Problem med Live Security Platinum

[The OldBoy]

Hejsan!

 

Har som rubriken säger problem med Live Security Platinum. Har försökt att rensa bort det enligt följande sida. Men upplever att datorn är seg.

 

Har nu kört en DDS log som jag hoppas få hjälp att kolla. Bifogar även Attach filen.

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19170

Run by Emma at 1:48:04 on 2012-07-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1796 [GMT 2:00]

.

AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\DatacardService\DCService.exe

C:\ProgramData\DatacardService\DCSHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\ProgramData\DatacardService\DataCardMonitor.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll

mURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627205154.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sony PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\emma\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\teliam~1.lnk - c:\program files\telia\telia_mobilt_bredband\Telia_Mobilt_bredband.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1B69C2EC-AB3E-4EC0-99EC-2D1962F13FF3} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{4D1F536F-3899-48A3-B7AA-08AAEE1CB98F} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{7FC942A1-5B6E-408D-AE08-3B9FB50676BE} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{95E82A23-BF00-4825-BB76-586D5901A48D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F53F2175-5DCF-4E57-9ECF-F78747298FE4} : DhcpNameServer = 83.255.245.11 193.150.193.150

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\emma\appdata\roaming\mozilla\firefox\profiles\ar09atuj.default\

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-18 464304]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-18 64912]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-2 169608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-9 81920]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]

R2 DCSHost.exe;DCSHost.exe;c:\programdata\datacardservice\DCSHOST.exe [2011-12-12 110592]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-18 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-18 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-18 151880]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-18 57600]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 135936]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-20 72832]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-9 212992]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-18 180848]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-18 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-18 340920]

R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-6-9 133472]

R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-6-9 271616]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-20 102784]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-20 116736]

S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 63360]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 105856]

S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 8064]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-18 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-25 86824]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-25 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-25 114728]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-25 106208]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-25 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-25 104744]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-25 109864]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-11-28 155320]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-2-4 42368]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-21 20:14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 20:14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-21 19:59:10 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-21 16:45:14 -------- d-----w- c:\programdata\HitmanPro

2012-07-21 15:32:26 -------- d-----w- c:\users\emma\appdata\roaming\Malwarebytes

2012-07-21 15:32:19 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 17:10:14 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C

2012-07-18 07:48:02 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed0801ad-0eec-432f-91c6-0a9b4c0f2181}\mpengine.dll

2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Save

2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Reyba

2012-06-30 12:10:36 -------- d-----w- c:\users\emma\appdata\roaming\Osqo

.

==================== Find3M ====================

.

2012-07-21 19:58:52 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 1:49:13,97 ===============

 

 

Mvh

Robert

Attach.txt

[The OldBoy]

Jag kan inte starta windows uppdate heller!

[Cecilia]

Avinstallera:

Conduit Engine

ToggleSW Toolbar

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[The OldBoy]

Här kommer Combofix loggen.

 

När jag nu försöker öppna firefox på datorn som är infekterad så funkar den inte kommer ett felmedelande "C:\Program Files\Mozilla Firefox\firefox.exe Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning"

 

 

 

ComboFix 12-07-21.01 - Emma 2012-07-22 11:04:02.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.1973 [GMT 2:00]

Körs från: c:\users\Emma\Desktop\ComboFix.exe

AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Emma\AppData\Roaming\Osqo

c:\users\Emma\AppData\Roaming\Osqo\leva.xio

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))

.

.

2012-07-22 09:11 . 2012-07-22 09:13 -------- d-----w- c:\users\Emma\AppData\Local\temp

2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia

2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java

2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C

2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll

2012-06-30 12:10 . 2012-07-02 08:41 -------- d-----w- c:\users\Emma\AppData\Roaming\Save

2012-06-30 12:10 . 2012-07-01 21:05 -------- d-----w- c:\users\Emma\AppData\Roaming\Reyba

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]

Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]

2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]

"EnableNotificationsRef"=dword:00000002

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job

- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]

.

.

------- Extra genomsökning -------

.

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

URLSearchHooks-{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - (no file)

WebBrowser-{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKCU-Run-Sony PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-22 11:16

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'Explorer.exe'(1936)

c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Microsoft\BingBar\BBSvc.EXE

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\programdata\DatacardService\DCService.exe

c:\programdata\DatacardService\DCSHost.exe

c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe

c:\windows\system32\conime.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Sluttid: 2012-07-22 11:19:26 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-22 09:19

.

Före genomsökningen: 165 717 635 072 byte ledigt

Efter genomsökningen: 165 566 853 120 byte ledigt

.

- - End Of File - - 21095889AFA1729DB5F41476E983555B

[Cecilia]

Kopiera alla rader i rutan:

DirLook::
c:\users\Emma\AppData\Roaming\Save
c:\users\Emma\AppData\Roaming\Reyba

och klistra in i Anteckningar. Kontrollera att det är tre rader.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

[The OldBoy]

Jag har nu försökt göra som du skriver och får detta felmedelande.

"C:\User\Emma\Desktop\ComboFix.exe Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning"

 

Försöker jag starta någon webbläsare så får jag samma svar!

[Cecilia]

Här kommer några olika alternativ. Du ska bara göra ett av dem, så om t ex alternativ 1 lyckas så behöver du inte göra något mer.

 

1. Döp om ComboFix.exe till ComboFix.com och försök köra det igen (på det sätt som står i mitt tidigare inlägg).

 

2. Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn) och försök köra ComboFix enligt tidigare inlägg.

 

3. Spara OTL på Skrivbordet (normalt läge).

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

4. Som 3 men döp om OTL.exe till OTL.com.

 

5. Som 3 men i felsäkert läge.

 

Jag är tillbaka ikväll.

[The OldBoy]

Funkade i felsäkertläge Alt:2 här kommer Combofix loggen.

 

ComboFix 12-07-21.01 - Emma 2012-07-22 13:15:34.2.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2631 [GMT 2:00]

Körs från: c:\users\Emma\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Emma\Desktop\CFScript.txt

AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))

.

.

2012-07-22 11:24 . 2012-07-22 11:24 -------- d-----w- c:\users\Emma\AppData\Local\temp

2012-07-22 11:24 . 2012-07-22 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-22 09:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-22 09:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-22 09:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-22 09:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-22 09:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-22 09:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-22 09:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-22 09:28 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-22 09:28 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia

2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java

2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C

2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll

2012-06-30 12:10 . 2012-07-02 08:41 -------- d-----w- c:\users\Emma\AppData\Roaming\Save

2012-06-30 12:10 . 2012-07-01 21:05 -------- d-----w- c:\users\Emma\AppData\Roaming\Reyba

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\Emma\AppData\Roaming\Reyba ----

.

.

---- Directory of c:\users\Emma\AppData\Roaming\Save ----

.

2012-07-02 08:41 . 2012-07-06 22:30 146007 ----a-w- c:\users\Emma\AppData\Roaming\Save\daen.por

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]

Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]

2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job

- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]

.

.

------- Extra genomsökning -------

.

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-22 13:24

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'Explorer.exe'(1152)

c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Sluttid: 2012-07-22 13:26:38

ComboFix-quarantined-files.txt 2012-07-22 11:26

ComboFix2.txt 2012-07-22 09:19

.

Före genomsökningen: 169 564 807 168 byte ledigt

Efter genomsökningen: 169 578 713 088 byte ledigt

.

