1416 CiSvc - ok
21:37:00.0828 1416 [ 15307E6191A0DCDC01FAF92EF648E44B ] ClipSrv C:\windows\system32\clipsrv.exe
21:37:00.0828 1416 ClipSrv - ok
21:37:00.0875 1416 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:00.0875 1416 clr_optimization_v2.0.50727_32 - ok
21:37:00.0937 1416 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:37:00.0937 1416 CmBatt - ok
21:37:00.0953 1416 CmdIde - ok
21:37:00.0953 1416 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:37:00.0953 1416 Compbatt - ok
21:37:00.0968 1416 COMSysApp - ok
21:37:00.0984 1416 Cpqarray - ok
21:37:01.0015 1416 [ AC3205E732876D585647EABCC5C80E1E ] CryptSvc C:\windows\System32\cryptsvc.dll
21:37:01.0015 1416 CryptSvc - ok
21:37:01.0015 1416 dac2w2k - ok
21:37:01.0031 1416 dac960nt - ok
21:37:01.0125 1416 [ 3ABF1AF169E3BB2B3D16CDCA9154D36C ] DcomLaunch C:\windows\system32\rpcss.dll
21:37:01.0125 1416 DcomLaunch - ok
21:37:01.0187 1416 [ DC5E01A97CA82163D6B1DBC58F03699A ] Dhcp C:\windows\System32\dhcpcsvc.dll
21:37:01.0187 1416 Dhcp - ok
21:37:01.0218 1416 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
21:37:01.0218 1416 Disk - ok
21:37:01.0234 1416 dmadmin - ok
21:37:01.0281 1416 [ F1F9E49B764C96902ECCABEF144E7CC7 ] dmboot C:\windows\system32\drivers\dmboot.sys
21:37:01.0296 1416 dmboot - ok
21:37:01.0296 1416 [ 12CA201C2B40D8A8B1687164E2DD1D9A ] dmio C:\windows\system32\drivers\dmio.sys
21:37:01.0312 1416 dmio - ok
21:37:01.0328 1416 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
21:37:01.0328 1416 dmload - ok
21:37:01.0359 1416 [ DCCFC9359FCDB4088F2A4E8C8FBC3C90 ] dmserver C:\windows\System32\dmserver.dll
21:37:01.0375 1416 dmserver - ok
21:37:01.0421 1416 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
21:37:01.0437 1416 DMusic - ok
21:37:01.0468 1416 [ 6DF1DC695B7491050D804A262C2956F8 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:37:01.0468 1416 Dnscache - ok
21:37:01.0515 1416 [ 22B0E872B0C0C825C040EF9BEF3EF1B4 ] Dot3svc C:\windows\System32\dot3svc.dll
21:37:01.0531 1416 Dot3svc - ok
21:37:01.0531 1416 dpti2o - ok
21:37:01.0546 1416 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:37:01.0562 1416 drmkaud - ok
21:37:01.0578 1416 [ 2D3CD4F779A8267F76D8E331B38AD82F ] EapHost C:\windows\System32\eapsvc.dll
21:37:01.0593 1416 EapHost - ok
21:37:01.0625 1416 [ 3156361632DEBF246D0C5BE7CFD45698 ] ERSvc C:\windows\System32\ersvc.dll
21:37:01.0625 1416 ERSvc - ok
21:37:01.0687 1416 [ 6248240BB90F50535277801E2A3F923F ] Eventlog C:\windows\system32\services.exe
21:37:01.0687 1416 Eventlog - ok
21:37:01.0750 1416 [ 039C4DA726F0055495ECA21CEB043DC3 ] EventSystem C:\WINDOWS\system32\es.dll
21:37:01.0750 1416 EventSystem - ok
21:37:01.0812 1416 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
21:37:01.0812 1416 Fastfat - ok
21:37:01.0859 1416 [ D6301AF0FFC9C4055D4680E18EDAA35B ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
21:37:01.0859 1416 FastUserSwitchingCompatibility - ok
21:37:01.0875 1416 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys
21:37:01.0875 1416 Fdc - ok
21:37:01.0875 1416 [ A3D6EF42350586396D613081E20D750C ] Fips C:\windows\system32\drivers\Fips.sys
21:37:01.0875 1416 Fips - ok
21:37:01.0937 1416 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
21:37:01.0937 1416 Flpydisk - ok
21:37:02.0000 1416 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:37:02.0000 1416 FltMgr - ok
21:37:02.0125 1416 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:37:02.0125 1416 FontCache3.0.0.0 - ok
21:37:02.0156 1416 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:37:02.0156 1416 Fs_Rec - ok
21:37:02.0171 1416 [ F49589D9B1B3229EB3E761E569B20ACA ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
21:37:02.0171 1416 Ftdisk - ok
21:37:02.0234 1416 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
21:37:02.0234 1416 Gpc - ok
21:37:02.0250 1416 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:37:02.0250 1416 HDAudBus - ok
21:37:02.0343 1416 [ 2AC32E15196C7539814EA3F74408348D ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:37:02.0343 1416 helpsvc - ok
21:37:02.0421 1416 [ 55780FCB2C5A58B96B6E52F61774212D ] HidServ C:\windows\System32\hidserv.dll
21:37:02.0421 1416 HidServ - ok
21:37:02.0484 1416 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:37:02.0484 1416 HidUsb - ok
21:37:02.0531 1416 [ 7B7B6AA49B7B9374FE2BBF17ED390560 ] hkmsvc C:\windows\System32\kmsvc.dll
21:37:02.0531 1416 hkmsvc - ok
21:37:02.0546 1416 hpn - ok
21:37:02.0593 1416 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
21:37:02.0593 1416 HTTP - ok
