Hoppa till innehåll

Foto

Problem med Live Security Platinum


  • Vänligen logga in för att kunna svara
28 svar till detta ämne

#1 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 01:36

Hejsan!

Har som rubriken säger problem med Live Security Platinum. Har försökt att rensa bort det enligt följande sida. Men upplever att datorn är seg.

Har nu kört en DDS log som jag hoppas få hjälp att kolla. Bifogar även Attach filen.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Emma at 1:48:04 on 2012-07-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1796 [GMT 2:00]
.
AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\DatacardService\DCService.exe
C:\ProgramData\DatacardService\DCSHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\DatacardService\DataCardMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
mURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627205154.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\emma\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\teliam~1.lnk - c:\program files\telia\telia_mobilt_bredband\Telia_Mobilt_bredband.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B69C2EC-AB3E-4EC0-99EC-2D1962F13FF3} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{4D1F536F-3899-48A3-B7AA-08AAEE1CB98F} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{7FC942A1-5B6E-408D-AE08-3B9FB50676BE} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{95E82A23-BF00-4825-BB76-586D5901A48D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F53F2175-5DCF-4E57-9ECF-F78747298FE4} : DhcpNameServer = 83.255.245.11 193.150.193.150
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\emma\appdata\roaming\mozilla\firefox\profiles\ar09atuj.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-18 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-18 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-2 169608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-9 81920]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
R2 DCSHost.exe;DCSHost.exe;c:\programdata\datacardservice\DCSHOST.exe [2011-12-12 110592]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-18 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-18 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-18 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-18 57600]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 135936]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-20 72832]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-9 212992]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-18 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-18 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-18 340920]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-6-9 133472]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-6-9 271616]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-20 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-20 116736]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 63360]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 105856]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 8064]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-18 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-25 109864]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-11-28 155320]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-2-4 42368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-21 20:14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 19:59:10 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-21 16:45:14 -------- d-----w- c:\programdata\HitmanPro
2012-07-21 15:32:26 -------- d-----w- c:\users\emma\appdata\roaming\Malwarebytes
2012-07-21 15:32:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 17:10:14 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C
2012-07-18 07:48:02 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed0801ad-0eec-432f-91c6-0a9b4c0f2181}\mpengine.dll
2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Save
2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Reyba
2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Osqo
.
==================== Find3M ====================
.
2012-07-21 19:58:52 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:49:13,97 ===============


Mvh
Robert

Bifogad fil(er)



#2 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 02:43

Jag kan inte starta windows uppdate heller!

#3 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 09:07

Avinstallera:
Conduit Engine
ToggleSW Toolbar

Spara ComboFix på Skrivbordet: http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.
Mer detaljerad vägledning finns på http://www.bleepingc...ix-ska-anvandas

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

#4 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 10:37

Här kommer Combofix loggen.

När jag nu försöker öppna firefox på datorn som är infekterad så funkar den inte kommer ett felmedelande "C:\Program Files\Mozilla Firefox\firefox.exe Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning"



ComboFix 12-07-21.01 - Emma 2012-07-22 11:04:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1973 [GMT 2:00]
Körs från: c:\users\Emma\Desktop\ComboFix.exe
AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emma\AppData\Roaming\Osqo
c:\users\Emma\AppData\Roaming\Osqo\leva.xio
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-22 09:11 . 2012-07-22 09:13 -------- d-----w- c:\users\Emma\AppData\Local\temp
2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia
2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java
2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C
2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll
2012-06-30 12:10 . 2012-07-02 08:41 -------- d-----w- c:\users\Emma\AppData\Roaming\Save
2012-06-30 12:10 . 2012-07-01 21:05 -------- d-----w- c:\users\Emma\AppData\Roaming\Reyba
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]
path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Extra genomsökning -------
.
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
URLSearchHooks-{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - (no file)
WebBrowser-{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-Sony PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 11:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'Explorer.exe'(1936)
c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\programdata\DatacardService\DCService.exe
c:\programdata\DatacardService\DCSHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Sluttid: 2012-07-22 11:19:26 - datorn startades om.
ComboFix-quarantined-files.txt 2012-07-22 09:19
.
Före genomsökningen: 165 717 635 072 byte ledigt
Efter genomsökningen: 165 566 853 120 byte ledigt
.
- - End Of File - - 21095889AFA1729DB5F41476E983555B

#5 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 11:23

Kopiera alla rader i rutan:
DirLook::
c:\users\Emma\AppData\Roaming\Save
c:\users\Emma\AppData\Roaming\Reyba
och klistra in i Anteckningar. Kontrollera att det är tre rader.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

#6 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 11:51

Jag har nu försökt göra som du skriver och får detta felmedelande.
"C:\User\Emma\Desktop\ComboFix.exe Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning"

Försöker jag starta någon webbläsare så får jag samma svar!

#7 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 12:07

Här kommer några olika alternativ. Du ska bara göra ett av dem, så om t ex alternativ 1 lyckas så behöver du inte göra något mer.

1. Döp om ComboFix.exe till ComboFix.com och försök köra det igen (på det sätt som står i mitt tidigare inlägg).

2. Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn) och försök köra ComboFix enligt tidigare inlägg.

3. Spara OTL på Skrivbordet (normalt läge).
http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL.

Under Output högt upp så välj Minimal Output.
Bocka för LOP Check och Purity Check.
Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

4. Som 3 men döp om OTL.exe till OTL.com.

5. Som 3 men i felsäkert läge.

Jag är tillbaka ikväll.

Redigerat av Cecilia, 22 juli 2012 klockan 12:08.


#8 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 12:38

Funkade i felsäkertläge Alt:2 här kommer Combofix loggen.

ComboFix 12-07-21.01 - Emma 2012-07-22 13:15:34.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2631 [GMT 2:00]
Körs från: c:\users\Emma\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Emma\Desktop\CFScript.txt
AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-22 11:24 . 2012-07-22 11:24 -------- d-----w- c:\users\Emma\AppData\Local\temp
2012-07-22 11:24 . 2012-07-22 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 09:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-22 09:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-22 09:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-22 09:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-22 09:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-22 09:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-22 09:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-22 09:28 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-22 09:28 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia
2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java
2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C
2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll
2012-06-30 12:10 . 2012-07-02 08:41 -------- d-----w- c:\users\Emma\AppData\Roaming\Save
2012-06-30 12:10 . 2012-07-01 21:05 -------- d-----w- c:\users\Emma\AppData\Roaming\Reyba
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Emma\AppData\Roaming\Reyba ----
.
.
---- Directory of c:\users\Emma\AppData\Roaming\Save ----
.
2012-07-02 08:41 . 2012-07-06 22:30 146007 ----a-w- c:\users\Emma\AppData\Roaming\Save\daen.por
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]
path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Extra genomsökning -------
.
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 13:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'Explorer.exe'(1152)
c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Sluttid: 2012-07-22 13:26:38
ComboFix-quarantined-files.txt 2012-07-22 11:26
ComboFix2.txt 2012-07-22 09:19
.
Före genomsökningen: 169 564 807 168 byte ledigt
Efter genomsökningen: 169 578 713 088 byte ledigt
.
- - End Of File - - 521ABBCBB3EC0DB10EF70641F38419A7

#9 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 17:15

Kopiera alla rader i rutan:
Killall::
ClearJavaCache::
Folder::
c:\users\Emma\AppData\Roaming\Save
c:\users\Emma\AppData\Roaming\Reyba
och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix (felsäkert läge om det behövs, men helst normalt läge).
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut och en ny DDS-logg.

