Får ikkje starta Firefox eller Norton - Malware? Logger vedlagt

[Arangaras]

Hei,

 

Har problem på pc'en til sambuaren min. I går fekk ho plutseleg ikkje starta verken Firefox eller Norton, noko som gjer at eg mistenkjer malware.

 

Har køyrd ørten forskjellige "online virus scans", inkludert combofix og Malwarebytes Anti-Malware, utan at det ser ut til å ha fiksa problema.

 

Håpar nokon kan hjelpe oss her På forhand takk for alle innspel!

 

Loggar følger:

 

Malwarebytes:

 

 

 

Malwarebytes Anti-Malware (Prøveversjon) 1.60.1.1000

www.malwarebytes.org

 

Databaseversjon: v2012.02.24.02

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Christina :: CHRISTINAS-PC [begrenset]

 

Beskyttelse: Aktivert

 

24.02.2012 20:12:30

mbam-log-2012-02-24 (20-12-30).txt

 

Skanntype: Hurtigsøk

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 189947

Tid tilbakelagt: 6 minutt(er), 28 sekund(er)

 

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

 

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

 

Registernøkler oppdaget: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Satt i karantene og slettet vellykket.

 

Registerverdier oppdaget: 1

HKLM\SOFTWARE\Mozilla\Firefox\extensions|[email protected] (Adware.Hotbar) -> Data: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions -> Satt i karantene og slettet vellykket.

 

Registerfiler oppdaget: 0

(Ingen skadelige objekter funnet)

 

Mapper oppdaget: 0

(Ingen skadelige objekter funnet)

 

Filer oppdaget 0

(Ingen skadelige objekter funnet)

 

(klar)

 

 

 

 

Combofix:

 

 

 

ComboFix 12-02-24.02 - Christina 24.02.2012 20:25:40.1.1 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.3002.1730 [GMT 1:00]

Kjører fra: c:\users\Christina\Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-01-24 til 2012-02-24 )))))))))))))))))))))))))))))))))

.

.

2012-02-24 19:39 . 2012-02-24 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-24 19:37 . 2012-02-24 19:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B637DCA5-765A-4F56-9921-84743122F409}\offreg.dll

2012-02-24 19:20 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B637DCA5-765A-4F56-9921-84743122F409}\mpengine.dll

2012-02-24 19:11 . 2012-02-24 19:11 -------- d-----w- c:\users\Christina\AppData\Roaming\Malwarebytes

2012-02-24 19:11 . 2012-02-24 19:11 -------- d-----w- c:\programdata\Malwarebytes

2012-02-24 19:11 . 2012-02-24 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-24 19:11 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 20:01 . 2012-02-23 20:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-23 20:01 . 2012-02-23 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-23 18:40 . 2012-02-23 18:40 -------- d-----w- c:\users\Christina\AppData\Roaming\f-secure

2012-02-23 18:40 . 2012-02-23 18:40 -------- d-----w- c:\programdata\F-Secure

2012-02-23 17:39 . 2012-02-23 17:39 -------- d-----w- c:\program files\Panda Security

2012-02-21 20:34 . 2012-02-21 20:34 -------- d-----w- c:\users\Christina\AppData\Local\Symantec

2012-02-21 18:18 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-21 18:18 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-02-21 18:18 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-02-21 18:18 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-02-21 18:18 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-02-21 18:18 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-02-21 18:18 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll

2012-02-21 18:18 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll

2012-02-21 18:18 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-21 18:18 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-02-21 18:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-21 18:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-21 18:17 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-21 18:14 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 04:10 . 2010-04-06 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-15 20:28 . 2011-04-30 17:29 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 68856]

"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-24 1561896]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 487424]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 186912]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-09 273544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-20 565248]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [2011-12-01 820344]

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-25 13224]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-23 691696]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSvix86.sys [2011-11-04 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-08 299640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 688128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]

S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]

S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]

S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]

S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 125472]

S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 netw5v32;Intel® trådløs WiFi-kobling 5000-kortdriver for 32-biters Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-25 27632]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - F-SECURE_STANDALONE_MINIFILTER

*NewlyCreated* - MBAMPROTECTOR

*Deregistered* - AvgRkx86

*Deregistered* - AvgTdiX

*Deregistered* - F-Secure Standalone Minifilter

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 14:46]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 14:46]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953508245-902352101-3084962031-1000Core.job

- c:\users\Christina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 10:19]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953508245-902352101-3084962031-1000UA.job

- c:\users\Christina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 10:19]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0809&m=aspire_4810t

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138

FF - ProfilePath - c:\users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\n55kyiae.default\

FF - prefs.js: browser.startup.homepage - startsiden.no

.

- - - - TOMME PEKERE FJERNET - - - -

.

HKCU-Run-AdobeBridge - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

.

- - - - - - - > 'Explorer.exe'(6016)

c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll

.

Tidspunkt ferdig: 2012-02-24 20:45:18

ComboFix-quarantined-files.txt 2012-02-24 19:45

.

Pre-Run: 323 000 057 856 byte ledig

Post-Run: 322 905 702 400 byte ledig

.

- - End Of File - - 001BE7736238D9DD3729F6CB39699D0E

 

 

[mobile999]

Last ned og kjør DDS.scr. Programmet lager to logger. Post innholdet i begge.

 

Last ned aswMBR, lagre den på Skrivebordet (høyreklikk linken og velg Lagre som...).

Høyreklikk aswMBR.exe ikonet og velg Kjør som Administrator

Ikke last ned definisjoner fra Avast når programmet spør om det.

Klikk Scan knappen.

Når den sier "Scan finished successfully", klikk Save log og lagre loggen til skrivebordet.

Klikk OK. To filer blir laget: aswMBR.txt og MBR.dat

Klikk EXIT.

Post innholdet i aswMBR.txt

Endret 26. februar 2012 av mobile999

[Arangaras]

Hei,

 

Takk for at du tar deg tid til å hjelpe

 

Vil legge til at eg har litt meir informasjon her no: Prøvde å bruke Norton Bootable Recovery Tool i går, og då fann det ein ADH2-trojaner som det skal ha fjerna (men problema er her fortsatt). Elles vil eg beklage at det har tatt litt tid å svare her, men scanningane har tatt laaaang tid å få ordna (maskina ligg heile tida på 100% prosessorbruk, men kan ikkje sjå ein prosess i "Task Manager" som er den skuldige).

 

Loggar:

 

DDS:

 

 

 

 

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Christina at 16:42:31 on 2012-02-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.3002.1921 [GMT 1:00]

.

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0809&m=aspire_4810t

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [NBCore] "c:\program files\common files\nero\nero backitup 4\NBCore.exe"

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [skytel] c:\program files\realtek\audio\hda\Skytel.exe

mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe

mRun: [backupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd til OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send bilde til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\0727966716474343337337A657 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\072796671647734343538656C6 : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\34842594354594E41435D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\44275616D637 : DhcpNameServer = 217.13.7.140 217.13.4.24

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\4556C656E6F627D26323834393332343 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\642716E63707C6163737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4581695D-0995-4625-93A9-C6996D1E70D4}\86F656D6 : DhcpNameServer = 192.168.1.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\christina\appdata\roaming\mozilla\firefox\profiles\n55kyiae.default\

FF - prefs.js: browser.startup.homepage - startsiden.no

.

============= SERVICES / DRIVERS ===============

.