21:37:02.0656 1416 [ 71223F6198E3AC2E0C063BE602C47D96 ] HTTPFilter C:\windows\System32\w3ssl.dll
21:37:02.0656 1416 HTTPFilter - ok
21:37:02.0671 1416 i2omgmt - ok
21:37:02.0671 1416 i2omp - ok
21:37:02.0703 1416 [ 07D2C69BF1230998553EA5FC62E4DA9D ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:37:02.0703 1416 i8042prt - ok
21:37:02.0953 1416 [ F592A1B020723CFBD3D2722514066449 ] ialm C:\windows\system32\DRIVERS\igxpmp32.sys
21:37:02.0984 1416 ialm - ok
21:37:03.0062 1416 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:37:03.0062 1416 iaStor - ok
21:37:03.0140 1416 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:37:03.0156 1416 idsvc - ok
21:37:03.0203 1416 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
21:37:03.0203 1416 Imapi - ok
21:37:03.0234 1416 [ 16A9F22AEE5F633E093A9180FD97EA65 ] ImapiService C:\windows\system32\imapi.exe
21:37:03.0250 1416 ImapiService - ok
21:37:03.0250 1416 ini910u - ok
21:37:03.0453 1416 [ FEBB470BF0DE4DBEBBF72B79DF993C5F ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
21:37:03.0484 1416 IntcAzAudAddService - ok
21:37:03.0484 1416 IntelIde - ok
21:37:03.0562 1416 [ 694E25EFDC04BFC2803B718CD01B71AD ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:37:03.0562 1416 intelppm - ok
21:37:03.0578 1416 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
21:37:03.0578 1416 Ip6Fw - ok
21:37:03.0609 1416 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:37:03.0609 1416 IpFilterDriver - ok
21:37:03.0609 1416 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
21:37:03.0625 1416 IpInIp - ok
21:37:03.0656 1416 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
21:37:03.0656 1416 IpNat - ok
21:37:03.0671 1416 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
21:37:03.0671 1416 IPSec - ok
21:37:03.0703 1416 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
21:37:03.0703 1416 IRENUM - ok
21:37:03.0734 1416 [ 165255B09753CD0900287C6722B53E8A ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
21:37:03.0734 1416 isapnp - ok
21:37:03.0906 1416 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programfiler\Java\jre6\bin\jqs.exe
21:37:03.0906 1416 JavaQuickStarterService - ok
21:37:03.0921 1416 [ 403A9D3C56617C49EFCB5F2897F500D7 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:37:03.0921 1416 Kbdclass - ok
21:37:03.0953 1416 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
21:37:03.0953 1416 kmixer - ok
21:37:03.0984 1416 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
21:37:03.0984 1416 KSecDD - ok
21:37:04.0031 1416 [ 11F57BD66E10B965974ADDF11ECE678A ] lanmanserver C:\windows\System32\srvsvc.dll
21:37:04.0031 1416 lanmanserver - ok
21:37:04.0093 1416 [ 86500428299EE9F64B5A4BCE230727C6 ] lanmanworkstation C:\windows\System32\wkssvc.dll
21:37:04.0093 1416 lanmanworkstation - ok
21:37:04.0109 1416 lbrtfdc - ok
21:37:04.0156 1416 [ FEE2E6F16744CDAAD217CE0FBA6B72CD ] LmHosts C:\windows\System32\lmhsvc.dll
21:37:04.0171 1416 LmHosts - ok
21:37:04.0234 1416 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
21:37:04.0234 1416 MDM - ok
21:37:04.0281 1416 [ 9AFC4C11E0570AA0D6103A754AC9DE5A ] Messenger C:\windows\System32\msgsvc.dll
21:37:04.0281 1416 Messenger - ok
21:37:04.0328 1416 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
21:37:04.0328 1416 mnmdd - ok
21:37:04.0406 1416 [ E4F75E580C9C6E3CE870E836B241CE30 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:37:04.0406 1416 mnmsrvc - ok
21:37:04.0468 1416 [ EFC09980C68BE2DD0BC3076AAA567D67 ] Modem C:\windows\system32\drivers\Modem.sys
21:37:04.0468 1416 Modem - ok
21:37:04.0531 1416 [ F54DE35966BD4F6D7D751642DED032DB ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:37:04.0531 1416 Mouclass - ok
21:37:04.0546 1416 [ 2C8ACE099162A015D464C9A427148651 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:37:04.0546 1416 mouhid - ok
21:37:04.0609 1416 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
21:37:04.0609 1416 MountMgr - ok
21:37:04.0671 1416 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe
21:37:04.0671 1416 MozillaMaintenance - ok
21:37:04.0703 1416 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
21:37:04.0703 1416 MpFilter - ok
21:37:04.0718 1416 mraid35x - ok
21:37:04.0765 1416 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
21:37:04.0765 1416 MRxDAV - ok
21:37:04.0843 1416 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:37:04.0843 1416 MRxSmb - ok
21:37:04.0890 1416 [ CEB4CF307A5D216D70A5C014561BFBFF ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:37:04.0890 1416 MSDTC - ok
21:37:04.0906 1416 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:37:04.0906 1416 Msfs - ok