#10 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 17:50

Här kommer ComboFix loggen, DDS får jag samma felmedelande som tidigare "C:\User\Emma\Desktop\dds.scr Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning".



ComboFix 12-07-21.01 - Emma 2012-07-22 18:27:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2082 [GMT 2:00]
Körs från: c:\users\Emma\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Emma\Desktop\CFScript.txt
AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emma\AppData\Roaming\Reyba
c:\users\Emma\AppData\Roaming\Save
c:\users\Emma\AppData\Roaming\Save\daen.por
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-22 16:35 . 2012-07-22 16:36 -------- d-----w- c:\users\Emma\AppData\Local\temp
2012-07-22 16:35 . 2012-07-22 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 09:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-22 09:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-22 09:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-22 09:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-22 09:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-22 09:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-22 09:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-22 09:28 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-22 09:28 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia
2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla
2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java
2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C
2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]
path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Extra genomsökning -------
.
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 18:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'Explorer.exe'(2228)
c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\programdata\DatacardService\DCService.exe
c:\programdata\DatacardService\DCSHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Sluttid: 2012-07-22 18:41:31 - datorn startades om.
ComboFix-quarantined-files.txt 2012-07-22 16:41
ComboFix2.txt 2012-07-22 11:26
ComboFix3.txt 2012-07-22 09:19
.
Före genomsökningen: 166 345 019 392 byte ledigt
Efter genomsökningen: 166 339 936 256 byte ledigt
.
- - End Of File - - BD5C253DB765285AEC6FC1E08FDC2CAC

#11 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 18:22

Provade att köra DDS scriptet i felsäkertläge men den stänger ner sig efter tre stycken (###) som om ingenting har hänt...

#12 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 18:27

1. Gör en snabbskanning med MBAM (Malwarebytes Anti-Malware). Om något hittas så klistra in den loggen.

2. Spara aswMBR på skrivbordet: http://public.avast....erek/aswMBR.exe
Starta om datorn och låt bli att starta några program.
Dubbel-klicka på aswMBR.exe för att köra programmet.
Klicka på Scan-knappen för att börja genomsökningen.
När den är klar så spara (Save) loggen på skrivbordet.
Klistra in loggen i ditt svar här.

3. Starta om datorn.
Spara TDSSKiller på Skrivbordet:
http://support.kaspe.../tdsskiller.exe

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.
Kör programmet TDSSKiller.exe.

Klicka på Start Scan.

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

#13 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 18:54

MBAM gav ingenting.

Här kommer aswMBR loggen:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 19:45:53
-----------------------------
19:45:53.997 OS Version: Windows 6.0.6002 Service Pack 2
19:45:53.997 Number of processors: 2 586 0x170A
19:45:53.997 ComputerName: HEMDATORN UserName: Emma
19:46:39.190 Initialize success
19:47:24.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:47:24.599 Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3
19:47:24.599 Disk 0 MBR read successfully
19:47:24.614 Disk 0 MBR scan
19:47:24.614 Disk 0 Windows VISTA default MBR code
19:47:24.614 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:47:24.630 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
19:47:24.646 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30800325
19:47:24.661 Disk 0 scanning sectors +488395120
19:47:24.755 Disk 0 scanning C:\Windows\system32\drivers
19:47:38.155 Service scanning
19:48:45.922 Modules scanning
19:49:24.563 Disk 0 trace - called modules:
19:49:24.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:49:24.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85906238]
19:49:24.594 3 CLASSPNP.SYS[8a8058b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8571eb98]
19:49:24.594 Scan finished successfully
19:50:03.027 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Documents\MBR.dat"
19:50:03.042 The log file has been saved successfully to "C:\Users\Emma\Documents\aswMBR.txt"

#14 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 19:00

Här kommer TDSSkiller loggen.

