Problem med Virus/Trojan Sinowal.gen!Y

[Smirre]

Hej,

 

Jag försöker hjälpa mina föräldrar som har fått problem med deras dator. Det började med att deras bank ringde upp och sa att dom hade indikationer på att datorn var smittad och att inloggningsuppgifter kunde finnas på Internet. Dom hade då Avast antivirus på datorn med det hade inte reagerat. Jag avinstallerade det då och installerade istället Microsoft Security Essentials. Det programmet rapporterar något som heter "Sinowal.gen!Y". Har försökt låtit antivirusprogrammet ta bort det men det verkar inte lyckas fullt ut. Klistrar in en logg från DDS och bifogar "Attach.txt" och håller sen tummarna för att någon här har möjlighet att hjälpa mig.

 

Tack på förhand!

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Fam. Lilja at 17:58:36 on 2012-07-27

.

============== Running Processes ===============

.

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\Dokument\Erik´s\Polar\WebSync.exe

C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

C:\Program Files (x86)\Polar\Daemon\polard.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Users\Fam. Lilja\Downloads\dds.scr

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dn.se/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot

mRun: [C:\Windows\SysWOW64\V0260Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0260Ext.ax

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Telia] "C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{07BF25FE-961C-40AD-9073-A55C226257C0} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EB1C08C3-3389-4DA6-B79D-36A46A6085BC} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{0347C33E-8762-4905-BF09-768834316C61}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3049C3E9-B461-4BC5-8870-4C09146192CA}

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

{53707962-6F74-2D53-2644-206D7942484F}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Standard)]

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot

mRun-x64: [C:\Windows\SysWOW64\V0260Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0260Ext.ax

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Telia] "C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Fam. Lilja\AppData\Roaming\Mozilla\Firefox\Profiles\s1ydk5gg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa2.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? gupdate;Tj„nsten Google Update (gupdate)

R? gupdatem;Tj„nsten Google Update (gupdatem)

R? MozillaMaintenance;Mozilla Maintenance Service

R? NDISKIO;NDISKIO

R? NisDrv;Microsoft Network Inspection System

R? NisSrv;Microsoft N„tverkskontroll

R? PerfHost;V„rd f”r prestandar„knar-DLL

R? RkHit;RkHit

R? Sony PC Companion;Sony PC Companion

R? TdsNordecr;Nordea NCR1 SmartCard Reader

R? Tdsshbecr;Handelsbanken card reader

R? V0260VID;Live! Cam Vista IM

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-26 17:26:30 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E70F4F12-4B4F-4F74-A0FF-A362CB2063DD}\mpengine.dll

2012-07-25 12:06:41 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-23 18:39:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-23 16:47:03 -------- d-----w- C:\Users\Fam. Lilja\AppData\Roaming\f-secure

2012-07-23 16:46:30 -------- d-----w- C:\ProgramData\F-Secure

2012-07-13 15:56:44 -------- d-----w- C:\Users\Fam. Lilja\AppData\Local\CRE

2012-07-12 01:00:58 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 20:28:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59238CFC-B72F-41DF-A282-70C56D272B30}\gapaengine.dll

2012-07-09 20:24:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-07-09 20:24:19 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-07-09 20:23:39 345984 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-07-09 17:01:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-07-09 17:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-06 07:34:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A0E29DE7-0DE2-4567-8BD1-CC2A0BC7CD4C}\mpengine.dll

2012-06-28 16:54:53 -------- d-----w- C:\Users\Fam. Lilja\AppData\Local\Macromedia

.

==================== Find3M ====================

.

2012-07-27 14:22:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 14:22:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 13:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

============= FINISH: 17:59:33,51 ===============

Attach.txt

[Cecilia]

Vilken fil och mapp rapporterar MSE att trojanen finns i?

 

Avinstallera:

Java™ 6 Update 29

Java™ SE Runtime Environment 6 Update 1

För det är gamla programversioner med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

Du fick inte med hela Attach.txt, början saknas.

 

Kör inga andra program för att rensa datorn än dem jag ber dig köra för annars så blir det väldigt svårt att veta vad som händer med datorn.

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[ePlay]

Kan varna att inte lyssna på sådana personer som ringer från internet, då de ringer runt om i världen och säger att du har "fel" i din dator och att du måste fixa det genom något "skit". Lägg på när någon hävdar att de är från något bolag ps de pratar även engelska

[Smirre]

Tack Cecilia för att du hjälper mig!