21:37:04.0906 1416 MSIServer - ok
21:37:04.0937 1416 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:37:04.0937 1416 MSKSSRV - ok
21:37:05.0031 1416 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programfiler\Microsoft Security Client\MsMpEng.exe
21:37:05.0031 1416 MsMpSvc - ok
21:37:05.0078 1416 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:37:05.0078 1416 MSPCLOCK - ok
21:37:05.0109 1416 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:37:05.0109 1416 MSPQM - ok
21:37:05.0187 1416 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:37:05.0187 1416 mssmbios - ok
21:37:05.0218 1416 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:37:05.0218 1416 MSTEE - ok
21:37:05.0250 1416 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
21:37:05.0250 1416 Mup - ok
21:37:05.0281 1416 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys
21:37:05.0281 1416 NABTSFEC - ok
21:37:05.0328 1416 [ AED760C6A4C315E5E5D3AB11BF119A34 ] napagent C:\windows\System32\qagentrt.dll
21:37:05.0328 1416 napagent - ok
21:37:05.0359 1416 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
21:37:05.0359 1416 NDIS - ok
21:37:05.0421 1416 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys
21:37:05.0421 1416 NdisIP - ok
21:37:05.0453 1416 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:37:05.0453 1416 NdisTapi - ok
21:37:05.0468 1416 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:37:05.0468 1416 Ndisuio - ok
21:37:05.0500 1416 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:37:05.0500 1416 NdisWan - ok
21:37:05.0562 1416 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:37:05.0562 1416 NDProxy - ok
21:37:05.0703 1416 [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe
21:37:05.0703 1416 Nero BackItUp Scheduler 4.0 - ok
21:37:05.0718 1416 Netaapl - ok
21:37:05.0734 1416 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:37:05.0734 1416 NetBIOS - ok
21:37:05.0765 1416 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:37:05.0765 1416 NetBT - ok
21:37:05.0812 1416 [ 371F0F3425AAEAB06425AD4FD47457C4 ] NetDDE C:\windows\system32\netdde.exe
21:37:05.0812 1416 NetDDE - ok
21:37:05.0828 1416 [ 371F0F3425AAEAB06425AD4FD47457C4 ] NetDDEdsdm C:\windows\system32\netdde.exe
21:37:05.0828 1416 NetDDEdsdm - ok
21:37:05.0890 1416 [ 0EAC811F89889A7585BAEDAA4BDD16AF ] Netlogon C:\windows\system32\lsass.exe
21:37:05.0890 1416 Netlogon - ok
21:37:05.0953 1416 [ 1830B848A80A45FAC2825EEF7C1115E3 ] Netman C:\windows\System32\netman.dll
21:37:05.0968 1416 Netman - ok
21:37:06.0031 1416 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:37:06.0031 1416 NetTcpPortSharing - ok
21:37:06.0078 1416 [ 78EE99D48988FEB9BA64730178DB7158 ] Nla C:\windows\System32\mswsock.dll
21:37:06.0078 1416 Nla - ok
21:37:06.0078 1416 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
21:37:06.0078 1416 Npfs - ok
21:37:06.0109 1416 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:37:06.0125 1416 Ntfs - ok
21:37:06.0125 1416 [ 0EAC811F89889A7585BAEDAA4BDD16AF ] NtLmSsp C:\windows\system32\lsass.exe
21:37:06.0125 1416 NtLmSsp - ok
21:37:06.0171 1416 [ 8D476AB1120598CDC25685CC7437114E ] NtmsSvc C:\windows\system32\ntmssvc.dll
21:37:06.0187 1416 NtmsSvc - ok
21:37:06.0218 1416 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
21:37:06.0218 1416 Null - ok
21:37:06.0250 1416 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
21:37:06.0250 1416 NwlnkFlt - ok
21:37:06.0265 1416 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
21:37:06.0265 1416 NwlnkFwd - ok
21:37:06.0328 1416 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE
21:37:06.0328 1416 ose - ok
21:37:06.0359 1416 [ 1AA2E7C0F517B16C6D53093F6EF4D707 ] Parport C:\windows\system32\drivers\Parport.sys
21:37:06.0359 1416 Parport - ok
21:37:06.0359 1416 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
21:37:06.0375 1416 PartMgr - ok
21:37:06.0406 1416 [ 12297B25CCC4D89D9D2E794A8FD6EE3D ] ParVdm C:\windows\system32\drivers\ParVdm.sys
21:37:06.0406 1416 ParVdm - ok
21:37:06.0406 1416 [ 5AF0A66BBBBB8D44A308141F529EA5E0 ] PCI C:\windows\system32\DRIVERS\pci.sys
21:37:06.0406 1416 PCI - ok
21:37:06.0421 1416 PCIDump - ok
21:37:06.0421 1416 PCIIde - ok
21:37:06.0453 1416 [ 339B6DA5D9E01E04F39A5E93612D5C5A ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
21:37:06.0453 1416 Pcmcia - ok
21:37:06.0468 1416 PDCOMP - ok
21:37:06.0468 1416 PDFRAME - ok
21:37:06.0484 1416 PDRELI - ok
21:37:06.0484 1416 PDRFRAME - ok
21:37:06.0500 1416 perc2 - ok
21:37:06.0500 1416 perc2hib - ok
21:37:06.0546 1416 [ 6248240BB90F50535277801E2A3F923F ] PlugPlay C:\windows\system32\services.exe