19:56:06.0280 5856 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:56:06.0326 5856 ============================================================
19:56:06.0326 5856 Current date / time: 2012/07/22 19:56:06.0326
19:56:06.0326 5856 SystemInfo:
19:56:06.0326 5856
19:56:06.0326 5856 OS Version: 6.0.6002 ServicePack: 2.0
19:56:06.0326 5856 Product type: Workstation
19:56:06.0326 5856 ComputerName: HEMDATORN
19:56:06.0326 5856 UserName: Emma
19:56:06.0326 5856 Windows directory: C:\Windows
19:56:06.0326 5856 System windows directory: C:\Windows
19:56:06.0326 5856 Processor architecture: Intel x86
19:56:06.0326 5856 Number of processors: 2
19:56:06.0326 5856 Page size: 0x1000
19:56:06.0326 5856 Boot type: Normal boot
19:56:06.0326 5856 ============================================================
19:56:07.0746 5856 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:56:07.0746 5856 ============================================================
19:56:07.0746 5856 \Device\Harddisk0\DR0:
19:56:07.0746 5856 MBR partitions:
19:56:07.0746 5856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
19:56:07.0746 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
19:56:07.0746 5856 ============================================================
19:56:07.0793 5856 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:07.0840 5856 D: <-> \Device\Harddisk0\DR0\Partition0
19:56:07.0840 5856 ============================================================
19:56:07.0840 5856 Initialize success
19:56:07.0840 5856 ============================================================
19:56:42.0175 4120 ============================================================
19:56:42.0175 4120 Scan started
19:56:42.0175 4120 Mode: Manual;
19:56:42.0175 4120 ============================================================
19:56:43.0002 4120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:56:43.0002 4120 ACPI - ok
19:56:43.0252 4120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:56:43.0267 4120 adp94xx - ok
19:56:43.0345 4120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:56:43.0361 4120 adpahci - ok
19:56:43.0392 4120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:56:43.0392 4120 adpu160m - ok
19:56:43.0423 4120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:56:43.0439 4120 adpu320 - ok
19:56:43.0501 4120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:56:43.0501 4120 AeLookupSvc - ok
19:56:43.0673 4120 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
19:56:43.0673 4120 AESTFilters - ok
19:56:43.0782 4120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:56:43.0782 4120 AFD - ok
19:56:43.0844 4120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:56:43.0844 4120 agp440 - ok
19:56:43.0891 4120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:56:43.0891 4120 aic78xx - ok
19:56:43.0922 4120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:56:43.0922 4120 ALG - ok
19:56:43.0954 4120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:56:43.0954 4120 aliide - ok
19:56:44.0000 4120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:56:44.0000 4120 amdagp - ok
19:56:44.0016 4120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:56:44.0016 4120 amdide - ok
19:56:44.0032 4120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:56:44.0032 4120 AmdK7 - ok
19:56:44.0063 4120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:56:44.0063 4120 AmdK8 - ok
19:56:44.0110 4120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:56:44.0110 4120 Appinfo - ok
19:56:44.0188 4120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:56:44.0188 4120 arc - ok
19:56:44.0234 4120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:56:44.0234 4120 arcsas - ok
19:56:44.0281 4120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:44.0281 4120 AsyncMac - ok
19:56:44.0312 4120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:56:44.0312 4120 atapi - ok
19:56:44.0406 4120 Ati External Event Utility (09474a86689571309e577a3c141e66c0) C:\Windows\system32\Ati2evxx.exe
19:56:44.0406 4120 Ati External Event Utility - ok
19:56:45.0108 4120 atikmdag (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:56:45.0186 4120 atikmdag - ok
19:56:45.0498 4120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:56:45.0514 4120 AudioEndpointBuilder - ok
19:56:45.0514 4120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:56:45.0514 4120 Audiosrv - ok
19:56:45.0685 4120 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:56:45.0685 4120 BBSvc - ok
19:56:45.0779 4120 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:56:45.0779 4120 BBUpdate - ok
19:56:45.0841 4120 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
19:56:45.0841 4120 BCM42RLY - ok
19:56:46.0122 4120 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:56:46.0138 4120 BCM43XX - ok
19:56:46.0200 4120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:56:46.0200 4120 Beep - ok
19:56:46.0309 4120 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:56:46.0325 4120 BFE - ok
19:56:46.0387 4120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:56:46.0387 4120 blbdrive - ok
19:56:46.0496 4120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:56:46.0496 4120 bowser - ok
19:56:46.0543 4120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:56:46.0543 4120 BrFiltLo - ok
19:56:46.0559 4120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:56:46.0559 4120 BrFiltUp - ok
19:56:46.0606 4120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:56:46.0606 4120 Browser - ok
19:56:46.0652 4120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:56:46.0652 4120 Brserid - ok
19:56:46.0668 4120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:56:46.0668 4120 BrSerWdm - ok
19:56:46.0699 4120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:56:46.0699 4120 BrUsbMdm - ok
19:56:46.0715 4120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:56:46.0715 4120 BrUsbSer - ok
19:56:46.0762 4120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:56:46.0762 4120 BTHMODEM - ok
19:56:46.0886 4120 catchme - ok
19:56:46.0949 4120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:56:46.0949 4120 cdfs - ok
19:56:46.0980 4120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:56:46.0980 4120 cdrom - ok
19:56:47.0074 4120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:56:47.0089 4120 CertPropSvc - ok
19:56:47.0136 4120 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
19:56:47.0136 4120 cfwids - ok
19:56:47.0183 4120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:56:47.0183 4120 circlass - ok
19:56:47.0245 4120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:56:47.0261 4120 CLFS - ok
19:56:47.0354 4120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:47.0354 4120 clr_optimization_v2.0.50727_32 - ok
19:56:47.0479 4120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:47.0479 4120 clr_optimization_v4.0.30319_32 - ok
19:56:47.0542 4120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:56:47.0542 4120 CmBatt - ok
19:56:47.0588 4120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:56:47.0588 4120 cmdide - ok
19:56:47.0635 4120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:56:47.0635 4120 Compbatt - ok
19:56:47.0635 4120 COMSysApp - ok
19:56:47.0651 4120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:56:47.0651 4120 crcdisk - ok
19:56:47.0666 4120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:56:47.0666 4120 Crusoe - ok
19:56:47.0744 4120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:56:47.0744 4120 CryptSvc - ok
19:56:47.0807 4120 CtClsFlt (ec232b13241caf587323b84981e0dda3) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:56:47.0807 4120 CtClsFlt - ok
19:56:47.0947 4120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:56:47.0947 4120 DcomLaunch - ok
19:56:48.0134 4120 DCService.exe (3b604417ebae4e1e66e6abd8cc55fd76) C:\ProgramData\DatacardService\DCService.exe
19:56:48.0134 4120 DCService.exe - ok
19:56:48.0244 4120 DCSHost.exe (b0f9b3f576ddec8975bf33fe27ff44fb) C:\ProgramData\DatacardService\DCSHost.exe
19:56:48.0244 4120 DCSHost.exe - ok
19:56:48.0290 4120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:56:48.0290 4120 DfsC - ok
19:56:48.0602 4120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:56:48.0680 4120 DFSR - ok
19:56:49.0008 4120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:56:49.0008 4120 Dhcp - ok
19:56:49.0117 4120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:56:49.0117 4120 disk - ok
19:56:49.0258 4120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:56:49.0258 4120 Dnscache - ok
19:56:49.0320 4120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:56:49.0336 4120 dot3svc - ok
19:56:49.0398 4120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:56:49.0398 4120 DPS - ok