 

MSE rapporterar att den hitttat "Sinowal.gen!Y" i följande sökväg:

C:\Windows\Temp\wneffounek\plugin.dll

 

Sen har den även hittat något den kaller "Winwebsec" i följande sökväg:

C:\Users\Fam. Lilja\AppData\Local\gxztwwepb.exe

 

Och idag dök det upp någon ny variant som MSE kaller "Sinowal.gen!B" och om den rapporteras följande:

C:\ProgramData\Windows\msseedir.dll

copyhookhandler:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Directory\SHELLEX\COPYHOOKHANDLERS\MSCopy

copyhookhandler:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Wow6432Node\Directory\SHELLEX\COPYHOOKHANDLERS\MSCopy

regkey:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}

regkey:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Directory\SHELLEX\COPYHOOKHANDLERS\MSCopy

regkey:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Wow6432Node\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}

regkey:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Wow6432Node\Directory\SHELLEX\COPYHOOKHANDLERS\MSCopy

clsid:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}

clsid:HKCU@S-1-5-21-3382750804-3770663983-371864604-1004\SOFTWARE\CLASSES\Wow6432Node\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}

 

 

Jag har avinstallerat Java. Jag prövade att köra DDS igen men filen Attach.txt ser likadan ut då som den jag bifogade i mitt första inlägg.

 

Jag körde igång ComboFix och lät sen datorn stå en stund, när jag kom tillbaka fanns följade logg på skärmen:

 

ComboFix 12-07-27.03 - Fam. Lilja 2012-07-28 17:18:42.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2171 [GMT 2:00]

Körs från: c:\users\Fam. Lilja\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\ClickPotatoLite

c:\program files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf

c:\programdata\ClickPotatoLiteSA

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk

c:\programdata\Windows

c:\programdata\windows\ccdxmmde.dat

c:\programdata\windows\du44.dat

c:\programdata\Windows\xessmsxe.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_RkHit

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-28 till 2012-07-28 ))))))))))))))))))))))))))))))

.

.

2012-07-28 15:27 . 2012-07-28 15:27 -------- d-----w- c:\users\FAM~1~LIL\AppData\Local\temp

2012-07-28 15:27 . 2012-07-28 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-27 18:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89C54259-E4C5-4417-BD50-2C5355571F4D}\mpengine.dll

2012-07-26 17:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-23 16:47 . 2012-07-23 16:47 -------- d-----w- c:\users\Fam. Lilja\AppData\Roaming\f-secure

2012-07-23 16:46 . 2012-07-23 16:46 -------- d-----w- c:\programdata\F-Secure

2012-07-13 15:56 . 2012-07-13 15:56 -------- d-----w- c:\users\Fam. Lilja\AppData\Local\CRE

2012-07-12 01:00 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 20:28 . 2012-07-09 20:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59238CFC-B72F-41DF-A282-70C56D272B30}\gapaengine.dll

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-09 20:23 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-09 17:01 . 2012-07-09 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 17:01 . 2012-07-09 17:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-06-28 16:54 . 2012-06-28 16:54 -------- d-----w- c:\users\Fam. Lilja\AppData\Local\Macromedia

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 14:22 . 2012-04-04 16:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 14:22 . 2011-07-04 16:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe

2012-07-03 16:21 . 2011-01-14 08:57 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-02 22:19 . 2012-06-21 12:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 12:18 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 12:18 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 12:18 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 12:18 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-21 12:18 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 12:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-21 12:18 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 13:19 . 2012-06-21 12:17 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:19 . 2012-06-21 12:17 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 13:15 . 2012-06-21 12:17 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 13:12 . 2012-06-21 12:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-05-31 04:04 . 2012-07-06 07:34 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0E29DE7-0DE2-4567-8BD1-CC2A0BC7CD4C}\mpengine.dll

2012-05-01 14:29 . 2012-06-14 05:19 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]

"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\SysWOW64\V0260Ext.ax"="c:\windows\SysWOW64\V0260Ext.ax" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-23 274608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Telia"="c:\program files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" [2009-06-16 201976]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

.

c:\users\Fam. Lilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Media Player.lnk - c:\program files (x86)\Adobe Media Player\Adobe Media Player.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-8-8 1087896]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Polar WebSync.lnk - d:\dokument\Erik´s\Polar\WebSync.exe [2011-12-13 6121984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

ezSharedSvc

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:22]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF26455.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.dn.se/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Fam. Lilja\AppData\Roaming\Mozilla\Firefox\Profiles\s1ydk5gg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-OsdMaestro - c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM-Run-snp2std - c:\windows\vsnp2std.exe

AddRemove-Monster Trucks Nitro Demo - c:\users\Fam. Lilja\Desktop\Monster Trucks Nitro Demo\uninst.exe

AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe

AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\CDBurnerXP\NMSAccessU.exe

c:\program files (x86)\Polar\Daemon\polard.exe

c:\program files (x86)\Telia\Supportassistent\bin\sprtsvc.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Sluttid: 2012-07-28 17:39:37 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-28 15:39

.

Före genomsökningen: 171 258 458 112 byte ledigt

Efter genomsökningen: 171 449 790 464 byte ledigt

.