- - End Of File - - 521ABBCBB3EC0DB10EF70641F38419A7

[Cecilia]

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
c:\users\Emma\AppData\Roaming\Save
c:\users\Emma\AppData\Roaming\Reyba

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix (felsäkert läge om det behövs, men helst normalt läge).

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny DDS-logg.

[The OldBoy]

Här kommer ComboFix loggen, DDS får jag samma felmedelande som tidigare "C:\User\Emma\Desktop\dds.scr Ett försök gjordes att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning".

 

 

 

ComboFix 12-07-21.01 - Emma 2012-07-22 18:27:51.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2082 [GMT 2:00]

Körs från: c:\users\Emma\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Emma\Desktop\CFScript.txt

AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Emma\AppData\Roaming\Reyba

c:\users\Emma\AppData\Roaming\Save

c:\users\Emma\AppData\Roaming\Save\daen.por

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-22 till 2012-07-22 ))))))))))))))))))))))))))))))

.

.

2012-07-22 16:35 . 2012-07-22 16:36 -------- d-----w- c:\users\Emma\AppData\Local\temp

2012-07-22 16:35 . 2012-07-22 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-22 09:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-22 09:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-22 09:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-22 09:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-22 09:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-22 09:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-22 09:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-22 09:28 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-22 09:28 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\Emma\AppData\Local\Macromedia

2012-07-22 00:22 . 2012-07-22 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-21 20:14 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 20:14 . 2012-07-21 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\users\Emma\AppData\Local\Mozilla

2012-07-21 20:07 . 2012-07-21 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-21 20:00 . 2012-07-21 20:00 -------- d-----w- c:\program files\Common Files\Java

2012-07-21 19:59 . 2012-07-21 19:58 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-21 16:45 . 2012-07-21 19:19 -------- d-----w- c:\programdata\HitmanPro

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes

2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 17:10 . 2012-07-19 17:12 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C

2012-07-18 07:48 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED0801AD-0EEC-432F-91C6-0A9B4C0F2181}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-22 00:22 . 2011-05-17 15:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-21 19:58 . 2010-10-10 11:21 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 10:25 . 2010-08-18 17:48 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-07-21 20:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]

Telia Mobilt bredband.lnk - c:\program files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe [2009-5-14 2050048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-06-09 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

backup=c:\windows\pss\BankID säkerhetsprogram.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Emma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]

2009-11-13 15:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2008-11-11 16:07 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 03:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3089866020-2903491086-1802885750-1000]

"EnableNotificationsRef"=dword:00000002

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

.

2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

.

2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{4BC49A16-4DFF-44B7-8701-A861FC2AB724}.job

- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]

.

.

------- Extra genomsökning -------

.

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ar09atuj.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-22 18:36

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'Explorer.exe'(2228)

c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Microsoft\BingBar\BBSvc.EXE

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\programdata\DatacardService\DCService.exe

c:\programdata\DatacardService\DCSHost.exe

c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe

c:\windows\system32\conime.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\progra~1\mcafee.com\agent\mcagent.exe

.

**************************************************************************

.

Sluttid: 2012-07-22 18:41:31 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-22 16:41

ComboFix2.txt 2012-07-22 11:26

ComboFix3.txt 2012-07-22 09:19

.

Före genomsökningen: 166 345 019 392 byte ledigt

Efter genomsökningen: 166 339 936 256 byte ledigt

.

- - End Of File - - BD5C253DB765285AEC6FC1E08FDC2CAC

[The OldBoy]

Provade att köra DDS scriptet i felsäkertläge men den stänger ner sig efter tre stycken (###) som om ingenting har hänt...

[Cecilia]

1. Gör en snabbskanning med MBAM (Malwarebytes Anti-Malware). Om något hittas så klistra in den loggen.

 

2. Spara aswMBR på skrivbordet: http://public.avast.com/~gmerek/aswMBR.exe

Starta om datorn och låt bli att starta några program.

Dubbel-klicka på aswMBR.exe för att köra programmet.

Klicka på Scan-knappen för att börja genomsökningen.

När den är klar så spara (Save) loggen på skrivbordet.

Klistra in loggen i ditt svar här.

 

3. Starta om datorn.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

 

Klicka på Start Scan.

 

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

[The OldBoy]

MBAM gav ingenting.

 

Här kommer aswMBR loggen:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-22 19:45:53

-----------------------------

19:45:53.997 OS Version: Windows 6.0.6002 Service Pack 2

19:45:53.997 Number of processors: 2 586 0x170A

19:45:53.997 ComputerName: HEMDATORN UserName: Emma

19:46:39.190 Initialize success

19:47:24.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:47:24.599 Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3

19:47:24.599 Disk 0 MBR read successfully

19:47:24.614 Disk 0 MBR scan

19:47:24.614 Disk 0 Windows VISTA default MBR code

19:47:24.614 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

19:47:24.630 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325

19:47:24.646 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30800325

19:47:24.661 Disk 0 scanning sectors +488395120

19:47:24.755 Disk 0 scanning C:\Windows\system32\drivers

19:47:38.155 Service scanning

19:48:45.922 Modules scanning

19:49:24.563 Disk 0 trace - called modules:

19:49:24.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys

19:49:24.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85906238]

19:49:24.594 3 CLASSPNP.SYS[8a8058b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8571eb98]

19:49:24.594 Scan finished successfully

19:50:03.027 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Documents\MBR.dat"

19:50:03.042 The log file has been saved successfully to "C:\Users\Emma\Documents\aswMBR.txt"

[The OldBoy]

Här kommer TDSSkiller loggen.

 

19:56:06.0280 5856 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

19:56:06.0326 5856 ============================================================

19:56:06.0326 5856 Current date / time: 2012/07/22 19:56:06.0326

19:56:06.0326 5856 SystemInfo:

19:56:06.0326 5856

19:56:06.0326 5856 OS Version: 6.0.6002 ServicePack: 2.0

19:56:06.0326 5856 Product type: Workstation

19:56:06.0326 5856 ComputerName: HEMDATORN

19:56:06.0326 5856 UserName: Emma

19:56:06.0326 5856 Windows directory: C:\Windows

19:56:06.0326 5856 System windows directory: C:\Windows

19:56:06.0326 5856 Processor architecture: Intel x86

19:56:06.0326 5856 Number of processors: 2

19:56:06.0326 5856 Page size: 0x1000

19:56:06.0326 5856 Boot type: Normal boot

19:56:06.0326 5856 ============================================================

19:56:07.0746 5856 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:56:07.0746 5856 ============================================================

19:56:07.0746 5856 \Device\Harddisk0\DR0:

19:56:07.0746 5856 MBR partitions:

19:56:07.0746 5856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

19:56:07.0746 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB

19:56:07.0746 5856 ============================================================

19:56:07.0793 5856 C: <-> \Device\Harddisk0\DR0\Partition1

19:56:07.0840 5856 D: <-> \Device\Harddisk0\DR0\Partition0

19:56:07.0840 5856 ============================================================

19:56:07.0840 5856 Initialize success

19:56:07.0840 5856 ============================================================

19:56:42.0175 4120 ============================================================

19:56:42.0175 4120 Scan started

19:56:42.0175 4120 Mode: Manual;