: 1;4;1;1;1;1;4;4;1;1;1;1;1;1;1;1;1;1;4;1;1;4;4;1;1;1;4;1;4;4;1;1;1;1;4;4;1;4;4;4;4;1;1;1;4;1;1;1;1;1;1;1;1;1;1;1;1;4;1;1;1;4;4;1;1;4;1;4;4;1;4;4;4;1;1;4;4;1;4;4;4;4;4;4;1;4;1;4;4;4;1;4;1;1;1;1;4;1;4;4;1;4;1;1;4;4;4;1;1;4;4;1;1;1;1;4;1;4;1;1;4;1;1;1;1;4;1;1;1;1;1;1;1;4;1;1;1;4;4;4;4;4;1;1;4;4;1;4;4;4;1;4;1;1;4;1;1;4;1;1;1;4;1;4;4;4;1;4;4;4;4;1;4;1;1;1;1;4;4;4;1;1;1;1;1;4;4;1;4;1;4;4;1;4;4;4;1;4;1;1;4;1;4;1;1;1;1;1;1;4;4;1;1;1;4;4;4;4;4;4;1;4;1;1;4;1;4;4;4;4;4;4;4;1;4;1;1;4;1;1;4;1;4;4;4;4;4;4;1;4;4;4;1;1;1;4;1;1;1;1;1;1;4;1;4;4;4;1;1;4;4;4;4;4;1;4;4;1;1;4;4;4;1;4;1;4;1;1;1;1;1;4;1;4;4;4;4;4;1;4;4;4;1;4;1;1;1;4;1;4;1;4;4;1;4;1;1;1;4;1;4;4;4;4;4;4;4;4;1;1;1;1;1;1;1;1;1;1;4;1;1;1;1;1;4;4;1;1;4;1;1;4;1;4;4;4;4;4;4;1;4;4;1;1;4;4;4;4;4;4;4;1;4;1;4;1;4;1;1;4;4;1;4;1;4;1;1;1;4;1;4;1;1;1;4;1;4;1;4;1;4;4;1;1;1;1;4;4;4;1;4;1;1;4;1;1;1;1;4;4;4;1;1;1;1;1;1;4;1;1;1;1;1;1;4;4;4;1;1;1;1;4;1;4;1;4;1;1;4;1;4;4;1;4;1;1;4;4;4;4;4;1;4;1

.

=============== Created Last 30 ================

.

2012-02-26 10:14:24 -------- d-----w- c:\users\christina\appdata\local\{3711F45E-1BE4-494B-BD50-CC9B88FD2B4F}

2012-02-26 10:13:56 -------- d-----w- c:\users\christina\appdata\local\{8143E890-B1EC-46DB-9B95-ED3B8A597C38}

2012-02-26 01:38:36 -------- d-----w- C:\NBRT

2012-02-25 19:47:13 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-02-25 19:47:12 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-02-25 19:47:12 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-02-25 19:47:12 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-02-25 19:47:06 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-02-25 19:47:06 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-02-25 19:47:01 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-02-25 19:46:43 -------- d-----w- c:\users\christina\appdata\roaming\PC Tools

2012-02-25 19:46:43 -------- d-----w- c:\program files\PC Tools Security

2012-02-25 19:46:43 -------- d-----w- c:\program files\common files\PC Tools

2012-02-25 19:43:49 -------- d-----w- c:\programdata\PC Tools

2012-02-25 16:10:42 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0405000.022

2012-02-25 16:10:42 -------- d-----w- c:\windows\system32\drivers\NBRTWizard

2012-02-25 16:10:39 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

2012-02-25 15:56:43 -------- d-----w- c:\users\christina\appdata\local\NPE

2012-02-24 19:44:36 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-24 19:23:01 518144 ----a-w- c:\windows\SWREG.exe

2012-02-24 19:23:01 256000 ----a-w- c:\windows\PEV.exe

2012-02-24 19:23:01 208896 ----a-w- c:\windows\MBR.exe

2012-02-24 19:23:00 98816 ----a-w- c:\windows\sed.exe

2012-02-24 19:22:51 -------- d-----w- C:\ComboFix

2012-02-24 19:20:11 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b637dca5-765a-4f56-9921-84743122f409}\mpengine.dll

2012-02-24 19:11:52 -------- d-----w- c:\users\christina\appdata\roaming\Malwarebytes

2012-02-24 19:11:31 -------- d-----w- c:\programdata\Malwarebytes

2012-02-24 19:11:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-24 19:11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-23 20:01:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-23 20:01:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-23 19:58:45 -------- d-----w- c:\users\christina\appdata\local\{68DCAB42-2984-4708-8BA0-10DFE6756EFF}

2012-02-23 19:58:34 -------- d-----w- c:\users\christina\appdata\local\{BD1C4DF7-9E1A-44AA-B1C2-E15DBCE74497}

2012-02-23 18:40:40 -------- d-----w- c:\users\christina\appdata\roaming\f-secure

2012-02-23 18:40:14 -------- d-----w- c:\programdata\F-Secure

2012-02-23 17:39:16 -------- d-----w- c:\program files\Panda Security

2012-02-21 20:34:55 -------- d-----w- c:\users\christina\appdata\local\Symantec

2012-02-21 18:32:44 -------- d-----w- c:\users\christina\appdata\local\{AC28572D-2C0B-475B-B3FF-E9AE50564335}

2012-02-21 18:32:33 -------- d-----w- c:\users\christina\appdata\local\{F4951661-916D-477D-B536-FD3FD66C9E7A}

2012-02-21 18:18:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-21 18:18:04 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-02-21 18:18:04 314880 ----a-w- c:\windows\system32\webio.dll

2012-02-21 18:18:04 22528 ----a-w- c:\windows\system32\lsass.exe

2012-02-21 18:18:04 224768 ----a-w- c:\windows\system32\schannel.dll

2012-02-21 18:18:04 22016 ----a-w- c:\windows\system32\secur32.dll

2012-02-21 18:18:04 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-02-21 18:18:04 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-02-21 18:18:04 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-21 18:18:04 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-02-21 18:17:55 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-21 18:17:11 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-21 18:17:01 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-21 18:14:31 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-02-21 17:38:15 -------- d-----w- c:\users\christina\appdata\local\{3F4FBD9C-061E-467B-9BCA-FBD751A7D437}

2012-02-20 17:36:53 -------- d-----w- c:\users\christina\appdata\local\{05980C78-6081-4369-B938-4DAF3FA55169}

2012-02-20 17:36:30 -------- d-----w- c:\users\christina\appdata\local\{2FFF83FC-3D7D-417D-AAF7-C34BDB319220}

2012-02-19 11:22:59 -------- d-----w- c:\users\christina\appdata\local\{01872819-A5B4-4F1C-9CC9-9700CEBB3197}

2012-02-19 11:22:33 -------- d-----w- c:\users\christina\appdata\local\{DDA1A1C9-B55B-4ED3-AAF8-E014D2E5511B}

2012-02-18 16:40:42 -------- d-----w- c:\users\christina\appdata\local\{03AB2158-96FC-4D28-8BF4-C884987B3E8A}

2012-02-18 16:40:00 -------- d-----w- c:\users\christina\appdata\local\{B9D4ED19-6487-4BBD-9C5D-4805A434D68B}

2012-02-16 18:14:47 -------- d-----w- c:\users\christina\appdata\local\{F5E21ABA-3C21-42F8-BC94-EBDFBBCFDABE}

2012-02-16 14:02:23 -------- d-----w- c:\users\christina\appdata\local\{5CFFE004-86C7-4E45-977A-8B9B549F7BB8}

2012-02-15 18:34:51 -------- d-----w- c:\users\christina\appdata\local\{332FFEBE-8635-4CC7-A3E9-11FBDEA7C3E3}

2012-02-15 13:05:23 -------- d-----w- c:\users\christina\appdata\local\{F8A502E4-FF95-4784-BD00-DAEDEFA34D9E}

2012-02-14 12:49:04 -------- d-----w- c:\users\christina\appdata\local\{CDC3A434-1A40-450C-AF46-E3A12D1E91F5}

2012-02-13 18:40:59 -------- d-----w- c:\users\christina\appdata\local\{865F5166-638C-4EA8-B432-3C6C95BBE461}

2012-02-13 15:02:10 -------- d-----w- c:\users\christina\appdata\local\{6E441CF5-EBFA-4E6D-9D5C-0A22B6EBA0FA}