- - End Of File - - 103F9CF2B16E25ED27ABCD42EBB86EEF

[Cecilia]

1.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

 

Klicka på Start Scan.

 

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

2.

Starta om datorn.

Spara aswMBR på skrivbordet: http://public.avast.com/~gmerek/aswMBR.exe

Starta om datorn och låt bli att starta några program.

Dubbel-klicka på aswMBR.exe för att köra programmet.

Klicka på Scan-knappen för att börja genomsökningen.

När den är klar så spara (Save) loggen på skrivbordet.

Klistra in loggen i ditt svar här.

[Cecilia]

Hur har det gått?

[Smirre]

Tack Cecilia för att du engagerar dig! :-) Datorn står hemma hos mina föräldrar och jag har inte haft möjlighet att åka dit på några dagar men imorgon kväll ska jag dit så då kommer det en fortsättning.

[Cecilia]

Vad bra!

Jag började undra om du hade gett upp.

[Smirre]

Då har jag gjort följande:

 

Körde TDSSKiller, den hittade inget. Här kommer loggen:

 

20:30:33.0936 9384 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

20:30:34.0061 9384 ============================================================

20:30:34.0061 9384 Current date / time: 2012/08/01 20:30:34.0061

20:30:34.0061 9384 SystemInfo:

20:30:34.0061 9384

20:30:34.0061 9384 OS Version: 6.0.6002 ServicePack: 2.0

20:30:34.0061 9384 Product type: Workstation

20:30:34.0061 9384 ComputerName: HP-LILJA

20:30:34.0061 9384 UserName: Fam. Lilja

20:30:34.0061 9384 Windows directory: C:\Windows

20:30:34.0061 9384 System windows directory: C:\Windows

20:30:34.0061 9384 Running under WOW64

20:30:34.0061 9384 Processor architecture: Intel x64

20:30:34.0061 9384 Number of processors: 4

20:30:34.0061 9384 Page size: 0x1000

20:30:34.0061 9384 Boot type: Normal boot

20:30:34.0061 9384 ============================================================

20:30:35.0309 9384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:30:35.0324 9384 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:30:35.0356 9384 ============================================================

20:30:35.0356 9384 \Device\Harddisk0\DR0:

20:30:35.0356 9384 MBR partitions:

20:30:35.0356 9384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38AFD701

20:30:35.0356 9384 \Device\Harddisk1\DR1:

20:30:35.0356 9384 MBR partitions:

20:30:35.0356 9384 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

20:30:35.0356 9384 ============================================================

20:30:35.0387 9384 C: <-> \Device\Harddisk0\DR0\Partition0

20:30:35.0402 9384 D: <-> \Device\Harddisk1\DR1\Partition0

20:30:35.0402 9384 ============================================================

20:30:35.0402 9384 Initialize success

20:30:35.0402 9384 ============================================================

20:30:42.0095 6100 ============================================================

20:30:42.0095 6100 Scan started

20:30:42.0095 6100 Mode: Manual;

20:30:42.0095 6100 ============================================================

20:30:42.0968 6100 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

20:30:42.0984 6100 ACPI - ok

20:30:43.0078 6100 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:30:43.0078 6100 AdobeFlashPlayerUpdateSvc - ok

20:30:43.0156 6100 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

20:30:43.0171 6100 adp94xx - ok

20:30:43.0218 6100 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

20:30:43.0234 6100 adpahci - ok

20:30:43.0249 6100 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

20:30:43.0249 6100 adpu160m - ok

20:30:43.0280 6100 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

20:30:43.0280 6100 adpu320 - ok

20:30:43.0327 6100 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

20:30:43.0327 6100 AeLookupSvc - ok

20:30:43.0374 6100 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

20:30:43.0390 6100 AFD - ok

20:30:43.0421 6100 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

20:30:43.0421 6100 agp440 - ok

20:30:43.0436 6100 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

20:30:43.0436 6100 aic78xx - ok

20:30:43.0452 6100 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

20:30:43.0452 6100 ALG - ok

20:30:43.0468 6100 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

20:30:43.0468 6100 aliide - ok

20:30:43.0483 6100 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

20:30:43.0483 6100 amdide - ok

20:30:43.0499 6100 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

20:30:43.0499 6100 AmdK8 - ok

20:30:43.0546 6100 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

20:30:43.0546 6100 Appinfo - ok

20:30:43.0624 6100 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:30:43.0624 6100 Apple Mobile Device - ok

20:30:43.0670 6100 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

20:30:43.0670 6100 arc - ok

20:30:43.0702 6100 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

20:30:43.0702 6100 arcsas - ok

20:30:43.0780 6100 aspnet_state - ok

20:30:43.0811 6100 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

20:30:43.0811 6100 AsyncMac - ok

20:30:43.0842 6100 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

20:30:43.0842 6100 atapi - ok

20:30:43.0920 6100 athr (3011f65a14aeba2599f4c06a82b6a57a) C:\Windows\system32\DRIVERS\athrx.sys