19:56:42.0175 4120 ============================================================

19:56:43.0002 4120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

19:56:43.0002 4120 ACPI - ok

19:56:43.0252 4120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

19:56:43.0267 4120 adp94xx - ok

19:56:43.0345 4120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

19:56:43.0361 4120 adpahci - ok

19:56:43.0392 4120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

19:56:43.0392 4120 adpu160m - ok

19:56:43.0423 4120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

19:56:43.0439 4120 adpu320 - ok

19:56:43.0501 4120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

19:56:43.0501 4120 AeLookupSvc - ok

19:56:43.0673 4120 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

19:56:43.0673 4120 AESTFilters - ok

19:56:43.0782 4120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

19:56:43.0782 4120 AFD - ok

19:56:43.0844 4120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

19:56:43.0844 4120 agp440 - ok

19:56:43.0891 4120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

19:56:43.0891 4120 aic78xx - ok

19:56:43.0922 4120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

19:56:43.0922 4120 ALG - ok

19:56:43.0954 4120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

19:56:43.0954 4120 aliide - ok

19:56:44.0000 4120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

19:56:44.0000 4120 amdagp - ok

19:56:44.0016 4120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

19:56:44.0016 4120 amdide - ok

19:56:44.0032 4120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

19:56:44.0032 4120 AmdK7 - ok

19:56:44.0063 4120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

19:56:44.0063 4120 AmdK8 - ok

19:56:44.0110 4120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

19:56:44.0110 4120 Appinfo - ok

19:56:44.0188 4120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

19:56:44.0188 4120 arc - ok

19:56:44.0234 4120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

19:56:44.0234 4120 arcsas - ok

19:56:44.0281 4120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

19:56:44.0281 4120 AsyncMac - ok

19:56:44.0312 4120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

19:56:44.0312 4120 atapi - ok

19:56:44.0406 4120 Ati External Event Utility (09474a86689571309e577a3c141e66c0) C:\Windows\system32\Ati2evxx.exe

19:56:44.0406 4120 Ati External Event Utility - ok

19:56:45.0108 4120 atikmdag (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys

19:56:45.0186 4120 atikmdag - ok

19:56:45.0498 4120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:56:45.0514 4120 AudioEndpointBuilder - ok

19:56:45.0514 4120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:56:45.0514 4120 Audiosrv - ok

19:56:45.0685 4120 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

19:56:45.0685 4120 BBSvc - ok

19:56:45.0779 4120 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

19:56:45.0779 4120 BBUpdate - ok

19:56:45.0841 4120 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys

19:56:45.0841 4120 BCM42RLY - ok

19:56:46.0122 4120 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys

19:56:46.0138 4120 BCM43XX - ok

19:56:46.0200 4120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

19:56:46.0200 4120 Beep - ok

19:56:46.0309 4120 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

19:56:46.0325 4120 BFE - ok

19:56:46.0387 4120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

19:56:46.0387 4120 blbdrive - ok

19:56:46.0496 4120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

19:56:46.0496 4120 bowser - ok

19:56:46.0543 4120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

19:56:46.0543 4120 BrFiltLo - ok

19:56:46.0559 4120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

19:56:46.0559 4120 BrFiltUp - ok

19:56:46.0606 4120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

19:56:46.0606 4120 Browser - ok

19:56:46.0652 4120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

19:56:46.0652 4120 Brserid - ok

19:56:46.0668 4120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

19:56:46.0668 4120 BrSerWdm - ok

19:56:46.0699 4120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

19:56:46.0699 4120 BrUsbMdm - ok

19:56:46.0715 4120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

19:56:46.0715 4120 BrUsbSer - ok

19:56:46.0762 4120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

19:56:46.0762 4120 BTHMODEM - ok

19:56:46.0886 4120 catchme - ok

19:56:46.0949 4120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

19:56:46.0949 4120 cdfs - ok

19:56:46.0980 4120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

19:56:46.0980 4120 cdrom - ok

19:56:47.0074 4120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:56:47.0089 4120 CertPropSvc - ok

19:56:47.0136 4120 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys

19:56:47.0136 4120 cfwids - ok

19:56:47.0183 4120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

19:56:47.0183 4120 circlass - ok

19:56:47.0245 4120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

19:56:47.0261 4120 CLFS - ok

19:56:47.0354 4120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:56:47.0354 4120 clr_optimization_v2.0.50727_32 - ok

19:56:47.0479 4120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:56:47.0479 4120 clr_optimization_v4.0.30319_32 - ok

19:56:47.0542 4120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

19:56:47.0542 4120 CmBatt - ok

19:56:47.0588 4120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

19:56:47.0588 4120 cmdide - ok

19:56:47.0635 4120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

19:56:47.0635 4120 Compbatt - ok

19:56:47.0635 4120 COMSysApp - ok

19:56:47.0651 4120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

19:56:47.0651 4120 crcdisk - ok

19:56:47.0666 4120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

19:56:47.0666 4120 Crusoe - ok

19:56:47.0744 4120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

19:56:47.0744 4120 CryptSvc - ok

19:56:47.0807 4120 CtClsFlt (ec232b13241caf587323b84981e0dda3) C:\Windows\system32\DRIVERS\CtClsFlt.sys

19:56:47.0807 4120 CtClsFlt - ok

19:56:47.0947 4120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:56:47.0947 4120 DcomLaunch - ok

19:56:48.0134 4120 DCService.exe (3b604417ebae4e1e66e6abd8cc55fd76) C:\ProgramData\DatacardService\DCService.exe

19:56:48.0134 4120 DCService.exe - ok

19:56:48.0244 4120 DCSHost.exe (b0f9b3f576ddec8975bf33fe27ff44fb) C:\ProgramData\DatacardService\DCSHost.exe