19:56:49.0445 4120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:56:49.0445 4120 drmkaud - ok
19:56:49.0554 4120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:56:49.0570 4120 DXGKrnl - ok
19:56:49.0679 4120 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:56:49.0679 4120 e1express - ok
19:56:49.0835 4120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:56:49.0835 4120 E1G60 - ok
19:56:49.0897 4120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:56:49.0897 4120 EapHost - ok
19:56:49.0975 4120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:56:49.0975 4120 Ecache - ok
19:56:50.0084 4120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:56:50.0100 4120 ehRecvr - ok
19:56:50.0131 4120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:56:50.0147 4120 ehSched - ok
19:56:50.0147 4120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:56:50.0162 4120 ehstart - ok
19:56:50.0225 4120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:56:50.0240 4120 elxstor - ok
19:56:50.0365 4120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:56:50.0396 4120 EMDMgmt - ok
19:56:50.0428 4120 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
19:56:50.0428 4120 ErrDev - ok
19:56:50.0506 4120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:56:50.0506 4120 EventSystem - ok
19:56:50.0599 4120 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:56:50.0599 4120 ewusbnet - ok
19:56:50.0740 4120 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:56:50.0740 4120 ew_hwusbdev - ok
19:56:50.0802 4120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:56:50.0802 4120 exfat - ok
19:56:50.0864 4120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:56:50.0864 4120 fastfat - ok
19:56:50.0927 4120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:56:50.0927 4120 fdc - ok
19:56:50.0989 4120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:56:50.0989 4120 fdPHost - ok
19:56:51.0005 4120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:56:51.0005 4120 FDResPub - ok
19:56:51.0020 4120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:56:51.0020 4120 FileInfo - ok
19:56:51.0052 4120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:56:51.0052 4120 Filetrace - ok
19:56:51.0067 4120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:56:51.0067 4120 flpydisk - ok
19:56:51.0114 4120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:56:51.0130 4120 FltMgr - ok
19:56:51.0301 4120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:56:51.0332 4120 FontCache - ok
19:56:51.0410 4120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:56:51.0410 4120 FontCache3.0.0.0 - ok
19:56:51.0457 4120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:56:51.0457 4120 Fs_Rec - ok
19:56:51.0504 4120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:56:51.0504 4120 gagp30kx - ok
19:56:51.0629 4120 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:56:51.0629 4120 GoToAssist - ok
19:56:51.0785 4120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:56:51.0785 4120 gpsvc - ok
19:56:51.0863 4120 GTUHSBUS (78bb41b705d65681479bcadf44404670) C:\Windows\system32\DRIVERS\gtuhsbus.sys
19:56:51.0863 4120 GTUHSBUS - ok
19:56:51.0910 4120 GTUHSNDISIPXP (1cc5454afbdef74c077a16e907478936) C:\Windows\system32\DRIVERS\gtuhs51.sys
19:56:51.0910 4120 GTUHSNDISIPXP - ok
19:56:51.0972 4120 GTUHSSER (7a5cd583652b2d52a3270a2575c09c19) C:\Windows\system32\DRIVERS\gtuhsser.sys
19:56:51.0972 4120 GTUHSSER - ok
19:56:52.0034 4120 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:56:52.0034 4120 HdAudAddService - ok
19:56:52.0190 4120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:56:52.0222 4120 HDAudBus - ok
19:56:52.0253 4120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:56:52.0253 4120 HidBth - ok
19:56:52.0268 4120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:56:52.0268 4120 HidIr - ok
19:56:52.0315 4120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:56:52.0315 4120 hidserv - ok
19:56:52.0362 4120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:56:52.0362 4120 HidUsb - ok
19:56:52.0409 4120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:56:52.0409 4120 hkmsvc - ok
19:56:52.0456 4120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:56:52.0456 4120 HpCISSs - ok
19:56:52.0534 4120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:56:52.0534 4120 HTTP - ok
19:56:52.0596 4120 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:56:52.0596 4120 huawei_enumerator - ok
19:56:52.0674 4120 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:56:52.0690 4120 hwdatacard - ok
19:56:52.0721 4120 hwusbfake - ok
19:56:52.0768 4120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:56:52.0768 4120 i2omp - ok
19:56:52.0846 4120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:56:52.0846 4120 i8042prt - ok
19:56:52.0892 4120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:56:52.0892 4120 iaStorV - ok
19:56:53.0282 4120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:56:53.0314 4120 idsvc - ok
19:56:53.0329 4120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:56:53.0329 4120 iirsp - ok
19:56:53.0470 4120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:56:53.0485 4120 IKEEXT - ok
19:56:53.0548 4120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:56:53.0548 4120 intelide - ok
19:56:53.0594 4120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:56:53.0594 4120 intelppm - ok
19:56:53.0657 4120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:56:53.0657 4120 IPBusEnum - ok
19:56:53.0688 4120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:53.0688 4120 IpFilterDriver - ok
19:56:53.0750 4120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:56:53.0750 4120 iphlpsvc - ok
19:56:53.0766 4120 IpInIp - ok
19:56:53.0813 4120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:56:53.0813 4120 IPMIDRV - ok
19:56:53.0875 4120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:56:53.0875 4120 IPNAT - ok
19:56:53.0906 4120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:56:53.0922 4120 IRENUM - ok
19:56:53.0953 4120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:56:53.0953 4120 isapnp - ok
19:56:54.0016 4120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:56:54.0016 4120 iScsiPrt - ok
19:56:54.0047 4120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:56:54.0062 4120 iteatapi - ok
19:56:54.0078 4120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:56:54.0078 4120 iteraid - ok
19:56:54.0125 4120 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
19:56:54.0125 4120 k57nd60x - ok
19:56:54.0156 4120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:54.0172 4120 kbdclass - ok
19:56:54.0187 4120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:54.0187 4120 kbdhid - ok
19:56:54.0234 4120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:54.0234 4120 KeyIso - ok
19:56:54.0312 4120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:56:54.0343 4120 KSecDD - ok
19:56:54.0421 4120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:56:54.0421 4120 KtmRm - ok
19:56:54.0468 4120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:56:54.0484 4120 LanmanServer - ok
19:56:54.0530 4120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:56:54.0546 4120 LanmanWorkstation - ok
19:56:54.0624 4120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:56:54.0624 4120 lltdio - ok
19:56:54.0686 4120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:56:54.0686 4120 lltdsvc - ok
19:56:54.0702 4120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:56:54.0702 4120 lmhosts - ok
19:56:54.0749 4120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:56:54.0764 4120 LSI_FC - ok
19:56:54.0796 4120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:56:54.0796 4120 LSI_SAS - ok
19:56:54.0858 4120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:56:54.0858 4120 LSI_SCSI - ok
19:56:54.0905 4120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:56:54.0905 4120 luafv - ok
19:56:55.0139 4120 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:56:55.0139 4120 McMPFSvc - ok
19:56:55.0139 4120 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:56:55.0139 4120 mcmscsvc - ok
19:56:55.0154 4120 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:56:55.0154 4120 McNaiAnn - ok
19:56:55.0170 4120 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:56:55.0170 4120 McNASvc - ok
19:56:55.0373 4120 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
19:56:55.0373 4120 McODS - ok
19:56:55.0404 4120 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:56:55.0404 4120 McProxy - ok
19:56:55.0529 4120 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:56:55.0544 4120 McShield - ok
19:56:55.0591 4120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:56:55.0591 4120 Mcx2Svc - ok