20:30:43.0936 6100 athr - ok

20:30:43.0998 6100 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

20:30:44.0014 6100 AudioEndpointBuilder - ok

20:30:44.0029 6100 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

20:30:44.0029 6100 AudioSrv - ok

20:30:44.0029 6100 Beep - ok

20:30:44.0092 6100 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

20:30:44.0107 6100 BFE - ok

20:30:44.0201 6100 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

20:30:44.0232 6100 BITS - ok

20:30:44.0279 6100 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

20:30:44.0279 6100 blbdrive - ok

20:30:44.0372 6100 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:30:44.0388 6100 Bonjour Service - ok

20:30:44.0435 6100 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

20:30:44.0435 6100 bowser - ok

20:30:44.0466 6100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

20:30:44.0466 6100 BrFiltLo - ok

20:30:44.0482 6100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

20:30:44.0482 6100 BrFiltUp - ok

20:30:44.0513 6100 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

20:30:44.0513 6100 Browser - ok

20:30:44.0528 6100 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

20:30:44.0560 6100 Brserid - ok

20:30:44.0591 6100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

20:30:44.0591 6100 BrSerWdm - ok

20:30:44.0591 6100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

20:30:44.0591 6100 BrUsbMdm - ok

20:30:44.0606 6100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

20:30:44.0606 6100 BrUsbSer - ok

20:30:44.0622 6100 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

20:30:44.0622 6100 BTHMODEM - ok

20:30:44.0653 6100 catchme - ok

20:30:44.0684 6100 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

20:30:44.0684 6100 cdfs - ok

20:30:44.0700 6100 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

20:30:44.0700 6100 cdrom - ok

20:30:44.0747 6100 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

20:30:44.0747 6100 CertPropSvc - ok

20:30:44.0762 6100 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

20:30:44.0762 6100 circlass - ok

20:30:44.0794 6100 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

20:30:44.0809 6100 CLFS - ok

20:30:44.0887 6100 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:30:44.0887 6100 clr_optimization_v2.0.50727_32 - ok

20:30:44.0934 6100 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:30:44.0934 6100 clr_optimization_v2.0.50727_64 - ok

20:30:44.0981 6100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:30:44.0981 6100 clr_optimization_v4.0.30319_32 - ok

20:30:45.0043 6100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:30:45.0043 6100 clr_optimization_v4.0.30319_64 - ok