19:56:48.0244 4120 DCSHost.exe - ok

19:56:48.0290 4120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

19:56:48.0290 4120 DfsC - ok

19:56:48.0602 4120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

19:56:48.0680 4120 DFSR - ok

19:56:49.0008 4120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

19:56:49.0008 4120 Dhcp - ok

19:56:49.0117 4120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

19:56:49.0117 4120 disk - ok

19:56:49.0258 4120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

19:56:49.0258 4120 Dnscache - ok

19:56:49.0320 4120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

19:56:49.0336 4120 dot3svc - ok

19:56:49.0398 4120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

19:56:49.0398 4120 DPS - ok

19:56:49.0445 4120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

19:56:49.0445 4120 drmkaud - ok

19:56:49.0554 4120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

19:56:49.0570 4120 DXGKrnl - ok

19:56:49.0679 4120 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

19:56:49.0679 4120 e1express - ok

19:56:49.0835 4120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

19:56:49.0835 4120 E1G60 - ok

19:56:49.0897 4120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

19:56:49.0897 4120 EapHost - ok

19:56:49.0975 4120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

19:56:49.0975 4120 Ecache - ok

19:56:50.0084 4120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

19:56:50.0100 4120 ehRecvr - ok

19:56:50.0131 4120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

19:56:50.0147 4120 ehSched - ok

19:56:50.0147 4120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

19:56:50.0162 4120 ehstart - ok

19:56:50.0225 4120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

19:56:50.0240 4120 elxstor - ok

19:56:50.0365 4120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

19:56:50.0396 4120 EMDMgmt - ok

19:56:50.0428 4120 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys

19:56:50.0428 4120 ErrDev - ok

19:56:50.0506 4120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

19:56:50.0506 4120 EventSystem - ok

19:56:50.0599 4120 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys

19:56:50.0599 4120 ewusbnet - ok

19:56:50.0740 4120 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

19:56:50.0740 4120 ew_hwusbdev - ok

19:56:50.0802 4120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

19:56:50.0802 4120 exfat - ok

19:56:50.0864 4120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

19:56:50.0864 4120 fastfat - ok

19:56:50.0927 4120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

19:56:50.0927 4120 fdc - ok

19:56:50.0989 4120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

19:56:50.0989 4120 fdPHost - ok

19:56:51.0005 4120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

19:56:51.0005 4120 FDResPub - ok

19:56:51.0020 4120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

19:56:51.0020 4120 FileInfo - ok

19:56:51.0052 4120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

19:56:51.0052 4120 Filetrace - ok

19:56:51.0067 4120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

19:56:51.0067 4120 flpydisk - ok

19:56:51.0114 4120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

19:56:51.0130 4120 FltMgr - ok

19:56:51.0301 4120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

19:56:51.0332 4120 FontCache - ok

19:56:51.0410 4120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:56:51.0410 4120 FontCache3.0.0.0 - ok

19:56:51.0457 4120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

19:56:51.0457 4120 Fs_Rec - ok

19:56:51.0504 4120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

19:56:51.0504 4120 gagp30kx - ok

19:56:51.0629 4120 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

19:56:51.0629 4120 GoToAssist - ok

19:56:51.0785 4120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

19:56:51.0785 4120 gpsvc - ok

19:56:51.0863 4120 GTUHSBUS (78bb41b705d65681479bcadf44404670) C:\Windows\system32\DRIVERS\gtuhsbus.sys

19:56:51.0863 4120 GTUHSBUS - ok

19:56:51.0910 4120 GTUHSNDISIPXP (1cc5454afbdef74c077a16e907478936) C:\Windows\system32\DRIVERS\gtuhs51.sys

19:56:51.0910 4120 GTUHSNDISIPXP - ok

19:56:51.0972 4120 GTUHSSER (7a5cd583652b2d52a3270a2575c09c19) C:\Windows\system32\DRIVERS\gtuhsser.sys

19:56:51.0972 4120 GTUHSSER - ok

19:56:52.0034 4120 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

19:56:52.0034 4120 HdAudAddService - ok

19:56:52.0190 4120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:56:52.0222 4120 HDAudBus - ok

19:56:52.0253 4120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

19:56:52.0253 4120 HidBth - ok

19:56:52.0268 4120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

19:56:52.0268 4120 HidIr - ok

19:56:52.0315 4120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

19:56:52.0315 4120 hidserv - ok

19:56:52.0362 4120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

19:56:52.0362 4120 HidUsb - ok

19:56:52.0409 4120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

19:56:52.0409 4120 hkmsvc - ok

19:56:52.0456 4120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

19:56:52.0456 4120 HpCISSs - ok

19:56:52.0534 4120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

19:56:52.0534 4120 HTTP - ok

19:56:52.0596 4120 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

19:56:52.0596 4120 huawei_enumerator - ok

19:56:52.0674 4120 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys

19:56:52.0690 4120 hwdatacard - ok

19:56:52.0721 4120 hwusbfake - ok

19:56:52.0768 4120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

19:56:52.0768 4120 i2omp - ok

19:56:52.0846 4120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

19:56:52.0846 4120 i8042prt - ok

19:56:52.0892 4120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

19:56:52.0892 4120 iaStorV - ok

19:56:53.0282 4120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:56:53.0314 4120 idsvc - ok

19:56:53.0329 4120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

19:56:53.0329 4120 iirsp - ok

19:56:53.0470 4120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

19:56:53.0485 4120 IKEEXT - ok

19:56:53.0548 4120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

19:56:53.0548 4120 intelide - ok

19:56:53.0594 4120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

19:56:53.0594 4120 intelppm - ok

19:56:53.0657 4120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

19:56:53.0657 4120 IPBusEnum - ok

19:56:53.0688 4120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:56:53.0688 4120 IpFilterDriver - ok

19:56:53.0750 4120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

19:56:53.0750 4120 iphlpsvc - ok

19:56:53.0766 4120 IpInIp - ok

19:56:53.0813 4120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

19:56:53.0813 4120 IPMIDRV - ok

19:56:53.0875 4120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

19:56:53.0875 4120 IPNAT - ok

19:56:53.0906 4120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

19:56:53.0922 4120 IRENUM - ok

19:56:53.0953 4120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

19:56:53.0953 4120 isapnp - ok

19:56:54.0016 4120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

19:56:54.0016 4120 iScsiPrt - ok

19:56:54.0047 4120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

19:56:54.0062 4120 iteatapi - ok

19:56:54.0078 4120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

19:56:54.0078 4120 iteraid - ok

19:56:54.0125 4120 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys

19:56:54.0125 4120 k57nd60x - ok

19:56:54.0156 4120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:56:54.0172 4120 kbdclass - ok

19:56:54.0187 4120 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

19:56:54.0187 4120 kbdhid - ok

19:56:54.0234 4120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:56:54.0234 4120 KeyIso - ok

19:56:54.0312 4120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

19:56:54.0343 4120 KSecDD - ok

19:56:54.0421 4120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

19:56:54.0421 4120 KtmRm - ok

19:56:54.0468 4120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

19:56:54.0484 4120 LanmanServer - ok

19:56:54.0530 4120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

19:56:54.0546 4120 LanmanWorkstation - ok

19:56:54.0624 4120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

19:56:54.0624 4120 lltdio - ok

19:56:54.0686 4120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

19:56:54.0686 4120 lltdsvc - ok

19:56:54.0702 4120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

19:56:54.0702 4120 lmhosts - ok

19:56:54.0749 4120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

19:56:54.0764 4120 LSI_FC - ok

19:56:54.0796 4120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

19:56:54.0796 4120 LSI_SAS - ok

19:56:54.0858 4120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

19:56:54.0858 4120 LSI_SCSI - ok

19:56:54.0905 4120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

19:56:54.0905 4120 luafv - ok

19:56:55.0139 4120 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

19:56:55.0139 4120 McMPFSvc - ok

19:56:55.0139 4120 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

19:56:55.0139 4120 mcmscsvc - ok

19:56:55.0154 4120 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

19:56:55.0154 4120 McNaiAnn - ok

19:56:55.0170 4120 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

19:56:55.0170 4120 McNASvc - ok

19:56:55.0373 4120 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe

19:56:55.0373 4120 McODS - ok

19:56:55.0404 4120 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

19:56:55.0404 4120 McProxy - ok

19:56:55.0529 4120 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

19:56:55.0544 4120 McShield - ok

19:56:55.0591 4120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

19:56:55.0591 4120 Mcx2Svc - ok

19:56:55.0622 4120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

19:56:55.0638 4120 megasas - ok

19:56:55.0732 4120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

19:56:55.0732 4120 MegaSR - ok

19:56:55.0794 4120 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys

19:56:55.0810 4120 mfeapfk - ok

19:56:55.0856 4120 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys

19:56:55.0856 4120 mfeavfk - ok

19:56:55.0888 4120 mfeavfk01 - ok

19:56:55.0950 4120 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys

19:56:55.0950 4120 mfebopk - ok

19:56:56.0012 4120 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

19:56:56.0012 4120 mfefire - ok

19:56:56.0168 4120 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys

19:56:56.0168 4120 mfefirek - ok

19:56:56.0293 4120 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys

19:56:56.0309 4120 mfehidk - ok

19:56:56.0356 4120 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys

19:56:56.0356 4120 mfenlfk - ok

19:56:56.0418 4120 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys

19:56:56.0418 4120 mferkdet - ok

19:56:56.0480 4120 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

19:56:56.0480 4120 mfevtp - ok

19:56:56.0527 4120 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys

19:56:56.0527 4120 mfewfpk - ok

19:56:56.0590 4120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:56:56.0590 4120 MMCSS - ok