2012-02-12 11:56:38 -------- d-----w- c:\users\christina\appdata\local\{814FFF43-3E2D-4409-9BC4-2E9648D129BE}

2012-02-12 11:56:23 -------- d-----w- c:\users\christina\appdata\local\{B678A903-A695-4134-B5A3-FF62FFE011ED}

2012-02-11 23:56:09 -------- d-----w- c:\users\christina\appdata\local\{C202D661-E964-4865-BDCE-48F3988D9811}

2012-02-11 23:55:57 -------- d-----w- c:\users\christina\appdata\local\{BCA5720A-933C-462D-91AD-0AE25674DBF3}

2012-02-11 11:55:28 -------- d-----w- c:\users\christina\appdata\local\{C74E5806-6649-47CA-8BC1-9B4C0E5DB5D4}

2012-02-11 11:55:07 -------- d-----w- c:\users\christina\appdata\local\{AA7F5D2D-01F8-4BC9-B969-50C0A3547EA1}

2012-02-10 17:34:19 -------- d-----w- c:\users\christina\appdata\local\{09E355BB-EB58-498D-A635-9CF957F23745}

2012-02-10 17:33:41 -------- d-----w- c:\users\christina\appdata\local\{BBE8E3EB-60E9-48FE-A746-21096978B960}

2012-02-09 18:13:54 -------- d-----w- c:\users\christina\appdata\local\{6AD7F217-5C6D-47FF-B260-1D30897E656C}

2012-02-08 19:30:14 -------- d-----w- c:\users\christina\appdata\local\{025CE9E4-1DCD-4531-A309-4EDF81C0CC69}

2012-02-08 19:29:25 -------- d-----w- c:\users\christina\appdata\local\{2E09D216-79F2-4961-8A40-02330EE14F81}

2012-02-07 17:59:18 -------- d-----w- c:\users\christina\appdata\local\{6138CAAA-51D6-4B2A-9571-CB08FDCFE59E}

2012-02-07 17:58:42 -------- d-----w- c:\users\christina\appdata\local\{775932EC-1F04-4538-8757-598C8A017AD6}

2012-02-06 15:02:21 -------- d-----w- c:\users\christina\appdata\local\{1C696A2A-8327-4054-993E-1356A9CC7808}

2012-02-05 10:23:51 -------- d-----w- c:\users\christina\appdata\local\{800BC926-0903-4C5D-975E-C968206AF27B}

2012-02-05 10:23:25 -------- d-----w- c:\users\christina\appdata\local\{EFBF2763-6A29-478F-8440-A90A03C9EAB5}

2012-02-04 14:46:16 -------- d-----w- c:\users\christina\appdata\local\{13EA5518-7802-499F-AE3C-E1731D055C38}

2012-02-04 14:45:54 -------- d-----w- c:\users\christina\appdata\local\{AB0AB2C9-5597-4278-9C09-3381F9FFC195}

2012-02-03 19:15:02 -------- d-----w- c:\users\christina\appdata\local\{16604216-547B-40EC-9665-AD6D97235793}

2012-02-03 19:14:32 -------- d-----w- c:\users\christina\appdata\local\{6707AF32-87DA-44ED-9E41-059BDAF7B321}

2012-02-02 18:06:46 -------- d-----w- c:\users\christina\appdata\local\{FF010A1E-F906-48A8-9AA7-200EE6FF3510}

2012-02-02 18:05:44 -------- d-----w- c:\users\christina\appdata\local\{03B45EEB-63AB-43C1-8E13-B974DF80AFD6}

2012-02-01 16:04:24 -------- d-----w- c:\users\christina\appdata\local\{B2107908-9827-4B36-9969-E6DD43247A81}

2012-02-01 16:04:11 -------- d-----w- c:\users\christina\appdata\local\{E3025378-FBE1-4CBF-A681-9AFFD7022644}

2012-01-31 11:02:46 -------- d-----w- c:\users\christina\appdata\local\{2DE05CBF-FD2C-42F7-A56E-750FCCB1151C}

2012-01-31 11:02:35 -------- d-----w- c:\users\christina\appdata\local\{D3540BB7-47AD-4356-AA99-3344738C4DBB}

2012-01-30 23:02:19 -------- d-----w- c:\users\christina\appdata\local\{5D580350-8A5A-4C06-B569-331CCC20F47E}

2012-01-30 23:02:06 -------- d-----w- c:\users\christina\appdata\local\{05E78149-93D2-45E5-8F38-356124FAE641}

2012-01-30 11:01:53 -------- d-----w- c:\users\christina\appdata\local\{D12DE97C-DAD7-4AE7-B361-BFA237F2D6A2}

2012-01-30 11:01:43 -------- d-----w- c:\users\christina\appdata\local\{9FA0FDA3-C5AE-4673-914E-960413825389}

2012-01-29 18:30:06 -------- d-----w- c:\users\christina\appdata\local\{93EA118E-DD88-4054-A7F1-E9A148B64722}

2012-01-29 18:29:52 -------- d-----w- c:\users\christina\appdata\local\{ECB797BA-1B3B-4331-BDF5-7B56DD63B090}

.

==================== Find3M ====================

.

2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 17:11:01,26 ===============

 

 

 

Attach-loggen ligg vedlagt.

 

aswMBR:

 

 

 

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-02-26 17:40:48

-----------------------------

17:40:48.795 OS Version: Windows 6.1.7601 Service Pack 1

17:40:48.795 Number of processors: 1 586 0x170A

17:40:48.799 ComputerName: CHRISTINAS-PC UserName: Christina

17:44:33.005 Initialize success

17:44:46.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:44:46.453 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

17:44:46.481 Disk 0 MBR read successfully

17:44:46.484 Disk 0 MBR scan

17:44:46.488 Disk 0 Windows 7 default MBR code

17:44:46.503 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048

17:44:46.520 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048

17:44:46.527 Disk 0 scanning sectors +976771072

17:44:46.598 Disk 0 scanning C:\Windows\system32\drivers

17:44:56.593 Service scanning

17:45:23.172 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

17:45:33.488 Modules scanning

17:48:50.925 Disk 0 trace - called modules:

17:48:50.966 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys spgx.sys halmacpi.dll >>UNKNOWN [0x85eec938]<<

17:48:51.302 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87716490]

17:48:51.311 3 CLASSPNP.SYS[8bd9359e] -> nt!IofCallDriver -> [0x87716cc0]

17:48:51.320 5 PCTCore.sys[8b823099] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86c5b028]

17:48:51.328 Scan finished successfully

17:57:44.584 Disk 0 MBR has been saved successfully to "C:\Users\Christina\Desktop\MBR.dat"

17:57:44.597 The log file has been saved successfully to "C:\Users\Christina\Desktop\aswMBR.txt"

 

Attach.zip

[mobile999]

Det er bare hyggelig å hjelpe til.

 

Last ned TDSSKiller fra Kaspersky. Pakk ut og legg TDSSKiller.exe på skrivebordet.

Høyreklikk TDSSKiller.exe og velg Kjør som Administrator.

Klikk Start Scan,for å kjøre scanningen.

Etter System scan completed dukker opp:

Hvis Malicious objects er funnet, sørg for at Cure er valgt.

Hvis Suspicious objects er funnet, sørg for at Skip er valgt.

Klikk Continue og evt. Reboot now.

Post innholdet i C:\TDSSKiller.X.txt

(X = versjon + dato).

[Arangaras]

Då var scan køyrd, fann berre eit "suspicious" object.