21:37:06.0546 1416 PlugPlay - ok
21:37:06.0625 1416 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:37:06.0625 1416 Pml Driver HPZ12 - ok
21:37:06.0625 1416 [ 0EAC811F89889A7585BAEDAA4BDD16AF ] PolicyAgent C:\windows\system32\lsass.exe
21:37:06.0625 1416 PolicyAgent - ok
21:37:06.0640 1416 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:37:06.0640 1416 PptpMiniport - ok
21:37:06.0656 1416 [ 0EAC811F89889A7585BAEDAA4BDD16AF ] ProtectedStorage C:\windows\system32\lsass.exe
21:37:06.0656 1416 ProtectedStorage - ok
21:37:06.0656 1416 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
21:37:06.0656 1416 PSched - ok
21:37:06.0718 1416 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
21:37:06.0718 1416 Ptilink - ok
21:37:06.0734 1416 ql1080 - ok
21:37:06.0734 1416 Ql10wnt - ok
21:37:06.0750 1416 ql12160 - ok
21:37:06.0750 1416 ql1240 - ok
21:37:06.0765 1416 ql1280 - ok
21:37:06.0765 1416 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:37:06.0765 1416 RasAcd - ok
21:37:06.0812 1416 [ 2D305FE6656B9D7B4710F9E2A2C07BFA ] RasAuto C:\windows\System32\rasauto.dll
21:37:06.0812 1416 RasAuto - ok
21:37:06.0843 1416 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:37:06.0843 1416 Rasl2tp - ok
21:37:06.0921 1416 [ 0D198F31D58D0D1F67CD1097BE181161 ] RasMan C:\windows\System32\rasmans.dll
21:37:06.0921 1416 RasMan - ok
21:37:06.0921 1416 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:37:06.0921 1416 RasPppoe - ok
21:37:06.0937 1416 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
21:37:06.0937 1416 Raspti - ok
21:37:06.0953 1416 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:37:06.0953 1416 Rdbss - ok
21:37:06.0984 1416 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:37:06.0984 1416 RDPCDD - ok
21:37:07.0000 1416 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
21:37:07.0000 1416 rdpdr - ok
21:37:07.0046 1416 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:37:07.0046 1416 RDPWD - ok
21:37:07.0093 1416 [ EDBF6F085E7096FEF604164053969DA2 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:37:07.0093 1416 RDSessMgr - ok
21:37:07.0125 1416 [ 99C7D4742BE0415D084126EC3462B454 ] redbook C:\windows\system32\DRIVERS\redbook.sys
21:37:07.0140 1416 redbook - ok
21:37:07.0171 1416 [ CB41D2C4D86C99B5A8DF0C5D4A2A34BA ] RemoteAccess C:\windows\System32\mprdim.dll
21:37:07.0171 1416 RemoteAccess - ok
21:37:07.0218 1416 [ 4605EF3A03A8B4D4F3FF3C73A984EC58 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:37:07.0218 1416 RemoteRegistry - ok
21:37:07.0250 1416 [ BFACF9591394DEE0DBD73021B4E55FE5 ] RpcLocator C:\windows\system32\locator.exe
21:37:07.0250 1416 RpcLocator - ok
21:37:07.0312 1416 [ 3ABF1AF169E3BB2B3D16CDCA9154D36C ] RpcSs C:\windows\System32\rpcss.dll
21:37:07.0312 1416 RpcSs - ok
21:37:07.0343 1416 [ CE5ADEB463466C484DA7D2C0E4EF62A9 ] RSVP C:\windows\system32\rsvp.exe
21:37:07.0343 1416 RSVP - ok
21:37:07.0390 1416 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys
21:37:07.0390 1416 RTLE8023xp - ok
21:37:07.0421 1416 [ 0EAC811F89889A7585BAEDAA4BDD16AF ] SamSs C:\windows\system32\lsass.exe
21:37:07.0421 1416 SamSs - ok
21:37:07.0421 1416 [ 2825D4E1AD18F592B7BDA53228B80727 ] SCardSvr C:\windows\System32\SCardSvr.exe
21:37:07.0421 1416 SCardSvr - ok
21:37:07.0453 1416 [ 4F7BB39435B12986B988F5BF1A5DA986 ] Schedule C:\windows\system32\schedsvc.dll
21:37:07.0453 1416 Schedule - ok
21:37:07.0500 1416 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
21:37:07.0500 1416 Secdrv - ok
21:37:07.0531 1416 [ D1CFC9E33DAF916E2C9444960033696A ] seclogon C:\windows\System32\seclogon.dll
21:37:07.0531 1416 seclogon - ok
21:37:07.0546 1416 [ 00173E2E1CA2E3BBD45C5BE160B97668 ] SENS C:\windows\system32\sens.dll
21:37:07.0546 1416 SENS - ok
21:37:07.0593 1416 [ D579FAB95D55A3459547D3EF116821D7 ] Serial C:\windows\system32\drivers\Serial.sys
21:37:07.0593 1416 Serial - ok
21:37:07.0625 1416 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
21:37:07.0625 1416 Sfloppy - ok
21:37:07.0687 1416 [ 7B59715CAD15DABF1FDCC8C6E6C0AE84 ] SharedAccess C:\windows\System32\ipnathlp.dll
21:37:07.0687 1416 SharedAccess - ok
21:37:07.0718 1416 [ D6301AF0FFC9C4055D4680E18EDAA35B ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:37:07.0718 1416 ShellHWDetection - ok
21:37:07.0734 1416 Simbad - ok
21:37:07.0750 1416 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys
21:37:07.0750 1416 SLIP - ok
21:37:07.0765 1416 Sparrow - ok
21:37:07.0828 1416 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
21:37:07.0828 1416 splitter - ok