19:56:55.0622 4120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:56:55.0638 4120 megasas - ok
19:56:55.0732 4120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:56:55.0732 4120 MegaSR - ok
19:56:55.0794 4120 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
19:56:55.0810 4120 mfeapfk - ok
19:56:55.0856 4120 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
19:56:55.0856 4120 mfeavfk - ok
19:56:55.0888 4120 mfeavfk01 - ok
19:56:55.0950 4120 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
19:56:55.0950 4120 mfebopk - ok
19:56:56.0012 4120 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:56:56.0012 4120 mfefire - ok
19:56:56.0168 4120 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
19:56:56.0168 4120 mfefirek - ok
19:56:56.0293 4120 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
19:56:56.0309 4120 mfehidk - ok
19:56:56.0356 4120 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:56:56.0356 4120 mfenlfk - ok
19:56:56.0418 4120 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
19:56:56.0418 4120 mferkdet - ok
19:56:56.0480 4120 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
19:56:56.0480 4120 mfevtp - ok
19:56:56.0527 4120 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
19:56:56.0527 4120 mfewfpk - ok
19:56:56.0590 4120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:56:56.0590 4120 MMCSS - ok
19:56:56.0636 4120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:56:56.0636 4120 Modem - ok
19:56:56.0668 4120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:56:56.0668 4120 monitor - ok
19:56:56.0730 4120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:56:56.0730 4120 mouclass - ok
19:56:56.0824 4120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:56:56.0824 4120 mouhid - ok
19:56:56.0870 4120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:56:56.0870 4120 MountMgr - ok
19:56:56.0933 4120 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:56:56.0933 4120 MozillaMaintenance - ok
19:56:56.0980 4120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:56:56.0980 4120 mpio - ok
19:56:57.0011 4120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:56:57.0011 4120 mpsdrv - ok
19:56:57.0120 4120 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:56:57.0120 4120 MpsSvc - ok
19:56:57.0151 4120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:56:57.0167 4120 Mraid35x - ok
19:56:57.0214 4120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:56:57.0214 4120 MRxDAV - ok
19:56:57.0276 4120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:57.0276 4120 mrxsmb - ok
19:56:57.0338 4120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:57.0354 4120 mrxsmb10 - ok
19:56:57.0370 4120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:57.0370 4120 mrxsmb20 - ok
19:56:57.0401 4120 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:56:57.0401 4120 msahci - ok
19:56:57.0463 4120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:56:57.0463 4120 msdsm - ok
19:56:57.0510 4120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:56:57.0510 4120 MSDTC - ok
19:56:57.0557 4120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:56:57.0557 4120 Msfs - ok
19:56:57.0604 4120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:56:57.0604 4120 msisadrv - ok
19:56:57.0650 4120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:56:57.0650 4120 MSiSCSI - ok
19:56:57.0697 4120 msiserver - ok
19:56:57.0884 4120 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:56:57.0884 4120 MSK80Service - ok
19:56:57.0931 4120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:56:57.0931 4120 MSKSSRV - ok
19:56:57.0962 4120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:57.0962 4120 MSPCLOCK - ok
19:56:57.0994 4120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:56:57.0994 4120 MSPQM - ok
19:56:58.0056 4120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:56:58.0056 4120 MsRPC - ok
19:56:58.0118 4120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:56:58.0118 4120 mssmbios - ok
19:56:58.0181 4120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:56:58.0181 4120 MSTEE - ok
19:56:58.0228 4120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:56:58.0228 4120 Mup - ok
19:56:58.0306 4120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:56:58.0306 4120 napagent - ok
19:56:58.0415 4120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:56:58.0415 4120 NativeWifiP - ok
19:56:58.0571 4120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:56:58.0602 4120 NDIS - ok
19:56:58.0649 4120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:58.0649 4120 NdisTapi - ok
19:56:58.0649 4120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:58.0664 4120 Ndisuio - ok
19:56:58.0758 4120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:58.0758 4120 NdisWan - ok
19:56:58.0789 4120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:56:58.0789 4120 NDProxy - ok
19:56:58.0820 4120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:56:58.0820 4120 NetBIOS - ok
19:56:58.0883 4120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:56:58.0898 4120 netbt - ok
19:56:58.0961 4120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:58.0961 4120 Netlogon - ok
19:56:59.0132 4120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:56:59.0132 4120 Netman - ok
19:56:59.0179 4120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:56:59.0179 4120 netprofm - ok
19:56:59.0257 4120 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:59.0257 4120 NetTcpPortSharing - ok
19:56:59.0288 4120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:56:59.0288 4120 nfrd960 - ok
19:56:59.0335 4120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:56:59.0335 4120 NlaSvc - ok
19:56:59.0398 4120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:56:59.0398 4120 Npfs - ok
19:56:59.0429 4120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:56:59.0429 4120 nsi - ok
19:56:59.0460 4120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:56:59.0460 4120 nsiproxy - ok
19:56:59.0694 4120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:56:59.0741 4120 Ntfs - ok
19:56:59.0772 4120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:56:59.0772 4120 ntrigdigi - ok
19:56:59.0819 4120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:56:59.0819 4120 Null - ok
19:56:59.0834 4120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:56:59.0834 4120 nvraid - ok
19:56:59.0866 4120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:56:59.0866 4120 nvstor - ok
19:56:59.0897 4120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:56:59.0897 4120 nv_agp - ok
19:56:59.0897 4120 NwlnkFlt - ok
19:56:59.0912 4120 NwlnkFwd - ok
19:56:59.0944 4120 OA008Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\Windows\system32\DRIVERS\OA008Ufd.sys
19:56:59.0944 4120 OA008Ufd - ok
19:57:00.0006 4120 OA008Vid (abfd4952e8c4d3f8af6c416c76fe6e15) C:\Windows\system32\DRIVERS\OA008Vid.sys
19:57:00.0006 4120 OA008Vid - ok
19:57:00.0178 4120 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:00.0193 4120 odserv - ok
19:57:00.0256 4120 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:57:00.0256 4120 ohci1394 - ok
19:57:00.0318 4120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:00.0318 4120 ose - ok
19:57:00.0427 4120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:57:00.0443 4120 p2pimsvc - ok
19:57:00.0443 4120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:57:00.0458 4120 p2psvc - ok
19:57:00.0505 4120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:57:00.0505 4120 Parport - ok
19:57:00.0568 4120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:57:00.0568 4120 partmgr - ok
19:57:00.0583 4120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:57:00.0583 4120 Parvdm - ok
19:57:00.0614 4120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:57:00.0614 4120 PcaSvc - ok
19:57:00.0677 4120 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
19:57:00.0739 4120 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
19:57:00.0739 4120 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
19:57:00.0802 4120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:57:00.0802 4120 pci - ok
19:57:00.0848 4120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:57:00.0848 4120 pciide - ok
19:57:00.0895 4120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:57:00.0895 4120 pcmcia - ok
19:57:01.0004 4120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:57:01.0067 4120 PEAUTH - ok
19:57:01.0332 4120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:57:01.0379 4120 pla - ok
19:57:01.0722 4120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:57:01.0722 4120 PlugPlay - ok
19:57:01.0847 4120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:57:01.0862 4120 PNRPAutoReg - ok