20:30:45.0059 6100 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

20:30:45.0059 6100 cmdide - ok

20:30:45.0074 6100 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

20:30:45.0074 6100 Compbatt - ok

20:30:45.0090 6100 COMSysApp - ok

20:30:45.0106 6100 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

20:30:45.0106 6100 crcdisk - ok

20:30:45.0168 6100 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

20:30:45.0184 6100 CryptSvc - ok

20:30:45.0246 6100 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

20:30:45.0262 6100 DcomLaunch - ok

20:30:45.0308 6100 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

20:30:45.0308 6100 DfsC - ok

20:30:45.0480 6100 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

20:30:45.0542 6100 DFSR - ok

20:30:45.0652 6100 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

20:30:45.0667 6100 Dhcp - ok

20:30:45.0698 6100 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

20:30:45.0698 6100 disk - ok

20:30:45.0761 6100 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

20:30:45.0761 6100 Dnscache - ok

20:30:45.0808 6100 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

20:30:45.0823 6100 dot3svc - ok

20:30:45.0870 6100 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

20:30:45.0870 6100 Dot4 - ok

20:30:45.0917 6100 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

20:30:45.0917 6100 Dot4Print - ok

20:30:45.0948 6100 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

20:30:45.0948 6100 dot4usb - ok

20:30:45.0979 6100 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

20:30:45.0979 6100 DPS - ok

20:30:46.0026 6100 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

20:30:46.0026 6100 drmkaud - ok

20:30:46.0073 6100 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

20:30:46.0073 6100 DXGKrnl - ok

20:30:46.0135 6100 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

20:30:46.0198 6100 E1G60 - ok

20:30:46.0213 6100 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

20:30:46.0213 6100 EapHost - ok

20:30:46.0260 6100 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

20:30:46.0260 6100 Ecache - ok

20:30:46.0307 6100 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

20:30:46.0322 6100 ehRecvr - ok

20:30:46.0338 6100 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

20:30:46.0354 6100 ehSched - ok

20:30:46.0369 6100 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

20:30:46.0369 6100 ehstart - ok

20:30:46.0400 6100 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

20:30:46.0416 6100 elxstor - ok

20:30:46.0463 6100 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

20:30:46.0478 6100 EMDMgmt - ok

20:30:46.0494 6100 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

20:30:46.0494 6100 ErrDev - ok

20:30:46.0525 6100 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

20:30:46.0541 6100 EventSystem - ok

20:30:46.0588 6100 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

20:30:46.0603 6100 exfat - ok

20:30:46.0634 6100 ezSharedSvc - ok

20:30:46.0666 6100 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

20:30:46.0666 6100 fastfat - ok

20:30:46.0681 6100 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

20:30:46.0697 6100 fdc - ok

20:30:46.0697 6100 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

20:30:46.0697 6100 fdPHost - ok

20:30:46.0712 6100 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

20:30:46.0712 6100 FDResPub - ok

20:30:46.0728 6100 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

20:30:46.0728 6100 FileInfo - ok

20:30:46.0744 6100 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

20:30:46.0744 6100 Filetrace - ok

20:30:46.0759 6100 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:30:46.0759 6100 flpydisk - ok

20:30:46.0806 6100 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

20:30:46.0822 6100 FltMgr - ok

20:30:46.0931 6100 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

20:30:46.0962 6100 FontCache - ok

20:30:47.0009 6100 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:30:47.0009 6100 FontCache3.0.0.0 - ok

20:30:47.0071 6100 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

20:30:47.0071 6100 Fs_Rec - ok

20:30:47.0102 6100 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

20:30:47.0102 6100 gagp30kx - ok

20:30:47.0165 6100 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:30:47.0165 6100 GEARAspiWDM - ok

20:30:47.0227 6100 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

20:30:47.0243 6100 gpsvc - ok

20:30:47.0258 6100 grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys

20:30:47.0258 6100 grmnusb - ok

20:30:47.0352 6100 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:30:47.0368 6100 gupdate - ok

20:30:47.0383 6100 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:30:47.0383 6100 gupdatem - ok

20:30:47.0430 6100 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

20:30:47.0430 6100 gusvc - ok

20:30:47.0477 6100 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

20:30:47.0477 6100 HdAudAddService - ok

20:30:47.0539 6100 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:30:47.0555 6100 HDAudBus - ok

20:30:47.0586 6100 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

20:30:47.0586 6100 HidBth - ok

20:30:47.0602 6100 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

20:30:47.0617 6100 HidIr - ok

20:30:47.0633 6100 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

20:30:47.0633 6100 hidserv - ok

20:30:47.0664 6100 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

20:30:47.0664 6100 HidUsb - ok

20:30:47.0680 6100 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

20:30:47.0695 6100 hkmsvc - ok

20:30:47.0914 6100 HP Health Check Service (cb383ab0b8ba871d893b86d3c9a3ed9f) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

20:30:47.0914 6100 HP Health Check Service - ok

20:30:47.0960 6100 HPBtnSrv (deb82af183f1cd06813d91ed104c645c) c:\hp\HPEZBTN\HPBtnSrv.exe

20:30:47.0960 6100 HPBtnSrv - ok

20:30:47.0992 6100 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

20:30:47.0992 6100 HpCISSs - ok

20:30:48.0085 6100 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

20:30:48.0085 6100 hpqcxs08 - ok

20:30:48.0101 6100 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

20:30:48.0116 6100 hpqddsvc - ok

20:30:48.0179 6100 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

20:30:48.0210 6100 HTTP - ok

20:30:48.0226 6100 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

20:30:48.0226 6100 i2omp - ok

20:30:48.0257 6100 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

20:30:48.0257 6100 i8042prt - ok

20:30:48.0319 6100 IAANTMON (204a73a56751c68c6031e9d5d611ec98) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

20:30:48.0335 6100 IAANTMON - ok

20:30:48.0382 6100 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys

20:30:48.0382 6100 iaStor - ok

20:30:48.0397 6100 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

20:30:48.0413 6100 iaStorV - ok

20:30:48.0522 6100 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:30:48.0538 6100 idsvc - ok

20:30:48.0553 6100 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

20:30:48.0553 6100 iirsp - ok

20:30:48.0600 6100 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

20:30:48.0631 6100 IKEEXT - ok

20:30:48.0740 6100 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys

20:30:48.0740 6100 IntcAzAudAddService - ok

20:30:48.0772 6100 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

20:30:48.0772 6100 intelide - ok

20:30:48.0787 6100 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

20:30:48.0787 6100 intelppm - ok

20:30:48.0818 6100 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

20:30:48.0818 6100 IPBusEnum - ok

20:30:48.0850 6100 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:30:48.0850 6100 IpFilterDriver - ok