21:37:07.0875 1416 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
21:37:07.0875 1416 Spooler - ok
21:37:07.0937 1416 [ 71E276F6D189413266EA22171806597B ] sptd C:\windows\System32\Drivers\sptd.sys
21:37:07.0953 1416 sptd - ok
21:37:07.0984 1416 [ A10A8FFFBC556480027FB5AADAE4FE1A ] sr C:\windows\system32\DRIVERS\sr.sys
21:37:07.0984 1416 sr - ok
21:37:08.0031 1416 [ 1485D2219934B94D60CE13AC0F44BA71 ] srservice C:\windows\system32\srsvc.dll
21:37:08.0031 1416 srservice - ok
21:37:08.0062 1416 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
21:37:08.0062 1416 Srv - ok
21:37:08.0093 1416 [ C669CB64DE04DFE2090CD086BEBCEB84 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:37:08.0093 1416 SSDPSRV - ok
21:37:08.0140 1416 [ 78056873D970B760135916DEDAC401FD ] StillCam C:\windows\system32\DRIVERS\serscan.sys
21:37:08.0140 1416 StillCam - ok
21:37:08.0203 1416 [ 521A2A8E048FA4BFAB6EF701FE609C0B ] stisvc C:\windows\system32\wiaservc.dll
21:37:08.0203 1416 stisvc - ok
21:37:08.0234 1416 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys
21:37:08.0234 1416 streamip - ok
21:37:08.0265 1416 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:37:08.0265 1416 swenum - ok
21:37:08.0328 1416 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
21:37:08.0328 1416 swmidi - ok
21:37:08.0343 1416 SwPrv - ok
21:37:08.0343 1416 symc810 - ok
21:37:08.0359 1416 symc8xx - ok
21:37:08.0359 1416 sym_hi - ok
21:37:08.0375 1416 sym_u3 - ok
21:37:08.0421 1416 [ CFB41BF11AE95C26133BAE3EC2E334BD ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:37:08.0421 1416 SynTP - ok
21:37:08.0437 1416 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
21:37:08.0437 1416 sysaudio - ok
21:37:08.0453 1416 [ 48CE2306C71BA7124FF020972CA0AD84 ] SysmonLog C:\windows\system32\smlogsvc.exe
21:37:08.0468 1416 SysmonLog - ok
21:37:08.0500 1416 [ FEC0E0268A50C6D610071D1894D30ACD ] TapiSrv C:\windows\System32\tapisrv.dll
21:37:08.0500 1416 TapiSrv - ok
21:37:08.0593 1416 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
21:37:08.0593 1416 Tcpip - ok
21:37:08.0625 1416 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
21:37:08.0625 1416 TDPIPE - ok
21:37:08.0640 1416 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
21:37:08.0640 1416 TDTCP - ok
21:37:08.0843 1416 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Programfiler\TeamViewer\Version7\TeamViewer_Service.exe
21:37:08.0859 1416 TeamViewer7 - ok
21:37:08.0890 1416 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\windows\system32\DRIVERS\teamviewervpn.sys
21:37:08.0890 1416 teamviewervpn - ok
21:37:08.0921 1416 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:37:08.0921 1416 TermDD - ok
21:37:08.0953 1416 [ 738D9F8ECCD37E0ADAD152D2245BA5C0 ] TermService C:\windows\System32\termsrv.dll
21:37:08.0953 1416 TermService - ok
21:37:08.0968 1416 [ D6301AF0FFC9C4055D4680E18EDAA35B ] Themes C:\windows\System32\shsvcs.dll
21:37:08.0984 1416 Themes - ok
21:37:09.0031 1416 [ EC4C6BA1792D5D984C3CF14C6A23CB3E ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:37:09.0031 1416 TlntSvr - ok
21:37:09.0140 1416 [ F32E7CD2339C66760AA5178924B21E6B ] TomTomHOMEService C:\Programfiler\TomTom HOME 2\TomTomHOMEService.exe
21:37:09.0140 1416 TomTomHOMEService - ok
21:37:09.0156 1416 TosIde - ok
21:37:09.0171 1416 [ 98C561FFBCCACA25794BC7B7CD94388F ] TrkWks C:\windows\system32\trkwks.dll
21:37:09.0171 1416 TrkWks - ok
21:37:09.0218 1416 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
21:37:09.0218 1416 Udfs - ok
21:37:09.0234 1416 ultra - ok
21:37:09.0296 1416 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
21:37:09.0296 1416 Update - ok
21:37:09.0328 1416 [ 1329B239A7621E005EF2DB7B06B67828 ] upnphost C:\windows\System32\upnphost.dll
21:37:09.0328 1416 upnphost - ok
21:37:09.0359 1416 [ 7FD66D78CC2E544D22D0AAA10A36D709 ] UPS C:\windows\System32\ups.exe
21:37:09.0359 1416 UPS - ok
21:37:09.0375 1416 USBAAPL - ok
21:37:09.0437 1416 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:37:09.0437 1416 usbccgp - ok
21:37:09.0453 1416 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:37:09.0453 1416 usbehci - ok
21:37:09.0468 1416 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:37:09.0468 1416 usbhub - ok
21:37:09.0515 1416 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:37:09.0515 1416 usbprint - ok
21:37:09.0562 1416 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:37:09.0562 1416 usbscan - ok
21:37:09.0593 1416 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:37:09.0593 1416 USBSTOR - ok
21:37:09.0625 1416 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