19:57:01.0862 4120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:57:01.0878 4120 PNRPsvc - ok
19:57:02.0112 4120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:57:02.0143 4120 PolicyAgent - ok
19:57:02.0221 4120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:57:02.0221 4120 PptpMiniport - ok
19:57:02.0237 4120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:57:02.0237 4120 Processor - ok
19:57:02.0284 4120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:57:02.0299 4120 ProfSvc - ok
19:57:02.0346 4120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:57:02.0346 4120 ProtectedStorage - ok
19:57:02.0408 4120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:57:02.0408 4120 PSched - ok
19:57:02.0486 4120 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:57:02.0486 4120 PxHelp20 - ok
19:57:02.0642 4120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:57:02.0689 4120 ql2300 - ok
19:57:02.0736 4120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:57:02.0736 4120 ql40xx - ok
19:57:02.0845 4120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:57:02.0845 4120 QWAVE - ok
19:57:02.0876 4120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:57:02.0876 4120 QWAVEdrv - ok
19:57:03.0407 4120 R300 (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:03.0422 4120 R300 - ok
19:57:03.0890 4120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:57:03.0890 4120 RasAcd - ok
19:57:03.0937 4120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:57:03.0937 4120 RasAuto - ok
19:57:03.0968 4120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:03.0968 4120 Rasl2tp - ok
19:57:04.0031 4120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:57:04.0046 4120 RasMan - ok
19:57:04.0078 4120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:04.0078 4120 RasPppoe - ok
19:57:04.0140 4120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:57:04.0140 4120 RasSstp - ok
19:57:04.0202 4120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:57:04.0202 4120 rdbss - ok
19:57:04.0249 4120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:04.0249 4120 RDPCDD - ok
19:57:04.0296 4120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:57:04.0296 4120 rdpdr - ok
19:57:04.0296 4120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:57:04.0296 4120 RDPENCDD - ok
19:57:04.0343 4120 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:57:04.0343 4120 RDPWD - ok
19:57:04.0421 4120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:57:04.0421 4120 RemoteAccess - ok
19:57:04.0468 4120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:57:04.0468 4120 RemoteRegistry - ok
19:57:04.0530 4120 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:57:04.0530 4120 rimmptsk - ok
19:57:04.0546 4120 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:57:04.0546 4120 rimsptsk - ok
19:57:04.0546 4120 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:57:04.0546 4120 rismxdp - ok
19:57:04.0592 4120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:57:04.0592 4120 RpcLocator - ok
19:57:04.0702 4120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:57:04.0717 4120 RpcSs - ok
19:57:04.0764 4120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:57:04.0780 4120 rspndr - ok
19:57:04.0826 4120 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:57:04.0842 4120 s1018bus - ok
19:57:04.0889 4120 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:57:04.0889 4120 s1018mdfl - ok
19:57:04.0920 4120 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:57:04.0920 4120 s1018mdm - ok
19:57:04.0998 4120 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:57:04.0998 4120 s1018mgmt - ok
19:57:05.0045 4120 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:57:05.0045 4120 s1018nd5 - ok
19:57:05.0107 4120 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:57:05.0107 4120 s1018obex - ok
19:57:05.0138 4120 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:57:05.0138 4120 s1018unic - ok
19:57:05.0201 4120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:57:05.0201 4120 SamSs - ok
19:57:05.0232 4120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:57:05.0232 4120 sbp2port - ok
19:57:05.0279 4120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:57:05.0279 4120 SCardSvr - ok
19:57:05.0372 4120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:57:05.0372 4120 Schedule - ok
19:57:05.0419 4120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:57:05.0419 4120 SCPolicySvc - ok
19:57:05.0466 4120 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:57:05.0466 4120 sdbus - ok
19:57:05.0528 4120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:57:05.0528 4120 SDRSVC - ok
19:57:05.0575 4120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:57:05.0575 4120 secdrv - ok
19:57:05.0591 4120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:57:05.0591 4120 seclogon - ok
19:57:05.0622 4120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:57:05.0622 4120 SENS - ok
19:57:05.0638 4120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:57:05.0638 4120 Serenum - ok
19:57:05.0684 4120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:57:05.0684 4120 Serial - ok
19:57:05.0700 4120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:57:05.0716 4120 sermouse - ok
19:57:05.0762 4120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:57:05.0762 4120 SessionEnv - ok
19:57:05.0778 4120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:57:05.0794 4120 sffdisk - ok
19:57:05.0794 4120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:57:05.0794 4120 sffp_mmc - ok
19:57:05.0825 4120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:57:05.0825 4120 sffp_sd - ok
19:57:05.0840 4120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:57:05.0840 4120 sfloppy - ok
19:57:05.0918 4120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:57:05.0918 4120 SharedAccess - ok
19:57:05.0996 4120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:57:06.0012 4120 ShellHWDetection - ok
19:57:06.0028 4120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:57:06.0028 4120 sisagp - ok
19:57:06.0059 4120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:57:06.0059 4120 SiSRaid2 - ok
19:57:06.0090 4120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:57:06.0106 4120 SiSRaid4 - ok
19:57:06.0636 4120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:57:06.0652 4120 slsvc - ok
19:57:06.0948 4120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:57:06.0948 4120 SLUINotify - ok
19:57:07.0073 4120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:57:07.0073 4120 Smb - ok
19:57:07.0120 4120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:57:07.0120 4120 SNMPTRAP - ok
19:57:07.0432 4120 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
19:57:07.0447 4120 Sony PC Companion - ok
19:57:07.0494 4120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:57:07.0494 4120 spldr - ok
19:57:07.0588 4120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:57:07.0603 4120 Spooler - ok
19:57:07.0790 4120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:57:07.0790 4120 srv - ok
19:57:07.0900 4120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:57:07.0900 4120 srv2 - ok
19:57:07.0946 4120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:57:07.0946 4120 srvnet - ok
19:57:08.0009 4120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:57:08.0009 4120 SSDPSRV - ok
19:57:08.0056 4120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:57:08.0071 4120 SstpSvc - ok
19:57:08.0243 4120 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
19:57:08.0243 4120 STacSV - ok
19:57:08.0336 4120 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
19:57:08.0336 4120 STHDA - ok
19:57:08.0461 4120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:57:08.0477 4120 stisvc - ok
19:57:08.0570 4120 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:57:08.0570 4120 stllssvr - ok
19:57:08.0617 4120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:57:08.0617 4120 swenum - ok
19:57:08.0773 4120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:57:08.0836 4120 swprv - ok
19:57:08.0851 4120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:57:08.0851 4120 Symc8xx - ok
19:57:08.0882 4120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:57:08.0882 4120 Sym_hi - ok
19:57:08.0914 4120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:57:08.0914 4120 Sym_u3 - ok
19:57:09.0007 4120 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys
19:57:09.0007 4120 SynTP - ok
19:57:09.0179 4120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:57:09.0210 4120 SysMain - ok
19:57:09.0241 4120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:57:09.0241 4120 TabletInputService - ok