20:30:48.0896 6100 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

20:30:48.0912 6100 iphlpsvc - ok

20:30:48.0912 6100 IpInIp - ok

20:30:48.0943 6100 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

20:30:48.0943 6100 IPMIDRV - ok

20:30:48.0959 6100 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

20:30:48.0974 6100 IPNAT - ok

20:30:49.0052 6100 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

20:30:49.0068 6100 iPod Service - ok

20:30:49.0084 6100 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

20:30:49.0084 6100 IRENUM - ok

20:30:49.0115 6100 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

20:30:49.0115 6100 isapnp - ok

20:30:49.0146 6100 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

20:30:49.0146 6100 iScsiPrt - ok

20:30:49.0162 6100 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

20:30:49.0162 6100 iteatapi - ok

20:30:49.0193 6100 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

20:30:49.0193 6100 iteraid - ok

20:30:49.0224 6100 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

20:30:49.0224 6100 kbdclass - ok

20:30:49.0240 6100 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

20:30:49.0240 6100 kbdhid - ok

20:30:49.0286 6100 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:30:49.0286 6100 KeyIso - ok

20:30:49.0349 6100 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

20:30:49.0364 6100 KSecDD - ok

20:30:49.0380 6100 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

20:30:49.0380 6100 ksthunk - ok

20:30:49.0427 6100 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

20:30:49.0442 6100 KtmRm - ok

20:30:49.0505 6100 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

20:30:49.0505 6100 LanmanServer - ok

20:30:49.0520 6100 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

20:30:49.0536 6100 LanmanWorkstation - ok

20:30:49.0598 6100 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

20:30:49.0630 6100 LightScribeService - ok

20:30:49.0661 6100 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

20:30:49.0661 6100 lltdio - ok

20:30:49.0692 6100 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

20:30:49.0708 6100 lltdsvc - ok

20:30:49.0723 6100 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

20:30:49.0723 6100 lmhosts - ok

20:30:49.0754 6100 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

20:30:49.0754 6100 LSI_FC - ok

20:30:49.0786 6100 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

20:30:49.0786 6100 LSI_SAS - ok

20:30:49.0801 6100 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

20:30:49.0801 6100 LSI_SCSI - ok

20:30:49.0832 6100 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

20:30:49.0832 6100 luafv - ok

20:30:49.0848 6100 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

20:30:49.0848 6100 Mcx2Svc - ok

20:30:49.0910 6100 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

20:30:49.0926 6100 MDM - ok

20:30:49.0957 6100 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

20:30:49.0957 6100 megasas - ok

20:30:49.0988 6100 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

20:30:50.0004 6100 MegaSR - ok

20:30:50.0020 6100 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

20:30:50.0020 6100 MMCSS - ok

20:30:50.0035 6100 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

20:30:50.0035 6100 Modem - ok

20:30:50.0082 6100 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

20:30:50.0082 6100 monitor - ok

20:30:50.0098 6100 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

20:30:50.0098 6100 mouclass - ok

20:30:50.0129 6100 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

20:30:50.0129 6100 mouhid - ok

20:30:50.0144 6100 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

20:30:50.0144 6100 MountMgr - ok

20:30:50.0207 6100 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:30:50.0238 6100 MozillaMaintenance - ok

20:30:50.0300 6100 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

20:30:50.0300 6100 MpFilter - ok

20:30:50.0332 6100 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

20:30:50.0332 6100 mpio - ok

20:30:50.0347 6100 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

20:30:50.0347 6100 mpsdrv - ok

20:30:50.0394 6100 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

20:30:50.0410 6100 MpsSvc - ok

20:30:50.0425 6100 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

20:30:50.0441 6100 Mraid35x - ok

20:30:50.0456 6100 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

20:30:50.0456 6100 MRxDAV - ok

20:30:50.0488 6100 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:30:50.0503 6100 mrxsmb - ok

20:30:50.0534 6100 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:30:50.0597 6100 mrxsmb10 - ok

20:30:50.0612 6100 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:30:50.0644 6100 mrxsmb20 - ok