21:37:09.0625 1416 usbuhci - ok
21:37:09.0671 1416 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:37:09.0671 1416 usbvideo - ok
21:37:09.0703 1416 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
21:37:09.0703 1416 usb_rndisx - ok
21:37:09.0734 1416 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\windows\system32\Drivers\UVCFTR_S.SYS
21:37:09.0734 1416 UVCFTR - ok
21:37:09.0765 1416 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
21:37:09.0765 1416 VgaSave - ok
21:37:09.0781 1416 ViaIde - ok
21:37:09.0828 1416 [ 9D61102F5BACD5A26FCAA0DE95E5909E ] VolSnap C:\windows\system32\drivers\VolSnap.sys
21:37:09.0828 1416 VolSnap - ok
21:37:09.0906 1416 [ B4F2125957785D546ACF5F3358E1786D ] VSS C:\windows\System32\vssvc.exe
21:37:09.0906 1416 VSS - ok
21:37:09.0968 1416 [ 6552169B4F48BD3908DDB5E2206357B9 ] W32Time C:\windows\system32\w32time.dll
21:37:09.0968 1416 W32Time - ok
21:37:09.0968 1416 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
21:37:09.0984 1416 Wanarp - ok
21:37:10.0031 1416 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\windows\system32\DRIVERS\wceusbsh.sys
21:37:10.0046 1416 wceusbsh - ok
21:37:10.0046 1416 WDC_SAM - ok
21:37:10.0093 1416 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\windows\system32\Drivers\wdf01000.sys
21:37:10.0093 1416 Wdf01000 - ok
21:37:10.0109 1416 WDICA - ok
21:37:10.0171 1416 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
21:37:10.0171 1416 wdmaud - ok
21:37:10.0203 1416 [ 5B20435EDA7DDDEF4BE6CBA62E231A34 ] WebClient C:\windows\System32\webclnt.dll
21:37:10.0203 1416 WebClient - ok
21:37:10.0312 1416 [ 2C3138F3AE2F381E909C597426A92898 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:37:10.0312 1416 winmgmt - ok
21:37:10.0390 1416 [ B2DDDA7BADECDA305F5EF40196A9A257 ] WinRM C:\windows\system32\WsmSvc.dll
21:37:10.0390 1416 WinRM - ok
21:37:10.0437 1416 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
21:37:10.0437 1416 WmdmPmSN - ok
21:37:10.0515 1416 [ A094ABBE7807CD9501D5C340D11A92A6 ] Wmi C:\windows\System32\advapi32.dll
21:37:10.0515 1416 Wmi - ok
21:37:10.0546 1416 [ 89B2A04F83031683DEE85D1CF0FDB329 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:37:10.0546 1416 WmiApSrv - ok
21:37:10.0578 1416 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\windows\system32\DRIVERS\wpdusb.sys
21:37:10.0578 1416 WpdUsb - ok
21:37:10.0609 1416 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
21:37:10.0609 1416 WS2IFSL - ok
21:37:10.0671 1416 [ 70D7DE85555DEFCBEE260A94B53399F3 ] wscsvc C:\windows\system32\wscsvc.dll
21:37:10.0671 1416 wscsvc - ok
21:37:10.0703 1416 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS
21:37:10.0703 1416 WSTCODEC - ok
21:37:10.0734 1416 [ B07A3C51890739B6C415742D33AC337E ] wuauserv C:\windows\system32\wuauserv.dll
21:37:10.0734 1416 wuauserv - ok
21:37:10.0812 1416 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
21:37:10.0812 1416 WudfPf - ok
21:37:10.0843 1416 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
21:37:10.0843 1416 WudfRd - ok
21:37:10.0890 1416 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
21:37:10.0890 1416 WudfSvc - ok
21:37:10.0968 1416 [ 9739DBA97782E863E013A7CB58EFBDCA ] WZCSVC C:\windows\System32\wzcsvc.dll
21:37:10.0968 1416 WZCSVC - ok
21:37:11.0000 1416 [ F5E73FD8737B61E548035C89B84BDEFF ] xmlprov C:\windows\System32\xmlprov.dll
21:37:11.0015 1416 xmlprov - ok
21:37:11.0031 1416 ================ Scan global ===============================
21:37:11.0093 1416 [ 1250ED53B7929E9043113212E0AB685E ] C:\windows\system32\basesrv.dll
21:37:11.0125 1416 [ A00E45C7EF6374A245AA9C25D0088996 ] C:\windows\system32\winsrv.dll
21:37:11.0140 1416 [ A00E45C7EF6374A245AA9C25D0088996 ] C:\windows\system32\winsrv.dll
21:37:11.0187 1416 [ 6248240BB90F50535277801E2A3F923F ] C:\windows\system32\services.exe
21:37:11.0203 1416 [Global] - ok
21:37:11.0203 1416 ================ Scan MBR ==================================
21:37:11.0218 1416 [ AD99111085A864D39CDFF4D3A646E97B ] \Device\Harddisk0\DR0
21:37:11.0437 1416 \Device\Harddisk0\DR0 - ok
21:37:11.0437 1416 ================ Scan VBR ==================================
21:37:11.0437 1416 [ 76A7BBC5D9AA9EC6BABC26693C3DB20F ] \Device\Harddisk0\DR0\Partition1
21:37:11.0437 1416 \Device\Harddisk0\DR0\Partition1 - ok
21:37:11.0453 1416 ============================================================
21:37:11.0453 1416 Scan finished
21:37:11.0453 1416 ============================================================
21:37:11.0453 1704 Detected object count: 0
21:37:11.0453 1704 Actual detected object count: 0