 

Logg frå TDSSKiller 2.7.1.4.0_26.02.2012_18_57_12_log.txt:

 

 

 

18:57:12.0298 3716 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

18:57:14.0303 3716 ============================================================

18:57:14.0303 3716 Current date / time: 2012/02/26 18:57:14.0303

18:57:14.0303 3716 SystemInfo:

18:57:14.0303 3716

18:57:14.0303 3716 OS Version: 6.1.7601 ServicePack: 1.0

18:57:14.0303 3716 Product type: Workstation

18:57:14.0303 3716 ComputerName: CHRISTINAS-PC

18:57:14.0502 3716 UserName: Christina

18:57:14.0502 3716 Windows directory: C:\Windows

18:57:14.0502 3716 System windows directory: C:\Windows

18:57:14.0659 3716 Processor architecture: Intel x86

18:57:14.0659 3716 Number of processors: 1

18:57:14.0659 3716 Page size: 0x1000

18:57:14.0659 3716 Boot type: Normal boot

18:57:14.0659 3716 ============================================================

18:57:22.0370 3716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

18:57:22.0373 3716 \Device\Harddisk0\DR0:

18:57:22.0373 3716 MBR used

18:57:22.0373 3716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000

18:57:22.0414 3716 Initialize success

18:57:22.0414 3716 ============================================================

18:57:38.0439 2180 ============================================================

18:57:38.0439 2180 Scan started

18:57:38.0439 2180 Mode: Manual;

18:57:38.0439 2180 ============================================================

18:57:38.0822 2180 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

18:57:38.0826 2180 1394ohci - ok

18:57:38.0887 2180 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

18:57:38.0892 2180 ACPI - ok

18:57:38.0969 2180 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

18:57:38.0971 2180 AcpiPmi - ok

18:57:39.0105 2180 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

18:57:39.0113 2180 adp94xx - ok

18:57:39.0149 2180 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

18:57:39.0154 2180 adpahci - ok

18:57:39.0191 2180 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

18:57:39.0195 2180 adpu320 - ok

18:57:39.0285 2180 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

18:57:39.0292 2180 AFD - ok

18:57:39.0340 2180 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

18:57:39.0343 2180 agp440 - ok

18:57:39.0398 2180 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

18:57:39.0401 2180 aic78xx - ok

18:57:39.0479 2180 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

18:57:39.0482 2180 aliide - ok

18:57:39.0511 2180 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

18:57:39.0513 2180 amdagp - ok

18:57:39.0533 2180 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

18:57:39.0535 2180 amdide - ok

18:57:39.0655 2180 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

18:57:39.0658 2180 AmdK8 - ok

18:57:39.0702 2180 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

18:57:39.0704 2180 AmdPPM - ok

18:57:39.0787 2180 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

18:57:39.0803 2180 amdsata - ok

18:57:39.0947 2180 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

18:57:39.0951 2180 amdsbs - ok

18:57:39.0994 2180 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

18:57:39.0997 2180 amdxata - ok

18:57:40.0064 2180 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

18:57:40.0066 2180 AppID - ok

18:57:40.0194 2180 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

18:57:40.0197 2180 arc - ok

18:57:40.0240 2180 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

18:57:40.0243 2180 arcsas - ok

18:57:40.0366 2180 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

18:57:40.0367 2180 AsyncMac - ok

18:57:40.0457 2180 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

18:57:40.0460 2180 atapi - ok

18:57:40.0583 2180 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

18:57:40.0602 2180 b06bdrv - ok

18:57:40.0696 2180 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

18:57:40.0700 2180 b57nd60x - ok

18:57:40.0779 2180 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

18:57:40.0780 2180 Beep - ok

18:57:41.0028 2180 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys

18:57:41.0036 2180 BHDrvx86 - ok

18:57:41.0173 2180 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

18:57:41.0175 2180 blbdrive - ok

18:57:41.0275 2180 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

18:57:41.0277 2180 bowser - ok

18:57:41.0302 2180 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:57:41.0304 2180 BrFiltLo - ok

18:57:41.0367 2180 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:57:41.0369 2180 BrFiltUp - ok

18:57:41.0445 2180 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

18:57:41.0447 2180 BridgeMP - ok

18:57:41.0503 2180 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

18:57:41.0508 2180 Brserid - ok

18:57:41.0559 2180 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

18:57:41.0561 2180 BrSerWdm - ok

18:57:41.0614 2180 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:57:41.0616 2180 BrUsbMdm - ok

18:57:41.0686 2180 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

18:57:41.0688 2180 BrUsbSer - ok

18:57:41.0761 2180 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

18:57:41.0764 2180 BthEnum - ok

18:57:41.0798 2180 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

18:57:41.0800 2180 BTHMODEM - ok

18:57:41.0908 2180 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

18:57:41.0912 2180 BthPan - ok

18:57:41.0980 2180 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys

18:57:41.0987 2180 BTHPORT - ok

18:57:42.0054 2180 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys

18:57:42.0057 2180 BTHUSB - ok

18:57:42.0075 2180 btwaudio (f97a9c093e79bf117d9f26f2d31dca5e) C:\Windows\system32\drivers\btwaudio.sys

18:57:42.0078 2180 btwaudio - ok

18:57:42.0098 2180 btwavdt (143c4c1ee6d131eca8b4ab5f80b3f910) C:\Windows\system32\drivers\btwavdt.sys

18:57:42.0101 2180 btwavdt - ok

18:57:42.0164 2180 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

18:57:42.0167 2180 btwl2cap - ok

18:57:42.0193 2180 btwrchid (97cf6c5d3b443344497f1f53e5d0ed50) C:\Windows\system32\DRIVERS\btwrchid.sys

18:57:42.0200 2180 btwrchid - ok

18:57:42.0356 2180 catchme - ok

18:57:42.0491 2180 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

18:57:42.0493 2180 cdfs - ok

18:57:42.0574 2180 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

18:57:42.0576 2180 cdrom - ok

18:57:42.0648 2180 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

18:57:42.0651 2180 circlass - ok

18:57:42.0701 2180 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

18:57:42.0705 2180 CLFS - ok

18:57:42.0838 2180 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

18:57:42.0840 2180 CmBatt - ok

18:57:42.0868 2180 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

18:57:42.0870 2180 cmdide - ok

18:57:42.0926 2180 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

18:57:42.0933 2180 CNG - ok

18:57:42.0991 2180 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

18:57:42.0993 2180 Compbatt - ok

18:57:43.0065 2180 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

18:57:43.0067 2180 CompositeBus - ok

18:57:43.0126 2180 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

18:57:43.0128 2180 crcdisk - ok

18:57:43.0225 2180 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

18:57:43.0243 2180 DfsC - ok

18:57:43.0281 2180 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

18:57:43.0283 2180 discache - ok

18:57:43.0340 2180 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

18:57:43.0343 2180 Disk - ok

18:57:43.0412 2180 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

18:57:43.0413 2180 DKbFltr - ok

18:57:43.0492 2180 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

18:57:43.0494 2180 drmkaud - ok

18:57:43.0560 2180 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

18:57:43.0568 2180 DXGKrnl - ok

18:57:43.0743 2180 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

18:57:43.0846 2180 ebdrv - ok

18:57:43.0962 2180 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:57:43.0967 2180 eeCtrl - ok

18:57:44.0113 2180 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

18:57:44.0121 2180 elxstor - ok

18:57:44.0213 2180 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

18:57:44.0215 2180 ErrDev - ok

18:57:44.0265 2180 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

18:57:44.0269 2180 exfat - ok

18:57:44.0309 2180 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

18:57:44.0312 2180 fastfat - ok

18:57:44.0378 2180 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

18:57:44.0380 2180 fdc - ok

18:57:44.0424 2180 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

18:57:44.0431 2180 FileInfo - ok

18:57:44.0455 2180 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

18:57:44.0462 2180 Filetrace - ok

18:57:44.0507 2180 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

18:57:44.0509 2180 flpydisk - ok

18:57:44.0605 2180 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

18:57:44.0608 2180 FltMgr - ok

18:57:44.0647 2180 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

18:57:44.0650 2180 FsDepends - ok

18:57:44.0728 2180 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

18:57:44.0731 2180 fssfltr - ok

18:57:44.0771 2180 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

18:57:44.0774 2180 Fs_Rec - ok

18:57:44.0916 2180 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

18:57:44.0920 2180 fvevol - ok

18:57:44.0987 2180 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:57:44.0990 2180 gagp30kx - ok