20:30:50.0659 6100 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

20:30:50.0659 6100 msahci - ok

20:30:50.0675 6100 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

20:30:50.0690 6100 msdsm - ok

20:30:50.0706 6100 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

20:30:50.0706 6100 MSDTC - ok

20:30:50.0737 6100 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

20:30:50.0737 6100 Msfs - ok

20:30:50.0768 6100 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

20:30:50.0768 6100 msisadrv - ok

20:30:50.0800 6100 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

20:30:50.0815 6100 MSiSCSI - ok

20:30:50.0815 6100 msiserver - ok

20:30:50.0846 6100 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

20:30:50.0846 6100 MSKSSRV - ok

20:30:50.0893 6100 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe

20:30:50.0893 6100 MsMpSvc - ok

20:30:50.0909 6100 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

20:30:50.0909 6100 MSPCLOCK - ok

20:30:50.0909 6100 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

20:30:50.0924 6100 MSPQM - ok

20:30:50.0956 6100 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

20:30:50.0971 6100 MsRPC - ok

20:30:50.0987 6100 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

20:30:50.0987 6100 mssmbios - ok

20:30:51.0002 6100 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

20:30:51.0002 6100 MSTEE - ok

20:30:51.0018 6100 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

20:30:51.0034 6100 Mup - ok

20:30:51.0049 6100 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

20:30:51.0080 6100 napagent - ok

20:30:51.0112 6100 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

20:30:51.0127 6100 NativeWifiP - ok

20:30:51.0205 6100 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

20:30:51.0236 6100 NDIS - ok

20:30:51.0361 6100 NDISKIO - ok

20:30:51.0439 6100 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

20:30:51.0455 6100 NdisTapi - ok

20:30:51.0455 6100 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

20:30:51.0455 6100 Ndisuio - ok

20:30:51.0486 6100 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

20:30:51.0486 6100 NdisWan - ok

20:30:51.0502 6100 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

20:30:51.0502 6100 NDProxy - ok

20:30:51.0564 6100 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll

20:30:51.0564 6100 Net Driver HPZ12 - ok

20:30:51.0580 6100 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

20:30:51.0580 6100 NetBIOS - ok

20:30:51.0595 6100 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

20:30:51.0611 6100 netbt - ok

20:30:51.0626 6100 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:30:51.0626 6100 Netlogon - ok

20:30:51.0689 6100 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

20:30:51.0704 6100 Netman - ok

20:30:51.0720 6100 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

20:30:51.0736 6100 netprofm - ok

20:30:51.0782 6100 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:30:51.0782 6100 NetTcpPortSharing - ok

20:30:51.0798 6100 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

20:30:51.0798 6100 nfrd960 - ok

20:30:51.0845 6100 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:30:51.0845 6100 NisDrv - ok

20:30:51.0892 6100 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe

20:30:51.0907 6100 NisSrv - ok

20:30:51.0938 6100 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

20:30:51.0938 6100 NlaSvc - ok

20:30:52.0032 6100 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

20:30:52.0032 6100 NMSAccessU - ok

20:30:52.0048 6100 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

20:30:52.0048 6100 Npfs - ok

20:30:52.0063 6100 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

20:30:52.0079 6100 nsi - ok

20:30:52.0094 6100 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

20:30:52.0094 6100 nsiproxy - ok

20:30:52.0172 6100 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

20:30:52.0204 6100 Ntfs - ok

20:30:52.0282 6100 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

20:30:52.0282 6100 Null - ok

20:30:52.0765 6100 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:30:52.0828 6100 nvlddmkm - ok

20:30:52.0890 6100 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

20:30:52.0890 6100 nvraid - ok

20:30:52.0906 6100 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

20:30:52.0906 6100 nvstor - ok

20:30:52.0937 6100 nvsvc (fce8537bf5d504680212d536a3bfe5e2) C:\Windows\system32\nvvsvc.exe

20:30:52.0952 6100 nvsvc - ok

20:30:52.0968 6100 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

20:30:52.0984 6100 nv_agp - ok

20:30:52.0984 6100 NwlnkFlt - ok

20:30:52.0984 6100 NwlnkFwd - ok

20:30:53.0030 6100 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

20:30:53.0030 6100 ohci1394 - ok

20:30:53.0077 6100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:30:53.0077 6100 ose - ok

20:30:53.0155 6100 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:30:53.0186 6100 p2pimsvc - ok

20:30:53.0186 6100 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:30:53.0186 6100 p2psvc - ok

20:30:53.0218 6100 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

20:30:53.0218 6100 Parport - ok

20:30:53.0264 6100 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

20:30:53.0264 6100 partmgr - ok

20:30:53.0327 6100 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

20:30:53.0327 6100 PcaSvc - ok

20:30:53.0358 6100 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

20:30:53.0358 6100 pci - ok

20:30:53.0374 6100 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

20:30:53.0374 6100 pciide - ok

20:30:53.0389 6100 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

20:30:53.0389 6100 pcmcia - ok

20:30:53.0436 6100 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

20:30:53.0452 6100 PEAUTH - ok

20:30:53.0514 6100 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

20:30:53.0514 6100 PerfHost - ok

20:30:53.0576 6100 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

20:30:53.0608 6100 pla - ok

20:30:53.0639 6100 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

20:30:53.0654 6100 PlugPlay - ok

20:30:53.0732 6100 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll

20:30:53.0732 6100 Pml Driver HPZ12 - ok

20:30:53.0779 6100 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:30:53.0795 6100 PNRPAutoReg - ok

20:30:53.0795 6100 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:30:53.0810 6100 PNRPsvc - ok

20:30:53.0873 6100 Polar Daemon (c489d0c7d9684dcf98dc3f0272131419) C:\Program Files (x86)\Polar\Daemon\polard.exe