#11 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 04:03 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 21:41:10
-----------------------------
21:41:10.968 OS Version: Windows 5.1.2600 Service Pack 3
21:41:10.968 Number of processors: 1 586 0xF0D
21:41:10.968 ComputerName: FRANK_SKOLE UserName: bruker
21:41:11.500 Initialize success
21:57:07.828 AVAST engine defs: 12111100
21:57:43.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:57:43.328 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:57:43.375 Disk 0 MBR read successfully
21:57:43.375 Disk 0 MBR scan
21:57:43.437 Disk 0 Windows XP default MBR code
21:57:43.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
21:57:43.437 Disk 0 scanning sectors +312560640
21:57:43.515 Disk 0 scanning C:\windows\system32\drivers
21:57:54.031 Service scanning
21:58:10.468 Modules scanning
21:58:15.203 Disk 0 trace - called modules:
21:58:15.234 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:58:15.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cf9030]
21:58:15.593 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89741030]
21:58:16.078 AVAST engine scan C:\windows
21:58:28.250 AVAST engine scan C:\windows\system32
22:01:36.890 AVAST engine scan C:\windows\system32\drivers
22:01:53.671 AVAST engine scan C:\Documents and Settings\bruker
22:02:27.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bruker\Skrivebord\MBR.dat"
22:02:27.859 The log file has been saved successfully to "C:\Documents and Settings\bruker\Skrivebord\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 11 November 2012 - 04:33 PM