19:57:09.0319 4120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:57:09.0335 4120 TapiSrv - ok
19:57:09.0350 4120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:57:09.0350 4120 TBS - ok
19:57:09.0491 4120 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:57:09.0506 4120 Tcpip - ok
19:57:09.0506 4120 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:57:09.0522 4120 Tcpip6 - ok
19:57:09.0553 4120 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:57:09.0553 4120 tcpipreg - ok
19:57:09.0584 4120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:57:09.0584 4120 TDPIPE - ok
19:57:09.0631 4120 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\Windows\system32\DRIVERS\shbecr.sys
19:57:09.0631 4120 Tdsshbecr - ok
19:57:09.0662 4120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:57:09.0662 4120 TDTCP - ok
19:57:09.0709 4120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:57:09.0709 4120 tdx - ok
19:57:09.0740 4120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:57:09.0740 4120 TermDD - ok
19:57:09.0850 4120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:57:09.0850 4120 TermService - ok
19:57:09.0928 4120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:57:09.0928 4120 Themes - ok
19:57:09.0974 4120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:57:09.0974 4120 THREADORDER - ok
19:57:10.0037 4120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:57:10.0037 4120 TrkWks - ok
19:57:10.0130 4120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:57:10.0130 4120 TrustedInstaller - ok
19:57:10.0177 4120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:10.0177 4120 tssecsrv - ok
19:57:10.0208 4120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:57:10.0208 4120 tunmp - ok
19:57:10.0240 4120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:57:10.0240 4120 tunnel - ok
19:57:10.0271 4120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:57:10.0271 4120 uagp35 - ok
19:57:10.0333 4120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:57:10.0333 4120 udfs - ok
19:57:10.0380 4120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:57:10.0396 4120 UI0Detect - ok
19:57:10.0427 4120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:57:10.0442 4120 uliagpkx - ok
19:57:10.0474 4120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:57:10.0474 4120 uliahci - ok
19:57:10.0505 4120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:57:10.0505 4120 UlSata - ok
19:57:10.0552 4120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:57:10.0552 4120 ulsata2 - ok
19:57:10.0583 4120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:57:10.0583 4120 umbus - ok
19:57:10.0661 4120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:57:10.0676 4120 upnphost - ok
19:57:10.0708 4120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:10.0708 4120 usbccgp - ok
19:57:10.0754 4120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:57:10.0770 4120 usbcir - ok
19:57:10.0817 4120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:57:10.0817 4120 usbehci - ok
19:57:10.0926 4120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:57:10.0942 4120 usbhub - ok
19:57:10.0988 4120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:57:10.0988 4120 usbohci - ok
19:57:11.0020 4120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:57:11.0020 4120 usbprint - ok
19:57:11.0082 4120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:57:11.0082 4120 usbscan - ok
19:57:11.0144 4120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:57:11.0144 4120 USBSTOR - ok
19:57:11.0176 4120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:57:11.0176 4120 usbuhci - ok
19:57:11.0254 4120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:57:11.0254 4120 UxSms - ok
19:57:11.0347 4120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:57:11.0347 4120 vds - ok
19:57:11.0378 4120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:11.0394 4120 vga - ok
19:57:11.0410 4120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:57:11.0410 4120 VgaSave - ok
19:57:11.0425 4120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:57:11.0425 4120 viaagp - ok
19:57:11.0456 4120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:57:11.0456 4120 ViaC7 - ok
19:57:11.0488 4120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:57:11.0488 4120 viaide - ok
19:57:11.0503 4120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:57:11.0503 4120 volmgr - ok
19:57:11.0581 4120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:57:11.0597 4120 volmgrx - ok
19:57:11.0644 4120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:57:11.0644 4120 volsnap - ok
19:57:11.0706 4120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:57:11.0706 4120 vsmraid - ok
19:57:11.0846 4120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:57:11.0909 4120 VSS - ok
19:57:11.0971 4120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:57:11.0971 4120 W32Time - ok
19:57:12.0080 4120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:57:12.0080 4120 WacomPen - ok
19:57:12.0112 4120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:12.0112 4120 Wanarp - ok
19:57:12.0112 4120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:12.0112 4120 Wanarpv6 - ok
19:57:12.0205 4120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:57:12.0252 4120 wcncsvc - ok
19:57:12.0283 4120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:57:12.0299 4120 WcsPlugInService - ok
19:57:12.0330 4120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:57:12.0330 4120 Wd - ok
19:57:12.0408 4120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:57:12.0424 4120 Wdf01000 - ok
19:57:12.0439 4120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:57:12.0455 4120 WdiServiceHost - ok
19:57:12.0455 4120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:57:12.0455 4120 WdiSystemHost - ok
19:57:12.0533 4120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:57:12.0533 4120 WebClient - ok
19:57:12.0595 4120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:57:12.0595 4120 Wecsvc - ok
19:57:12.0658 4120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:57:12.0673 4120 wercplsupport - ok
19:57:12.0736 4120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:57:12.0751 4120 WerSvc - ok
19:57:12.0860 4120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:57:12.0860 4120 WinDefend - ok
19:57:12.0876 4120 WinHttpAutoProxySvc - ok
19:57:12.0985 4120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:57:12.0985 4120 Winmgmt - ok
19:57:13.0141 4120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:57:13.0188 4120 WinRM - ok
19:57:13.0266 4120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:57:13.0282 4120 Wlansvc - ok
19:57:13.0282 4120 wltrysvc - ok
19:57:13.0375 4120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:57:13.0375 4120 WmiAcpi - ok
19:57:13.0500 4120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:57:13.0500 4120 wmiApSrv - ok
19:57:13.0687 4120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:57:13.0703 4120 WMPNetworkSvc - ok
19:57:13.0859 4120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:57:13.0859 4120 WPCSvc - ok
19:57:13.0890 4120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:57:13.0890 4120 WPDBusEnum - ok
19:57:14.0015 4120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:57:14.0030 4120 WpdUsb - ok
19:57:14.0358 4120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:57:14.0358 4120 WPFFontCache_v0400 - ok
19:57:14.0405 4120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:57:14.0405 4120 ws2ifsl - ok
19:57:14.0467 4120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:57:14.0467 4120 wscsvc - ok
19:57:14.0467 4120 WSearch - ok
19:57:14.0904 4120 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:57:14.0951 4120 wuauserv - ok
19:57:15.0200 4120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:15.0216 4120 WUDFRd - ok
19:57:15.0247 4120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:57:15.0247 4120 wudfsvc - ok
19:57:15.0341 4120 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:57:15.0824 4120 \Device\Harddisk0\DR0 - ok
19:57:15.0856 4120 Boot (0x1200) (31a20ca4e1a082bc7bd687922a5f1757) \Device\Harddisk0\DR0\Partition0
19:57:15.0856 4120 \Device\Harddisk0\DR0\Partition0 - ok
19:57:15.0887 4120 Boot (0x1200) (6c681f79c4c1e124f5bf860a7d906225) \Device\Harddisk0\DR0\Partition1
19:57:15.0887 4120 \Device\Harddisk0\DR0\Partition1 - ok
19:57:15.0887 4120 ============================================================
19:57:15.0887 4120 Scan finished
19:57:15.0887 4120 ============================================================
19:57:15.0902 4112 Detected object count: 0
19:57:15.0902 4112 Actual detected object count: 0
19:57:42.0126 5848 Deinitialize success