18:57:45.0033 2180 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:57:45.0035 2180 GEARAspiWDM - ok

18:57:45.0115 2180 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

18:57:45.0117 2180 ggflt - ok

18:57:45.0152 2180 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

18:57:45.0155 2180 ggsemc - ok

18:57:45.0263 2180 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

18:57:45.0266 2180 hcw85cir - ok

18:57:45.0332 2180 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

18:57:45.0335 2180 HDAudBus - ok

18:57:45.0364 2180 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

18:57:45.0366 2180 HidBatt - ok

18:57:45.0397 2180 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

18:57:45.0399 2180 HidBth - ok

18:57:45.0455 2180 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

18:57:45.0457 2180 HidIr - ok

18:57:45.0513 2180 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

18:57:45.0516 2180 HidUsb - ok

18:57:45.0575 2180 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

18:57:45.0578 2180 HpSAMD - ok

18:57:45.0642 2180 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

18:57:45.0644 2180 HTCAND32 - ok

18:57:45.0719 2180 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys

18:57:45.0721 2180 htcnprot - ok

18:57:45.0768 2180 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

18:57:45.0787 2180 HTTP - ok

18:57:45.0818 2180 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

18:57:45.0821 2180 hwpolicy - ok

18:57:45.0908 2180 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

18:57:45.0910 2180 i8042prt - ok

18:57:46.0001 2180 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

18:57:46.0005 2180 iaStor - ok

18:57:46.0074 2180 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

18:57:46.0080 2180 iaStorV - ok

18:57:46.0277 2180 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSvix86.sys

18:57:46.0280 2180 IDSVix86 - ok

18:57:46.0619 2180 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

18:57:46.0908 2180 igfx - ok

18:57:47.0031 2180 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

18:57:47.0034 2180 iirsp - ok

18:57:47.0168 2180 IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys

18:57:47.0191 2180 IntcAzAudAddService - ok

18:57:47.0223 2180 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys

18:57:47.0226 2180 IntcHdmiAddService - ok

18:57:47.0267 2180 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

18:57:47.0270 2180 intelide - ok

18:57:47.0327 2180 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

18:57:47.0328 2180 intelppm - ok

18:57:47.0356 2180 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:57:47.0359 2180 IpFilterDriver - ok

18:57:47.0438 2180 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

18:57:47.0441 2180 IPMIDRV - ok

18:57:47.0481 2180 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

18:57:47.0484 2180 IPNAT - ok

18:57:47.0581 2180 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

18:57:47.0583 2180 IRENUM - ok

18:57:47.0609 2180 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

18:57:47.0611 2180 isapnp - ok

18:57:47.0657 2180 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

18:57:47.0662 2180 iScsiPrt - ok

18:57:47.0716 2180 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

18:57:47.0718 2180 kbdclass - ok

18:57:47.0781 2180 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

18:57:47.0784 2180 kbdhid - ok

18:57:47.0864 2180 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

18:57:47.0867 2180 KSecDD - ok

18:57:47.0905 2180 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

18:57:47.0909 2180 KSecPkg - ok

18:57:47.0984 2180 L1C (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys

18:57:47.0987 2180 L1C - ok

18:57:48.0080 2180 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

18:57:48.0082 2180 lltdio - ok

18:57:48.0159 2180 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:57:48.0162 2180 LSI_FC - ok

18:57:48.0202 2180 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:57:48.0206 2180 LSI_SAS - ok

18:57:48.0233 2180 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:57:48.0267 2180 LSI_SAS2 - ok

18:57:48.0297 2180 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:57:48.0300 2180 LSI_SCSI - ok

18:57:48.0358 2180 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

18:57:48.0360 2180 luafv - ok

18:57:48.0430 2180 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

18:57:48.0432 2180 MBAMProtector - ok

18:57:48.0495 2180 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

18:57:48.0497 2180 megasas - ok

18:57:48.0563 2180 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

18:57:48.0568 2180 MegaSR - ok

18:57:48.0599 2180 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

18:57:48.0601 2180 Modem - ok

18:57:48.0661 2180 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

18:57:48.0662 2180 monitor - ok

18:57:48.0726 2180 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

18:57:48.0727 2180 mouclass - ok

18:57:48.0783 2180 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

18:57:48.0786 2180 mouhid - ok

18:57:48.0857 2180 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

18:57:48.0860 2180 mountmgr - ok

18:57:48.0934 2180 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

18:57:48.0938 2180 mpio - ok

18:57:48.0970 2180 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

18:57:48.0972 2180 mpsdrv - ok

18:57:49.0023 2180 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

18:57:49.0026 2180 MRxDAV - ok

18:57:49.0074 2180 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:57:49.0077 2180 mrxsmb - ok

18:57:49.0119 2180 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:57:49.0123 2180 mrxsmb10 - ok

18:57:49.0155 2180 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:57:49.0157 2180 mrxsmb20 - ok

18:57:49.0222 2180 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

18:57:49.0224 2180 msahci - ok

18:57:49.0305 2180 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

18:57:49.0309 2180 msdsm - ok

18:57:49.0398 2180 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

18:57:49.0400 2180 Msfs - ok

18:57:49.0426 2180 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

18:57:49.0428 2180 mshidkmdf - ok

18:57:49.0461 2180 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

18:57:49.0464 2180 msisadrv - ok

18:57:49.0544 2180 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

18:57:49.0546 2180 MSKSSRV - ok

18:57:49.0589 2180 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

18:57:49.0591 2180 MSPCLOCK - ok

18:57:49.0622 2180 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

18:57:49.0624 2180 MSPQM - ok

18:57:49.0651 2180 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

18:57:49.0654 2180 MsRPC - ok

18:57:49.0712 2180 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

18:57:49.0713 2180 mssmbios - ok

18:57:49.0800 2180 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

18:57:49.0802 2180 MSTEE - ok

18:57:49.0896 2180 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

18:57:49.0898 2180 MTConfig - ok

18:57:49.0922 2180 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

18:57:49.0925 2180 Mup - ok

18:57:49.0969 2180 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

18:57:49.0971 2180 mwlPSDFilter - ok

18:57:49.0999 2180 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

18:57:50.0000 2180 mwlPSDNServ - ok

18:57:50.0026 2180 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

18:57:50.0027 2180 mwlPSDVDisk - ok

18:57:50.0139 2180 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

18:57:50.0144 2180 NativeWifiP - ok

18:57:50.0324 2180 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVENG.SYS

18:57:50.0328 2180 NAVENG - ok

18:57:50.0411 2180 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVEX15.SYS