19:56:56.0636 4120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

19:56:56.0636 4120 Modem - ok

19:56:56.0668 4120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

19:56:56.0668 4120 monitor - ok

19:56:56.0730 4120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

19:56:56.0730 4120 mouclass - ok

19:56:56.0824 4120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

19:56:56.0824 4120 mouhid - ok

19:56:56.0870 4120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

19:56:56.0870 4120 MountMgr - ok

19:56:56.0933 4120 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

19:56:56.0933 4120 MozillaMaintenance - ok

19:56:56.0980 4120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

19:56:56.0980 4120 mpio - ok

19:56:57.0011 4120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

19:56:57.0011 4120 mpsdrv - ok

19:56:57.0120 4120 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

19:56:57.0120 4120 MpsSvc - ok

19:56:57.0151 4120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

19:56:57.0167 4120 Mraid35x - ok

19:56:57.0214 4120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

19:56:57.0214 4120 MRxDAV - ok

19:56:57.0276 4120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:56:57.0276 4120 mrxsmb - ok

19:56:57.0338 4120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:56:57.0354 4120 mrxsmb10 - ok

19:56:57.0370 4120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:56:57.0370 4120 mrxsmb20 - ok

19:56:57.0401 4120 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

19:56:57.0401 4120 msahci - ok

19:56:57.0463 4120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

19:56:57.0463 4120 msdsm - ok

19:56:57.0510 4120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

19:56:57.0510 4120 MSDTC - ok

19:56:57.0557 4120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

19:56:57.0557 4120 Msfs - ok

19:56:57.0604 4120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

19:56:57.0604 4120 msisadrv - ok

19:56:57.0650 4120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

19:56:57.0650 4120 MSiSCSI - ok

19:56:57.0697 4120 msiserver - ok

19:56:57.0884 4120 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

19:56:57.0884 4120 MSK80Service - ok

19:56:57.0931 4120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

19:56:57.0931 4120 MSKSSRV - ok

19:56:57.0962 4120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

19:56:57.0962 4120 MSPCLOCK - ok

19:56:57.0994 4120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

19:56:57.0994 4120 MSPQM - ok

19:56:58.0056 4120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

19:56:58.0056 4120 MsRPC - ok

19:56:58.0118 4120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

19:56:58.0118 4120 mssmbios - ok

19:56:58.0181 4120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

19:56:58.0181 4120 MSTEE - ok

19:56:58.0228 4120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

19:56:58.0228 4120 Mup - ok

19:56:58.0306 4120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

19:56:58.0306 4120 napagent - ok

19:56:58.0415 4120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

19:56:58.0415 4120 NativeWifiP - ok

19:56:58.0571 4120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

19:56:58.0602 4120 NDIS - ok

19:56:58.0649 4120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

19:56:58.0649 4120 NdisTapi - ok

19:56:58.0649 4120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

19:56:58.0664 4120 Ndisuio - ok

19:56:58.0758 4120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:56:58.0758 4120 NdisWan - ok

19:56:58.0789 4120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

19:56:58.0789 4120 NDProxy - ok

19:56:58.0820 4120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

19:56:58.0820 4120 NetBIOS - ok

19:56:58.0883 4120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

19:56:58.0898 4120 netbt - ok

19:56:58.0961 4120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:56:58.0961 4120 Netlogon - ok

19:56:59.0132 4120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

19:56:59.0132 4120 Netman - ok

19:56:59.0179 4120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

19:56:59.0179 4120 netprofm - ok

19:56:59.0257 4120 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:56:59.0257 4120 NetTcpPortSharing - ok

19:56:59.0288 4120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

19:56:59.0288 4120 nfrd960 - ok

19:56:59.0335 4120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

19:56:59.0335 4120 NlaSvc - ok

19:56:59.0398 4120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

19:56:59.0398 4120 Npfs - ok

19:56:59.0429 4120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

19:56:59.0429 4120 nsi - ok

19:56:59.0460 4120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

19:56:59.0460 4120 nsiproxy - ok

19:56:59.0694 4120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

19:56:59.0741 4120 Ntfs - ok

19:56:59.0772 4120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

19:56:59.0772 4120 ntrigdigi - ok

19:56:59.0819 4120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

19:56:59.0819 4120 Null - ok

19:56:59.0834 4120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

19:56:59.0834 4120 nvraid - ok

19:56:59.0866 4120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

19:56:59.0866 4120 nvstor - ok

19:56:59.0897 4120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

19:56:59.0897 4120 nv_agp - ok

19:56:59.0897 4120 NwlnkFlt - ok

19:56:59.0912 4120 NwlnkFwd - ok

19:56:59.0944 4120 OA008Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\Windows\system32\DRIVERS\OA008Ufd.sys

19:56:59.0944 4120 OA008Ufd - ok

19:57:00.0006 4120 OA008Vid (abfd4952e8c4d3f8af6c416c76fe6e15) C:\Windows\system32\DRIVERS\OA008Vid.sys

19:57:00.0006 4120 OA008Vid - ok

19:57:00.0178 4120 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:57:00.0193 4120 odserv - ok

19:57:00.0256 4120 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

19:57:00.0256 4120 ohci1394 - ok

19:57:00.0318 4120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:57:00.0318 4120 ose - ok

19:57:00.0427 4120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:57:00.0443 4120 p2pimsvc - ok

19:57:00.0443 4120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:57:00.0458 4120 p2psvc - ok

19:57:00.0505 4120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

19:57:00.0505 4120 Parport - ok

19:57:00.0568 4120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

19:57:00.0568 4120 partmgr - ok

19:57:00.0583 4120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

19:57:00.0583 4120 Parvdm - ok

19:57:00.0614 4120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

19:57:00.0614 4120 PcaSvc - ok

19:57:00.0677 4120 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok

19:57:00.0739 4120 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms

19:57:00.0739 4120 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok

19:57:00.0802 4120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

19:57:00.0802 4120 pci - ok

19:57:00.0848 4120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

19:57:00.0848 4120 pciide - ok

19:57:00.0895 4120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

19:57:00.0895 4120 pcmcia - ok

19:57:01.0004 4120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

19:57:01.0067 4120 PEAUTH - ok

19:57:01.0332 4120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

19:57:01.0379 4120 pla - ok

19:57:01.0722 4120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

19:57:01.0722 4120 PlugPlay - ok

19:57:01.0847 4120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:57:01.0862 4120 PNRPAutoReg - ok

19:57:01.0862 4120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:57:01.0878 4120 PNRPsvc - ok