looking very good so far

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 04:57 PM

ComboFix 12-11-10.01 - bruker 11.11.2012 22:47:47.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1916.1338 [GMT 1:00]
Kjører fra: c:\documents and settings\bruker\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\bruker\Skrivebord\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-11 til 2012-11-11 )))))))))))))))))))))))))))))))))
.
.
2012-11-11 16:32 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCDEA216-0BEF-4310-87C8-F5FBBBFC56FE}\mpengine.dll
2012-11-07 12:11 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-07 12:09 . 2012-11-07 12:09 -------- d-----w- c:\programfiler\Fellesfiler\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 22:17 . 2012-04-02 07:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 22:17 . 2011-05-30 04:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 14:32 . 2012-06-25 09:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2010-04-28 08:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-06-25 09:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 20:33 . 2004-08-03 22:03 666624 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:33 . 2004-08-03 19:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:03 . 2010-03-25 20:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 13:53 . 2004-08-03 22:03 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-04 00:58 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-03 21:58 2194688 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-20 04:42 . 2011-12-20 16:10 136672 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Spotify Web Helper"="c:\programfiler\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-28 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-28 141848]
"ACU"="c:\programfiler\Atheros\ACU.exe" [2008-04-14 450648]
"Camera Assistant Software"="c:\programfiler\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-03 16860672]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\programfiler\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\
Dropbox.lnk - c:\documents and settings\bruker\Programdata\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\bruker\\Programdata\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programfiler\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programfiler\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 TeamViewer7;TeamViewer 7;c:\programfiler\TeamViewer\Version7\TeamViewer_Service.exe [07.11.2012 13:03 2848168]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\TomTom HOME 2\TomTomHOMEService.exe [24.06.2010 15:41 92008]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [07.01.2008 09:37 25088]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.03.2009 11:40 717296]
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - 84489612
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 84489612
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:17]
.
2012-11-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programfiler\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-11-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\bruker\Programdata\Mozilla\Firefox\Profiles\l0zpueq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/
FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p=
FF - ExtSQL: 2012-10-10 22:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-07 13:08; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ...
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\athgina.dll
.
- - - - - - - > 'explorer.exe'(3832)
c:\documents and settings\bruker\Programdata\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2012-11-11 22:51:04
ComboFix-quarantined-files.txt 2012-11-11 21:51
ComboFix2.txt 2012-11-11 21:42
ComboFix3.txt 2012-11-11 19:26
.
Pre-Run: 102 624 370 688 byte ledig
Post-Run: 102 615 928 832 byte ledig
.
- - End Of File - - 58174320BDF728B6A3EC79E53BC493E2

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 11 November 2012 - 05:04 PM

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 37 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 November 2012 - 05:50 PM

Malwarebytes Anti-Malware (Prøveversjon) 1.65.1.1000
www.malwarebytes.org

Databaseversjon: v2012.11.11.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
bruker :: FRANK_SKOLE [administrator]

Beskyttelse: Aktivert

11.11.2012 23:40:05
mbam-log-2012-11-11 (23-40-05).txt

Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 212210
Tid tilbakelagt: 4 minutt(er), 44 sekund(er)

Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)

Mapper oppdaget: 0
(Ingen skadelige objekter funnet)

Filer oppdaget 0
(Ingen skadelige objekter funnet)

(klar)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users