18:57:50.0458 2180 NAVEX15 - ok

18:57:50.0601 2180 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

18:57:50.0622 2180 NDIS - ok

18:57:50.0717 2180 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

18:57:50.0720 2180 NdisCap - ok

18:57:50.0774 2180 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

18:57:50.0776 2180 NdisTapi - ok

18:57:50.0854 2180 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

18:57:50.0856 2180 Ndisuio - ok

18:57:50.0906 2180 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

18:57:50.0909 2180 NdisWan - ok

18:57:50.0934 2180 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

18:57:50.0936 2180 NDProxy - ok

18:57:51.0013 2180 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

18:57:51.0015 2180 NetBIOS - ok

18:57:51.0067 2180 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

18:57:51.0071 2180 NetBT - ok

18:57:51.0285 2180 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

18:57:51.0384 2180 netw5v32 - ok

18:57:51.0478 2180 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

18:57:51.0481 2180 nfrd960 - ok

18:57:51.0537 2180 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

18:57:51.0539 2180 Npfs - ok

18:57:51.0574 2180 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

18:57:51.0575 2180 nsiproxy - ok

18:57:51.0660 2180 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

18:57:51.0696 2180 Ntfs - ok

18:57:51.0792 2180 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys

18:57:51.0794 2180 NTIDrvr - ok

18:57:51.0941 2180 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

18:57:51.0942 2180 Null - ok

18:57:51.0981 2180 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

18:57:51.0985 2180 nvraid - ok

18:57:52.0013 2180 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

18:57:52.0018 2180 nvstor - ok

18:57:52.0061 2180 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

18:57:52.0065 2180 nv_agp - ok

18:57:52.0131 2180 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

18:57:52.0134 2180 ohci1394 - ok

18:57:52.0247 2180 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

18:57:52.0254 2180 Parport - ok

18:57:52.0308 2180 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

18:57:52.0310 2180 partmgr - ok

18:57:52.0355 2180 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

18:57:52.0357 2180 Parvdm - ok

18:57:52.0444 2180 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

18:57:52.0449 2180 pci - ok

18:57:52.0499 2180 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

18:57:52.0501 2180 pciide - ok

18:57:52.0533 2180 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

18:57:52.0538 2180 pcmcia - ok

18:57:52.0666 2180 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys

18:57:52.0671 2180 PCTCore - ok

18:57:52.0737 2180 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys

18:57:52.0743 2180 pctDS - ok

18:57:52.0780 2180 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys

18:57:52.0802 2180 pctEFA - ok

18:57:52.0889 2180 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

18:57:52.0892 2180 pcw - ok

18:57:52.0929 2180 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

18:57:52.0950 2180 PEAUTH - ok

18:57:53.0102 2180 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

18:57:53.0136 2180 PptpMiniport - ok

18:57:53.0167 2180 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

18:57:53.0170 2180 Processor - ok

18:57:53.0250 2180 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

18:57:53.0252 2180 Psched - ok

18:57:53.0309 2180 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

18:57:53.0345 2180 ql2300 - ok

18:57:53.0389 2180 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

18:57:53.0393 2180 ql40xx - ok

18:57:53.0437 2180 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

18:57:53.0439 2180 QWAVEdrv - ok

18:57:53.0468 2180 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

18:57:53.0470 2180 RasAcd - ok

18:57:53.0542 2180 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:57:53.0544 2180 RasAgileVpn - ok

18:57:53.0576 2180 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:57:53.0579 2180 Rasl2tp - ok

18:57:53.0646 2180 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

18:57:53.0678 2180 RasPppoe - ok

18:57:53.0745 2180 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

18:57:53.0747 2180 RasSstp - ok

18:57:53.0792 2180 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

18:57:53.0796 2180 rdbss - ok

18:57:53.0832 2180 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

18:57:53.0835 2180 rdpbus - ok

18:57:53.0873 2180 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:57:53.0875 2180 RDPCDD - ok

18:57:53.0938 2180 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

18:57:53.0940 2180 RDPENCDD - ok

18:57:53.0971 2180 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

18:57:53.0973 2180 RDPREFMP - ok

18:57:54.0005 2180 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

18:57:54.0009 2180 RDPWD - ok

18:57:54.0070 2180 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

18:57:54.0075 2180 rdyboost - ok

18:57:54.0144 2180 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

18:57:54.0148 2180 RFCOMM - ok

18:57:54.0238 2180 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys

18:57:54.0243 2180 RsFx0150 - ok

18:57:54.0315 2180 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

18:57:54.0317 2180 rspndr - ok

18:57:54.0404 2180 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS

18:57:54.0407 2180 RTSTOR - ok

18:57:54.0485 2180 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

18:57:54.0489 2180 sbp2port - ok

18:57:54.0565 2180 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

18:57:54.0567 2180 scfilter - ok

18:57:54.0689 2180 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

18:57:54.0691 2180 secdrv - ok

18:57:54.0766 2180 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

18:57:54.0768 2180 seehcri - ok

18:57:54.0913 2180 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

18:57:54.0915 2180 Serenum - ok

18:57:54.0942 2180 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

18:57:54.0945 2180 Serial - ok

18:57:54.0983 2180 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

18:57:54.0986 2180 sermouse - ok

18:57:55.0057 2180 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

18:57:55.0059 2180 sffdisk - ok

18:57:55.0088 2180 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

18:57:55.0091 2180 sffp_mmc - ok

18:57:55.0118 2180 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

18:57:55.0121 2180 sffp_sd - ok

18:57:55.0149 2180 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

18:57:55.0159 2180 sfloppy - ok

18:57:55.0231 2180 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

18:57:55.0234 2180 sisagp - ok

18:57:55.0298 2180 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:57:55.0301 2180 SiSRaid2 - ok

18:57:55.0328 2180 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

18:57:55.0331 2180 SiSRaid4 - ok

18:57:55.0387 2180 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

18:57:55.0391 2180 Smb - ok

18:57:55.0470 2180 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

18:57:55.0473 2180 spldr - ok

18:57:55.0600 2180 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

18:57:55.0600 2180 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

18:57:55.0603 2180 sptd ( LockedFile.Multi.Generic ) - warning

18:57:55.0604 2180 sptd - detected LockedFile.Multi.Generic (1)

18:57:55.0738 2180 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS

18:57:55.0743 2180 SRTSP - ok

18:57:55.0789 2180 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS

18:57:55.0791 2180 SRTSPX - ok

18:57:55.0852 2180 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

18:57:55.0858 2180 srv - ok

18:57:55.0887 2180 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

18:57:55.0892 2180 srv2 - ok

18:57:55.0928 2180 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

18:57:55.0931 2180 srvnet - ok

18:57:56.0033 2180 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

18:57:56.0036 2180 stexstor - ok

18:57:56.0122 2180 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

18:57:56.0124 2180 swenum - ok

18:57:56.0254 2180 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS

18:57:56.0260 2180 SymDS - ok

18:57:56.0325 2180 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS

18:57:56.0347 2180 SymEFA - ok

18:57:56.0430 2180 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

18:57:56.0432 2180 SymEvent - ok

18:57:56.0516 2180 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS

18:57:56.0518 2180 SymIRON - ok

18:57:56.0543 2180 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS

18:57:56.0546 2180 SymNetS - ok

18:57:56.0623 2180 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys

18:57:56.0626 2180 SynTP - ok

18:57:56.0759 2180 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

18:57:56.0884 2180 Tcpip - ok

18:57:57.0008 2180 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

18:57:57.0020 2180 TCPIP6 - ok

18:57:57.0075 2180 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

18:57:57.0077 2180 tcpipreg - ok

18:57:57.0121 2180 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

18:57:57.0123 2180 TDPIPE - ok

18:57:57.0170 2180 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

18:57:57.0173 2180 TDTCP - ok

18:57:57.0225 2180 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

18:57:57.0227 2180 tdx - ok

18:57:57.0272 2180 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

18:57:57.0273 2180 TermDD - ok

18:57:57.0392 2180 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:57:57.0394 2180 tssecsrv - ok

18:57:57.0472 2180 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

18:57:57.0475 2180 TsUsbFlt - ok

18:57:57.0550 2180 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

18:57:57.0553 2180 tunnel - ok

18:57:57.0599 2180 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

18:57:57.0602 2180 uagp35 - ok

18:57:57.0638 2180 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys

18:57:57.0640 2180 UBHelper - ok

18:57:57.0688 2180 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

18:57:57.0693 2180 udfs - ok

18:57:57.0769 2180 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

18:57:57.0772 2180 uliagpkx - ok

18:57:57.0882 2180 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

18:57:57.0884 2180 umbus - ok

18:57:57.0925 2180 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

18:57:57.0928 2180 UmPass - ok

18:57:57.0979 2180 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

18:57:57.0982 2180 USBAAPL - ok

18:57:58.0015 2180 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

18:57:58.0017 2180 usbccgp - ok

18:57:58.0071 2180 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

18:57:58.0074 2180 usbcir - ok

18:57:58.0124 2180 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

18:57:58.0126 2180 usbehci - ok

18:57:58.0178 2180 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\drivers\usbhub.sys