19:57:02.0112 4120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

19:57:02.0143 4120 PolicyAgent - ok

19:57:02.0221 4120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

19:57:02.0221 4120 PptpMiniport - ok

19:57:02.0237 4120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

19:57:02.0237 4120 Processor - ok

19:57:02.0284 4120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

19:57:02.0299 4120 ProfSvc - ok

19:57:02.0346 4120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:57:02.0346 4120 ProtectedStorage - ok

19:57:02.0408 4120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

19:57:02.0408 4120 PSched - ok

19:57:02.0486 4120 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

19:57:02.0486 4120 PxHelp20 - ok

19:57:02.0642 4120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

19:57:02.0689 4120 ql2300 - ok

19:57:02.0736 4120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

19:57:02.0736 4120 ql40xx - ok

19:57:02.0845 4120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

19:57:02.0845 4120 QWAVE - ok

19:57:02.0876 4120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

19:57:02.0876 4120 QWAVEdrv - ok

19:57:03.0407 4120 R300 (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys

19:57:03.0422 4120 R300 - ok

19:57:03.0890 4120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

19:57:03.0890 4120 RasAcd - ok

19:57:03.0937 4120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

19:57:03.0937 4120 RasAuto - ok

19:57:03.0968 4120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:57:03.0968 4120 Rasl2tp - ok

19:57:04.0031 4120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

19:57:04.0046 4120 RasMan - ok

19:57:04.0078 4120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

19:57:04.0078 4120 RasPppoe - ok

19:57:04.0140 4120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

19:57:04.0140 4120 RasSstp - ok

19:57:04.0202 4120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

19:57:04.0202 4120 rdbss - ok

19:57:04.0249 4120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:57:04.0249 4120 RDPCDD - ok

19:57:04.0296 4120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

19:57:04.0296 4120 rdpdr - ok

19:57:04.0296 4120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

19:57:04.0296 4120 RDPENCDD - ok

19:57:04.0343 4120 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

19:57:04.0343 4120 RDPWD - ok

19:57:04.0421 4120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

19:57:04.0421 4120 RemoteAccess - ok

19:57:04.0468 4120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

19:57:04.0468 4120 RemoteRegistry - ok

19:57:04.0530 4120 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

19:57:04.0530 4120 rimmptsk - ok

19:57:04.0546 4120 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

19:57:04.0546 4120 rimsptsk - ok

19:57:04.0546 4120 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

19:57:04.0546 4120 rismxdp - ok

19:57:04.0592 4120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

19:57:04.0592 4120 RpcLocator - ok

19:57:04.0702 4120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:57:04.0717 4120 RpcSs - ok

19:57:04.0764 4120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

19:57:04.0780 4120 rspndr - ok

19:57:04.0826 4120 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys

19:57:04.0842 4120 s1018bus - ok

19:57:04.0889 4120 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys

19:57:04.0889 4120 s1018mdfl - ok

19:57:04.0920 4120 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys

19:57:04.0920 4120 s1018mdm - ok

19:57:04.0998 4120 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys

19:57:04.0998 4120 s1018mgmt - ok

19:57:05.0045 4120 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys

19:57:05.0045 4120 s1018nd5 - ok

19:57:05.0107 4120 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys

19:57:05.0107 4120 s1018obex - ok

19:57:05.0138 4120 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys

19:57:05.0138 4120 s1018unic - ok

19:57:05.0201 4120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:57:05.0201 4120 SamSs - ok

19:57:05.0232 4120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

19:57:05.0232 4120 sbp2port - ok

19:57:05.0279 4120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

19:57:05.0279 4120 SCardSvr - ok

19:57:05.0372 4120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

19:57:05.0372 4120 Schedule - ok

19:57:05.0419 4120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:57:05.0419 4120 SCPolicySvc - ok

19:57:05.0466 4120 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

19:57:05.0466 4120 sdbus - ok

19:57:05.0528 4120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

19:57:05.0528 4120 SDRSVC - ok

19:57:05.0575 4120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:57:05.0575 4120 secdrv - ok

19:57:05.0591 4120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

19:57:05.0591 4120 seclogon - ok

19:57:05.0622 4120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

19:57:05.0622 4120 SENS - ok

19:57:05.0638 4120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

19:57:05.0638 4120 Serenum - ok

19:57:05.0684 4120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

19:57:05.0684 4120 Serial - ok

19:57:05.0700 4120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

19:57:05.0716 4120 sermouse - ok

19:57:05.0762 4120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

19:57:05.0762 4120 SessionEnv - ok

19:57:05.0778 4120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

19:57:05.0794 4120 sffdisk - ok

19:57:05.0794 4120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

19:57:05.0794 4120 sffp_mmc - ok

19:57:05.0825 4120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

19:57:05.0825 4120 sffp_sd - ok

19:57:05.0840 4120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

19:57:05.0840 4120 sfloppy - ok

19:57:05.0918 4120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

19:57:05.0918 4120 SharedAccess - ok

19:57:05.0996 4120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

19:57:06.0012 4120 ShellHWDetection - ok

19:57:06.0028 4120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

19:57:06.0028 4120 sisagp - ok

19:57:06.0059 4120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

19:57:06.0059 4120 SiSRaid2 - ok

19:57:06.0090 4120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

19:57:06.0106 4120 SiSRaid4 - ok

19:57:06.0636 4120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

19:57:06.0652 4120 slsvc - ok

19:57:06.0948 4120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

19:57:06.0948 4120 SLUINotify - ok

19:57:07.0073 4120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

19:57:07.0073 4120 Smb - ok

19:57:07.0120 4120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

19:57:07.0120 4120 SNMPTRAP - ok

19:57:07.0432 4120 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe

19:57:07.0447 4120 Sony PC Companion - ok

19:57:07.0494 4120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

19:57:07.0494 4120 spldr - ok

19:57:07.0588 4120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

19:57:07.0603 4120 Spooler - ok

19:57:07.0790 4120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

19:57:07.0790 4120 srv - ok

19:57:07.0900 4120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

19:57:07.0900 4120 srv2 - ok

19:57:07.0946 4120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

19:57:07.0946 4120 srvnet - ok

19:57:08.0009 4120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

19:57:08.0009 4120 SSDPSRV - ok

19:57:08.0056 4120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

19:57:08.0071 4120 SstpSvc - ok

19:57:08.0243 4120 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

19:57:08.0243 4120 STacSV - ok

19:57:08.0336 4120 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys

19:57:08.0336 4120 STHDA - ok

19:57:08.0461 4120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

19:57:08.0477 4120 stisvc - ok

19:57:08.0570 4120 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

19:57:08.0570 4120 stllssvr - ok

19:57:08.0617 4120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

19:57:08.0617 4120 swenum - ok

19:57:08.0773 4120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

19:57:08.0836 4120 swprv - ok

19:57:08.0851 4120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

19:57:08.0851 4120 Symc8xx - ok

19:57:08.0882 4120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

19:57:08.0882 4120 Sym_hi - ok

19:57:08.0914 4120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

19:57:08.0914 4120 Sym_u3 - ok

19:57:09.0007 4120 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys

19:57:09.0007 4120 SynTP - ok

19:57:09.0179 4120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

19:57:09.0210 4120 SysMain - ok

19:57:09.0241 4120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

19:57:09.0241 4120 TabletInputService - ok

19:57:09.0319 4120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

19:57:09.0335 4120 TapiSrv - ok

19:57:09.0350 4120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

19:57:09.0350 4120 TBS - ok

19:57:09.0491 4120 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

19:57:09.0506 4120 Tcpip - ok

19:57:09.0506 4120 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

19:57:09.0522 4120 Tcpip6 - ok

19:57:09.0553 4120 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

19:57:09.0553 4120 tcpipreg - ok

19:57:09.0584 4120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

19:57:09.0584 4120 TDPIPE - ok

19:57:09.0631 4120 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\Windows\system32\DRIVERS\shbecr.sys