#15 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 19:08

Nu funkade det även att köra DDSlogg som kommer här:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Emma at 20:01:04 on 2012-07-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2270 [GMT 2:00]
.
AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\DatacardService\DCSHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627205154.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\emma\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\teliam~1.lnk - c:\program files\telia\telia_mobilt_bredband\Telia_Mobilt_bredband.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B69C2EC-AB3E-4EC0-99EC-2D1962F13FF3} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{4D1F536F-3899-48A3-B7AA-08AAEE1CB98F} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{7FC942A1-5B6E-408D-AE08-3B9FB50676BE} : DhcpNameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{95E82A23-BF00-4825-BB76-586D5901A48D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F53F2175-5DCF-4E57-9ECF-F78747298FE4} : DhcpNameServer = 83.255.245.11 193.150.193.150
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\emma\appdata\roaming\mozilla\firefox\profiles\ar09atuj.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-18 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-18 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-2 169608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-9 81920]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
R2 DCSHost.exe;DCSHost.exe;c:\programdata\datacardservice\DCSHOST.exe [2011-12-12 110592]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-18 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-18 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-18 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-18 57600]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 135936]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-20 72832]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-9 212992]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-18 180848]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-18 340920]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-6-9 133472]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-6-9 271616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-20 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-20 116736]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 63360]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 105856]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 8064]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-18 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-18 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-25 109864]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-11-28 155320]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-2-4 42368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-22 16:41:33 -------- d-----w- c:\users\emma\appdata\local\temp
2012-07-22 16:40:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-22 16:26:43 -------- d-----w- C:\ComboFix
2012-07-22 09:28:55 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-22 09:28:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-22 09:28:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-22 09:28:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-22 09:02:14 98816 ----a-w- c:\windows\sed.exe
2012-07-22 09:02:14 518144 ----a-w- c:\windows\SWREG.exe
2012-07-22 09:02:14 256000 ----a-w- c:\windows\PEV.exe
2012-07-22 09:02:14 208896 ----a-w- c:\windows\MBR.exe
2012-07-22 00:40:21 -------- d-----w- c:\users\emma\appdata\local\Macromedia
2012-07-22 00:22:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 20:14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 19:59:10 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-21 16:45:14 -------- d-----w- c:\programdata\HitmanPro
2012-07-21 15:32:26 -------- d-----w- c:\users\emma\appdata\roaming\Malwarebytes
2012-07-21 15:32:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 17:10:14 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C
2012-07-18 07:48:02 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed0801ad-0eec-432f-91c6-0a9b4c0f2181}\mpengine.dll
.
==================== Find3M ====================
.
2012-07-22 00:22:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 19:58:52 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:01:25,34 ===============

Bifogad fil(er)

  • Bifogad fil  Attach.txt   7,89K   1 Antal nerladdningar


#16 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 20:27

Fungerar Windows Update nu och är datorn mindre seg?

#17 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 22 juli 2012 klockan 20:42

Windows Uppdate fungerar. Tycker att den känns bra men jag måste kolla med min svägeska vad hon tycker för det är hennes dator. Stor skilnad från tidigare enligt mig. Nu kan jag även starta webbläsarna och inga av dom tidigare programmen verkar protestera heller... :)

Vad var det som var fel?

Ser det bra ut i loggarna nu?

Vilka av programmen skall jag ta bort? :blush:

MÅSTE BARA PASSA PÅ ATT TACKA JÄTTE MYCKET FÖR HJÄLPEN.
:D :thumbsup:

EDIT: Windows Uppdate fungerar INTE av 51st viktiga uppdateringar så installerades ingen! "Påträffade fel. kod 80246008 Det har inträffat ett okänt fel i Windows Uppdate."

Redigerat av The OldBoy, 22 juli 2012 klockan 20:50.


#18 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 22 juli 2012 klockan 23:05

Det är bäst att vänta med att avinstallera ComboFix och de andra programmen tills vi vet att allt är bra med datorn.

När det gäller Windows Update så pröva med förslagen i tråden http://eforum.idg.se...indovs-uppdate/ även om du inte bör ändra alla tjänster som trådskaparen gör där utan hålla dig till dem som rekommenderas.
Om det inte hjälper så ta till fix-programmet på http://www.thewindow...-fix-wu-utility

#19 The OldBoy

The OldBoy

    Aktiv

  • Medlemmar
  • PipPipPip
  • 116 inlägg
  • Ort:GÄLLIVARE

Postad 23 juli 2012 klockan 00:40

Jag har nu sök i tjänster och inte hittat BITS! Men Windows Event Log service var startat och automatiskt.

Jag har även provat med att köra fix-programmet som du länkade till och det funkar inte ändå!?

#20 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 169 inlägg
  • Ort:Stockholm

Postad 23 juli 2012 klockan 09:05

Windows Update kan inte fungera utan Background Intelligent Transfer Service (BITS).

Kör Systemfilsgranskaren och se om den kan reparera Windows: http://support.micro...om/kb/929833/sv




0 användare läser detta ämne

0 medlemmar, 0 gäster, 0 anonyma medlemmar

 

Senaste trådarna

pc för alla Senaste nytt


Prenumerera på nyheter

Missa inte PC för Allas
smarta nyhetsbrev
Läs mer om nyhetsbreven här!
  PFA Express
  Veckans surftips
  Extreme
PC för Alla-nätverket