18:57:58.0183 2180 usbhub - ok

18:57:58.0209 2180 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

18:57:58.0218 2180 usbohci - ok

18:57:58.0281 2180 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

18:57:58.0283 2180 usbprint - ok

18:57:58.0348 2180 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

18:57:58.0351 2180 usbscan - ok

18:57:58.0379 2180 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:57:58.0382 2180 USBSTOR - ok

18:57:58.0422 2180 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

18:57:58.0424 2180 usbuhci - ok

18:57:58.0522 2180 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

18:57:58.0525 2180 usbvideo - ok

18:57:58.0600 2180 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

18:57:58.0603 2180 vdrvroot - ok

18:57:58.0656 2180 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

18:57:58.0659 2180 vga - ok

18:57:58.0696 2180 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

18:57:58.0698 2180 VgaSave - ok

18:57:58.0728 2180 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

18:57:58.0732 2180 vhdmp - ok

18:57:58.0820 2180 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

18:57:58.0822 2180 viaagp - ok

18:57:58.0857 2180 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

18:57:58.0861 2180 ViaC7 - ok

18:57:58.0890 2180 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

18:57:58.0892 2180 viaide - ok

18:57:58.0943 2180 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

18:57:58.0947 2180 volmgr - ok

18:57:58.0983 2180 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

18:57:58.0989 2180 volmgrx - ok

18:57:59.0035 2180 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

18:57:59.0040 2180 volsnap - ok

18:57:59.0109 2180 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

18:57:59.0114 2180 vsmraid - ok

18:57:59.0149 2180 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

18:57:59.0151 2180 vwifibus - ok

18:57:59.0199 2180 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

18:57:59.0202 2180 WacomPen - ok

18:57:59.0269 2180 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

18:57:59.0271 2180 WANARP - ok

18:57:59.0283 2180 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

18:57:59.0306 2180 Wanarpv6 - ok

18:57:59.0427 2180 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

18:57:59.0430 2180 Wd - ok

18:57:59.0471 2180 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

18:57:59.0481 2180 Wdf01000 - ok

18:57:59.0585 2180 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

18:57:59.0587 2180 WfpLwf - ok

18:57:59.0611 2180 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

18:57:59.0614 2180 WIMMount - ok

18:57:59.0777 2180 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

18:57:59.0780 2180 WinUsb - ok

18:57:59.0970 2180 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

18:57:59.0972 2180 WmiAcpi - ok

18:58:00.0077 2180 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

18:58:00.0080 2180 ws2ifsl - ok

18:58:00.0152 2180 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

18:58:00.0157 2180 WudfPf - ok

18:58:00.0233 2180 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:58:00.0237 2180 WUDFRd - ok

18:58:00.0368 2180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:58:00.0431 2180 \Device\Harddisk0\DR0 - ok

18:58:00.0439 2180 Boot (0x1200) (16c62915346a3e984289a2ff69a6752a) \Device\Harddisk0\DR0\Partition0

18:58:00.0440 2180 \Device\Harddisk0\DR0\Partition0 - ok

18:58:00.0444 2180 ============================================================

18:58:00.0444 2180 Scan finished

18:58:00.0445 2180 ============================================================

18:58:00.0462 3520 Detected object count: 1

18:58:00.0462 3520 Actual detected object count: 1

18:58:29.0342 3520 sptd ( LockedFile.Multi.Generic ) - skipped by user

18:58:29.0343 3520 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

19:00:20.0579 2732 Deinitialize success

 

 

[Dr.Geek]

Det er bare hyggelig å hjelpe til.

 

Last ned TDSSKiller fra Kaspersky.

 

Hvorfor er du så sikker det er malware her som er grunnen til problemet? Det var ingen tegn til malware infeksjoner i loggene fra MB og CB så hvorfor scanne med enda flere? (Bare til info: TDSSKiller + aswMBR scans er unødvendig da begge scanner etter samme typer rootkits)

 

@arangaras:

Dette er nok ikke et malware problem. Jeg tror at pcen din er overbelastet. Da kan det forekomme at programmer som ønsket startet, ikke starter, eller veldig treigt.

 

Mitt råd:

Deinstaller alt som er unødvendig: Spybot & Search Destroy og alt annet av AV Software unntatt EN. Det samme gjelder for andre programmer. Så rens PCen med Windows egne verktøy for søppelfiler.

Endret 26. februar 2012 av TheGenius

[mobile999]

Dette er nok ikke et malware problem.

Kan ikke du dele av din innsikt i hvorfor det ser slik ut i DDS loggen?

 

============= SERVICES / DRIVERS ===============

.

: 1;4;1;1;1;1;4;4;1;1;1;1;1;1;1;1;1;1;4;1;1;4;4;1;1;1;4;1;4;4;1;1;1;1;4;4;1;4;4;4;4;1;1;1;4;1; 1;1;1;1;1;1;1;1;1;1;1;4;1;1;1;4;4;1;1;4;1;4;4;1;4;4;4;1;1;4;4;1;4;4;4;4;4;4;1;4;1;4;4;4;1;4; 1;1;1;1;4;1;4;4;1;4;1;1;4;4;4;1;1;4;4;1;1;1;1;4;1;4;1;1;4;1;1;1;1;4;1;1;1;1;1;1;1;4;1;1;1;4; 4;4;4;4;1;1;4;4;1;4;4;4;1;4;1;1;4;1;1;4;1;1;1;4;1;4;4;4;1;4;4;4;4;1;4;1;1;1;1;4;4;4;1;1;1;1; 1;4;4;1;4;1;4;4;1;4;4;4;1;4;1;1;4;1;4;1;1;1;1;1;1;4;4;1;1;1;4;4;4;4;4;4;1;4;1;1;4;1;4;4;4;4; 4;4;4;1;4;1;1;4;1;1;4;1;4;4;4;4;4;4;1;4;4;4;1;1;1;4;1;1;1;1;1;1;4;1;4;4;4;1;1;4;4;4;4;4;1;4; 4;1;1;4;4;4;1;4;1;4;1;1;1;1;1;4;1;4;4;4;4;4;1;4;4;4;1;4;1;1;1;4;1;4;1;4;4;1;4;1;1;1;4;1;4;4; 4;4;4;4;4;4;1;1;1;1;1;1;1;1;1;1;4;1;1;1;1;1;4;4;1;1;4;1;1;4;1;4;4;4;4;4;4;1;4;4;1;1;4;4;4;4; 4;4;4;1;4;1;4;1;4;1;1;4;4;1;4;1;4;1;1;1;4;1;4;1;1;1;4;1;4;1;4;1;4;4;1;1;1;1;4;4;4;1;4;1;1;4; 1;1;1;1;4;4;4;1;1;1;1;1;1;4;1;1;1;1;1;1;4;4;4;1;1;1;1;4;1;4;1;4;1;1;4;1;4;4;1;4;1;1;4;4;4;4; 4;1;4;1

.

[Arangaras]

TheGenius:

 

No har dama veldig få program installert på pc'en (Norton (einaste som var installert då problemet oppstod), Firefox, Puzzle Quest 2, Office-pakka pluss nokre få program til), so ser ikkje heilt at dette skal overbelaste pc'en. Skal avinstallere dei programma eg har installert i ettertid, og prøve å bruke Windows sine verktøy for søppelfiler, då. Takk for innspel

[mobile999]

Då var scan køyrd, fann berre eit "suspicious" object.

Sptd.sys er del av Daemon tools og er sannsynligvis også årsaken til at aswMBR flagget "unknown".

 

Du kan forsøke følgende for å feilsøke hvorfor Firefox ikke starter:

 

Forsøk å starte Firefox igjen for å teste om programmet fremdeles ikke starter (kommer det feilmelding? Hvilken?).