19:57:09.0631 4120 Tdsshbecr - ok

19:57:09.0662 4120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

19:57:09.0662 4120 TDTCP - ok

19:57:09.0709 4120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

19:57:09.0709 4120 tdx - ok

19:57:09.0740 4120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

19:57:09.0740 4120 TermDD - ok

19:57:09.0850 4120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

19:57:09.0850 4120 TermService - ok

19:57:09.0928 4120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

19:57:09.0928 4120 Themes - ok

19:57:09.0974 4120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:57:09.0974 4120 THREADORDER - ok

19:57:10.0037 4120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

19:57:10.0037 4120 TrkWks - ok

19:57:10.0130 4120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

19:57:10.0130 4120 TrustedInstaller - ok

19:57:10.0177 4120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:57:10.0177 4120 tssecsrv - ok

19:57:10.0208 4120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

19:57:10.0208 4120 tunmp - ok

19:57:10.0240 4120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

19:57:10.0240 4120 tunnel - ok

19:57:10.0271 4120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

19:57:10.0271 4120 uagp35 - ok

19:57:10.0333 4120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

19:57:10.0333 4120 udfs - ok

19:57:10.0380 4120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

19:57:10.0396 4120 UI0Detect - ok

19:57:10.0427 4120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

19:57:10.0442 4120 uliagpkx - ok

19:57:10.0474 4120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

19:57:10.0474 4120 uliahci - ok

19:57:10.0505 4120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

19:57:10.0505 4120 UlSata - ok

19:57:10.0552 4120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

19:57:10.0552 4120 ulsata2 - ok

19:57:10.0583 4120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

19:57:10.0583 4120 umbus - ok

19:57:10.0661 4120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

19:57:10.0676 4120 upnphost - ok

19:57:10.0708 4120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

19:57:10.0708 4120 usbccgp - ok

19:57:10.0754 4120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

19:57:10.0770 4120 usbcir - ok

19:57:10.0817 4120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

19:57:10.0817 4120 usbehci - ok

19:57:10.0926 4120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

19:57:10.0942 4120 usbhub - ok

19:57:10.0988 4120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

19:57:10.0988 4120 usbohci - ok

19:57:11.0020 4120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

19:57:11.0020 4120 usbprint - ok

19:57:11.0082 4120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

19:57:11.0082 4120 usbscan - ok

19:57:11.0144 4120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:57:11.0144 4120 USBSTOR - ok

19:57:11.0176 4120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

19:57:11.0176 4120 usbuhci - ok

19:57:11.0254 4120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

19:57:11.0254 4120 UxSms - ok

19:57:11.0347 4120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

19:57:11.0347 4120 vds - ok

19:57:11.0378 4120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

19:57:11.0394 4120 vga - ok

19:57:11.0410 4120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

19:57:11.0410 4120 VgaSave - ok

19:57:11.0425 4120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

19:57:11.0425 4120 viaagp - ok

19:57:11.0456 4120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

19:57:11.0456 4120 ViaC7 - ok

19:57:11.0488 4120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

19:57:11.0488 4120 viaide - ok

19:57:11.0503 4120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

19:57:11.0503 4120 volmgr - ok

19:57:11.0581 4120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

19:57:11.0597 4120 volmgrx - ok

19:57:11.0644 4120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

19:57:11.0644 4120 volsnap - ok

19:57:11.0706 4120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

19:57:11.0706 4120 vsmraid - ok

19:57:11.0846 4120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

19:57:11.0909 4120 VSS - ok

19:57:11.0971 4120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

19:57:11.0971 4120 W32Time - ok

19:57:12.0080 4120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

19:57:12.0080 4120 WacomPen - ok

19:57:12.0112 4120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:57:12.0112 4120 Wanarp - ok

19:57:12.0112 4120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:57:12.0112 4120 Wanarpv6 - ok

19:57:12.0205 4120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

19:57:12.0252 4120 wcncsvc - ok

19:57:12.0283 4120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

19:57:12.0299 4120 WcsPlugInService - ok

19:57:12.0330 4120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

19:57:12.0330 4120 Wd - ok

19:57:12.0408 4120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

19:57:12.0424 4120 Wdf01000 - ok

19:57:12.0439 4120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:57:12.0455 4120 WdiServiceHost - ok

19:57:12.0455 4120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:57:12.0455 4120 WdiSystemHost - ok

19:57:12.0533 4120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

19:57:12.0533 4120 WebClient - ok

19:57:12.0595 4120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

19:57:12.0595 4120 Wecsvc - ok

19:57:12.0658 4120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

19:57:12.0673 4120 wercplsupport - ok

19:57:12.0736 4120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

19:57:12.0751 4120 WerSvc - ok

19:57:12.0860 4120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

19:57:12.0860 4120 WinDefend - ok

19:57:12.0876 4120 WinHttpAutoProxySvc - ok

19:57:12.0985 4120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

19:57:12.0985 4120 Winmgmt - ok

19:57:13.0141 4120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

19:57:13.0188 4120 WinRM - ok

19:57:13.0266 4120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

19:57:13.0282 4120 Wlansvc - ok

19:57:13.0282 4120 wltrysvc - ok

19:57:13.0375 4120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:57:13.0375 4120 WmiAcpi - ok

19:57:13.0500 4120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

19:57:13.0500 4120 wmiApSrv - ok

19:57:13.0687 4120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:57:13.0703 4120 WMPNetworkSvc - ok

19:57:13.0859 4120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

19:57:13.0859 4120 WPCSvc - ok

19:57:13.0890 4120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

19:57:13.0890 4120 WPDBusEnum - ok

19:57:14.0015 4120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

19:57:14.0030 4120 WpdUsb - ok

19:57:14.0358 4120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:57:14.0358 4120 WPFFontCache_v0400 - ok

19:57:14.0405 4120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

19:57:14.0405 4120 ws2ifsl - ok

19:57:14.0467 4120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

19:57:14.0467 4120 wscsvc - ok

19:57:14.0467 4120 WSearch - ok

19:57:14.0904 4120 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

19:57:14.0951 4120 wuauserv - ok

19:57:15.0200 4120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:57:15.0216 4120 WUDFRd - ok

19:57:15.0247 4120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

19:57:15.0247 4120 wudfsvc - ok

19:57:15.0341 4120 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

19:57:15.0824 4120 \Device\Harddisk0\DR0 - ok

19:57:15.0856 4120 Boot (0x1200) (31a20ca4e1a082bc7bd687922a5f1757) \Device\Harddisk0\DR0\Partition0

19:57:15.0856 4120 \Device\Harddisk0\DR0\Partition0 - ok

19:57:15.0887 4120 Boot (0x1200) (6c681f79c4c1e124f5bf860a7d906225) \Device\Harddisk0\DR0\Partition1

19:57:15.0887 4120 \Device\Harddisk0\DR0\Partition1 - ok

19:57:15.0887 4120 ============================================================

19:57:15.0887 4120 Scan finished

19:57:15.0887 4120 ============================================================

19:57:15.0902 4112 Detected object count: 0

19:57:15.0902 4112 Actual detected object count: 0

19:57:42.0126 5848 Deinitialize success

[The OldBoy]

Nu funkade det även att köra DDSlogg som kommer här:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19170

Run by Emma at 20:01:04 on 2012-07-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3066.2270 [GMT 2:00]

.

AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

C:\Program Files\Microsoft\BingBar\BBSvc.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\DatacardService\DCService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\ProgramData\DatacardService\DCSHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Telia\Telia_Mobilt_bredband\Telia_Mobilt_bredband.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627205154.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\emma\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\emma\appdata\roaming\micros~1\windows\startm~1\programs\startup\teliam~1.lnk - c:\program files\telia\telia_mobilt_bredband\Telia_Mobilt_bredband.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1B69C2EC-AB3E-4EC0-99EC-2D1962F13FF3} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{4D1F536F-3899-48A3-B7AA-08AAEE1CB98F} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{7FC942A1-5B6E-408D-AE08-3B9FB50676BE} : DhcpNameServer = 195.67.199.18 195.67.199.19

TCP: Interfaces\{95E82A23-BF00-4825-BB76-586D5901A48D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F53F2175-5DCF-4E57-9ECF-F78747298FE4} : DhcpNameServer = 83.255.245.11 193.150.193.150

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\emma\appdata\roaming\mozilla\firefox\profiles\ar09atuj.default\

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-18 464304]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-18 64912]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-2 169608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-9 81920]

R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]

R2 DCSHost.exe;DCSHost.exe;c:\programdata\datacardservice\DCSHOST.exe [2011-12-12 110592]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-18 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-18 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-18 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-18 151880]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-18 57600]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 135936]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-20 72832]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-9 212992]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-18 180848]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-18 340920]

R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-6-9 133472]

R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-6-9 271616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-20 102784]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-20 116736]

S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-4 63360]

S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-4 105856]

S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-4 8064]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-18 59456]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-18 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-25 86824]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-25 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-25 114728]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-25 106208]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-25 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-25 104744]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-25 109864]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-11-28 155320]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-2-4 42368]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-22 16:41:33 -------- d-----w- c:\users\emma\appdata\local\temp

2012-07-22 16:40:32 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-22 16:26:43 -------- d-----w- C:\ComboFix

2012-07-22 09:28:55 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-22 09:28:31 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-22 09:28:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-22 09:28:20 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-22 09:02:14 98816 ----a-w- c:\windows\sed.exe

2012-07-22 09:02:14 518144 ----a-w- c:\windows\SWREG.exe

2012-07-22 09:02:14 256000 ----a-w- c:\windows\PEV.exe

2012-07-22 09:02:14 208896 ----a-w- c:\windows\MBR.exe

2012-07-22 00:40:21 -------- d-----w- c:\users\emma\appdata\local\Macromedia

2012-07-22 00:22:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-21 20:14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 20:14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-21 19:59:10 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-21 16:45:14 -------- d-----w- c:\programdata\HitmanPro

2012-07-21 15:32:26 -------- d-----w- c:\users\emma\appdata\roaming\Malwarebytes

2012-07-21 15:32:19 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 17:10:14 -------- d-----w- c:\programdata\036DFF85000844B0CF1D8B8A2F3B707C

2012-07-18 07:48:02 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed0801ad-0eec-432f-91c6-0a9b4c0f2181}\mpengine.dll

.

==================== Find3M ====================

.

2012-07-22 00:22:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-21 19:58:52 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 20:01:25,34 ===============

Attach.txt

[Cecilia]

Fungerar Windows Update nu och är datorn mindre seg?

[The OldBoy]

Windows Uppdate fungerar. Tycker att den känns bra men jag måste kolla med min svägeska vad hon tycker för det är hennes dator. Stor skilnad från tidigare enligt mig. Nu kan jag även starta webbläsarna och inga av dom tidigare programmen verkar protestera heller...

 

Vad var det som var fel?

 

Ser det bra ut i loggarna nu?

 

Vilka av programmen skall jag ta bort?

MÅSTE BARA PASSA PÅ ATT TACKA JÄTTE MYCKET FÖR HJÄLPEN.

 

EDIT: Windows Uppdate fungerar INTE av 51st viktiga uppdateringar så installerades ingen! "Påträffade fel. kod 80246008 Det har inträffat ett okänt fel i Windows Uppdate."

[Cecilia]

Det är bäst att vänta med att avinstallera ComboFix och de andra programmen tills vi vet att allt är bra med datorn.

 

När det gäller Windows Update så pröva med förslagen i tråden //eforum.idg.se/topic/328913-windovs-uppdate/ även om du inte bör ändra alla tjänster som trådskaparen gör där utan hålla dig till dem som rekommenderas.

Om det inte hjälper så ta till fix-programmet på http://www.thewindowsclub.com/repair-fix-windows-updates-with-fix-wu-utility

[The OldBoy]

Jag har nu sök i tjänster och inte hittat BITS! Men Windows Event Log service var startat och automatiskt.

 

Jag har även provat med att köra fix-programmet som du länkade till och det funkar inte ändå!?

[Cecilia]

Windows Update kan inte fungera utan Background Intelligent Transfer Service (BITS).

 

Kör Systemfilsgranskaren och se om den kan reparera Windows: http://support.microsoft.com/kb/929833/sv

[The OldBoy]

Har nu kört Systemfilsgranskaren och den klarar inte att reparera, den kan inte reparera 6st "tcpmon.ini". Och när jag ska gå vidare och försöka reparera så blir jag lite osäker på hur jag skall skriva "sökvägen" rätt.

[Cecilia]

Det verkar vara vanligt att systemfilsgranskaren reagerar på sådana filer. De filerna har inget med Windows Update att göra och det brukar inte heller orsaka något problem i datorn om jag förstår http://en.community.dell.com/support-forums/software-os/f/3524/t/19324212.aspx rätt.

 

Har du kollat om tjänsten Background Intelligent Transfer Service (BITS) dyker upp nu efter en omstart av datorn?

[The OldBoy]

Den (BITS) har inte dykt upp i tjänster och windows uppdate funkar inte.

[Cecilia]

Hur är din engelska? Kan du följa tipsen på http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/background-intelligent-transfer-service-bits-not/c69ba6ad-bf60-4e53-9b7b-f97e9436e529 ?

Systemåterställning som nämns i första svaret är inte lämpligt för då kan ju det skadliga programmet komma tillbaka, men att köra in kommandona som Sohail Patel tipsar om i Kommandotolken ska ju gå bra liksom LuCiPh33R kommandoförslag.

[The OldBoy]

Detta ser ut som att det funkar den håller nu på att ladda hem uppdateringarna.

 

Men man får inte glömma att göra detta:

 

"Go to Start -> All programs -> Accessories -> Right click on Command Prompt and select "Run as Administrator".

 

Och sen detta:

 

"I spent far too long trying to fix this. BITS needs to be re-registered first before you can even start trying any of the other solutions on here: sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto Then either restart, or go into Services (run: services.msc) and restart it yourself."

 

Vad göra sen?