Hold inne Windows tasten og trykk R på tastaturet. Skriv inn firefox -safe-mode og trykk OK (det er mellomrom mellom firefox og -safe-mode). Dersom det dukker opp en boks, klikk knappen for å fortsette til sikkermodus (Hvis Firefox starter så kan du stoppe feilsøkingen).

Start aswMBR på skrivebordet for å sjekke at programmet starter, bare lukk programmet igjen.

Gi aswMBR(.exe) på skrivebordet nytt navn til firefox(.exe) (ikke firefox.exe.exe). Dobbelklikk aswMBR (nå med navnet "firefox") for å sjekke at programmet starter, bare lukk programmet igjen dersom det starter.

 

Beskriv: Om firefox starter, evt. feilmelding.

Starter Firefox i sikkermodus, evt. feilmelding?

Om aswMBR starter som seg selv/med navnet firefox, evt. feilmelding(er).

Endret 27. februar 2012 av mobile999

[Arangaras]

Hei,

 

Både i vanleg modus og sikkermodus får eg feilmelding om at "et uventet problem oppstod, og programmet har krasjet".

 

Får spørsmål om eg vil sende inn rapport til Firefox, viss eg hukar av dette alternativet får eg opp mogelegheit til å sjå på detaljane i feil-rapporten. Desse kjem under.

 

Det gjekk greit å endre navn på fila til firefox.exe og køyre den.

 

Skal køyre diskopprydding no. Andre som bør brukast for å "renske opp"?

 

Loggar:

 

 

 

AvailableVirtualMemory: 2033418240

BuildID: 20111220165912

CrashTime: 1330369026

InstallTime: 1326659312

Notes: xpcom_runtime_abort(###!!! ABORT: Main-thread-only object used off the main thread: file e:/builds/moz2_slave/rel-m-rel-w32-bld/build/xpcom/base/nsCycleCollector.cpp, line 1273)

ProductName: Firefox

ReleaseChannel: release

SecondsSinceLastCrash: 117636

StartupTime: 1330369014

SystemMemoryUsePercentage: 32

Throttleable: 1

TotalVirtualMemory: 2147352576

URL:

Vendor: Mozilla

Version: 9.0.1

 

Denne rapporten inneholder også informasjon om tilstanden til programmet da det krasjet.

 

 

 

Safe mode:

 

 

AvailableVirtualMemory: 2024742912

BuildID: 20111220165912

CrashTime: 1330370231

InstallTime: 1326659312

ProductName: Firefox

ReleaseChannel: release

SecondsSinceLastCrash: 1079

StartupTime: 1330370225

SystemMemoryUsePercentage: 43

Throttleable: 1

TotalVirtualMemory: 2147352576

URL:

Vendor: Mozilla

Version: 9.0.1

Winsock_LSP: PCTOOLS over [MSAFD Tcpip [TCP/IP]] : 2 : 1 : C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

PCTOOLS over [MSAFD Tcpip [uDP/IP]] : 2 : 2 :

PCTOOLS over [MSAFD Tcpip [RAW/IP]] : 2 : 3 : C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

PCTOOLS over [MSAFD Tcpip [TCP/IPv6]] : 2 : 1 :

PCTOOLS over [MSAFD Tcpip [uDP/IPv6]] : 2 : 2 : C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

PCTOOLS over [MSAFD Tcpip [RAW/IPv6]] : 2 : 3 :

MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll

MSAFD Tcpip [uDP/IP] : 2 : 2 :

MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll

MSAFD Tcpip [TCP/IPv6] : 2 : 1 :

MSAFD Tcpip [uDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll

MSAFD Tcpip [RAW/IPv6] : 2 : 3 :

RSVP TCPv6-tjenesteleverandør : 2 : 1 : %SystemRoot%\system32\mswsock.dll

RSVP TCP-tjenesteleverandør : 2 : 1 :

RSVP UDPv6-tjenesteleverandør : 2 : 2 : %SystemRoot%\system32\mswsock.dll

RSVP UDP-tjenesteleverandør : 2 : 2 :

MSAFD RfComm [bluetooth] : 2 : 1 : %SystemRoot%\system32\mswsock.dll

PCTOOLS CONTENT FILTER PROVIDER : 2 : 1 :

MSAFD NetBIOS [\Device\NetBT_Tcpip_{7678C4BB-26B9-4130-8F7B-8E175E05C1C9}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip_{7678C4BB-26B9-4130-8F7B-8E175E05C1C9}] DATAGRAM 6 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip_{4581695D-0995-4625-93A9-C6996D1E70D4}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip_{4581695D-0995-4625-93A9-C6996D1E70D4}] DATAGRAM 0 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip_{31C84A02-A4C9-463E-90A0-76A45DEB4E29}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip_{31C84A02-A4C9-463E-90A0-76A45DEB4E29}] DATAGRAM 1 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{42A2F36B-B6F3-4CA6-B54D-9580FAA5AF6B}] SEQPACKET 9 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{42A2F36B-B6F3-4CA6-B54D-9580FAA5AF6B}] DATAGRAM 9 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{44E4C23B-7D07-4ABD-99D4-3580B5512407}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{44E4C23B-7D07-4ABD-99D4-3580B5512407}] DATAGRAM 4 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{954F1FA6-2D9C-40FC-9B08-B19CEA9BBA48}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{954F1FA6-2D9C-40FC-9B08-B19CEA9BBA48}] DATAGRAM 5 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72A8AE56-2281-4091-97B1-DBD7029496C8}] SEQPACKET 8 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72A8AE56-2281-4091-97B1-DBD7029496C8}] DATAGRAM 8 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7678C4BB-26B9-4130-8F7B-8E175E05C1C9}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7678C4BB-26B9-4130-8F7B-8E175E05C1C9}] DATAGRAM 7 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4581695D-0995-4625-93A9-C6996D1E70D4}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4581695D-0995-4625-93A9-C6996D1E70D4}] DATAGRAM 3 : 2 : 2 :

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{31C84A02-A4C9-463E-90A0-76A45DEB4E29}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll

MSAFD NetBIOS [\Device\NetBT_Tcpip6_{31C84A02-A4C9-463E-90A0-76A45DEB4E29}] DATAGRAM 2 : 2 : 2 :

 

Denne rapporten inneholder også informasjon om tilstanden til programmet da det krasjet.

 

 

Endret 27. februar 2012 av Arangaras

[mobile999]

Mitt neste forslag er å fjerne Norton 360, men ta backup av firefox profilen, helst uten "Utvidelser" (Extensions), før du fortsetter: http://www.hardware.no/artikler/mozbackup/78848

 

Jeg foreslår at du laster ned installasjonsprogrammet for Microsoft Security Essentials (anti-virus), vent med å installere den til etter Norton 360 er fjernet. Alternativt så kan du reinstallere Norton 360 etter den er fjernet og du har testet om Firefox virker.

 

Referer til følgende nettside for å fjerne Norton 360 med Norton Removal Tool:

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20071130124653EN&lg=english&ct=united%20states&product=home&version=1&pvid=f-home

Etter du har startet maskinen på nytt så tester du Firefox på nytt, deretter (re-)installerer du anti-virus.

 

Du kan evt. teste om Firefox portable virker:

http://portableapps.com/apps/internet/firefox_portable

[Arangaras]

Då ser det endeleg ut til å ha løyst seg, kvifor veit eg ikkje..

 

Tok kontakt med kundeservice hos Norton for litt hjelp, og etter litt krangling om at eg nekta å betale ytterlegare 799kr for noko som strengt tatt var deira jobb (fjerne virus), so fekk eg hjelp.

 

Uansett, for å gjere ei lang historie kort: Norton blei fiksa, og etter ein reinstallasjon av Firefox so ser det ut til at ting funkar greit, og prosessorutnyttinga ser ut til å ha komt ned på eit normalt nivå. Skal følge godt med framover då..

 

Tusen takk for all hjelp