20:30:53.0888 6100 Polar Daemon - ok

20:30:53.0920 6100 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

20:30:53.0935 6100 PolicyAgent - ok

20:30:53.0982 6100 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

20:30:53.0982 6100 PptpMiniport - ok

20:30:54.0013 6100 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

20:30:54.0013 6100 Processor - ok

20:30:54.0044 6100 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

20:30:54.0044 6100 ProfSvc - ok

20:30:54.0091 6100 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:30:54.0091 6100 ProtectedStorage - ok

20:30:54.0122 6100 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

20:30:54.0122 6100 PSched - ok

20:30:54.0185 6100 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

20:30:54.0216 6100 ql2300 - ok

20:30:54.0232 6100 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

20:30:54.0232 6100 ql40xx - ok

20:30:54.0294 6100 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

20:30:54.0310 6100 QWAVE - ok

20:30:54.0325 6100 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

20:30:54.0325 6100 QWAVEdrv - ok

20:30:54.0341 6100 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

20:30:54.0341 6100 RasAcd - ok

20:30:54.0356 6100 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

20:30:54.0356 6100 RasAuto - ok

20:30:54.0372 6100 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:30:54.0372 6100 Rasl2tp - ok

20:30:54.0403 6100 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

20:30:54.0419 6100 RasMan - ok

20:30:54.0434 6100 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

20:30:54.0434 6100 RasPppoe - ok

20:30:54.0450 6100 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

20:30:54.0450 6100 RasSstp - ok

20:30:54.0481 6100 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

20:30:54.0497 6100 rdbss - ok

20:30:54.0497 6100 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:30:54.0497 6100 RDPCDD - ok

20:30:54.0544 6100 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

20:30:54.0559 6100 rdpdr - ok

20:30:54.0559 6100 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

20:30:54.0559 6100 RDPENCDD - ok

20:30:54.0622 6100 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

20:30:54.0622 6100 RDPWD - ok

20:30:54.0637 6100 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

20:30:54.0653 6100 RemoteAccess - ok

20:30:54.0684 6100 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

20:30:54.0715 6100 RemoteRegistry - ok

20:30:54.0715 6100 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

20:30:54.0731 6100 RpcLocator - ok

20:30:54.0778 6100 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

20:30:54.0778 6100 RpcSs - ok

20:30:54.0793 6100 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

20:30:54.0793 6100 rspndr - ok

20:30:54.0840 6100 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys

20:30:54.0856 6100 RTL8169 - ok

20:30:54.0902 6100 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:30:54.0902 6100 SamSs - ok

20:30:54.0934 6100 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

20:30:54.0934 6100 sbp2port - ok

20:30:55.0090 6100 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

20:30:55.0121 6100 SBSDWSCService - ok

20:30:55.0152 6100 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

20:30:55.0152 6100 SCardSvr - ok

20:30:55.0214 6100 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

20:30:55.0246 6100 Schedule - ok

20:30:55.0261 6100 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

20:30:55.0261 6100 SCPolicySvc - ok

20:30:55.0308 6100 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

20:30:55.0324 6100 SDRSVC - ok

20:30:55.0355 6100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:30:55.0370 6100 secdrv - ok

20:30:55.0370 6100 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

20:30:55.0370 6100 seclogon - ok

20:30:55.0386 6100 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

20:30:55.0386 6100 SENS - ok

20:30:55.0402 6100 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

20:30:55.0402 6100 Serenum - ok

20:30:55.0417 6100 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

20:30:55.0433 6100 Serial - ok

20:30:55.0433 6100 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

20:30:55.0433 6100 sermouse - ok

20:30:55.0464 6100 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

20:30:55.0464 6100 SessionEnv - ok

20:30:55.0480 6100 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

20:30:55.0495 6100 sffdisk - ok

20:30:55.0511 6100 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

20:30:55.0511 6100 sffp_mmc - ok

20:30:55.0526 6100 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

20:30:55.0558 6100 sffp_sd - ok

20:30:55.0573 6100 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

20:30:55.0573 6100 sfloppy - ok

20:30:55.0620 6100 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

20:30:55.0636 6100 SharedAccess - ok

20:30:55.0682 6100 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

20:30:55.0714 6100 ShellHWDetection - ok

20:30:55.0729 6100 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

20:30:55.0729 6100 SiSRaid2 - ok

20:30:55.0760 6100 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

20:30:55.0760 6100 SiSRaid4 - ok

20:30:55.0885 6100 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

20:30:55.0932 6100 slsvc - ok

20:30:55.0979 6100 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

20:30:55.0994 6100 SLUINotify - ok

20:30:56.0026 6100 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

20:30:56.0026 6100 Smb - ok

20:30:56.0041 6100 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

20:30:56.0057 6100 SNMPTRAP - ok

20:30:56.0166 6100 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

20:30:56.0182 6100 Sony PC Companion - ok

20:30:56.0197 6100 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

20:30:56.0197 6100 spldr - ok

20:30:56.0244 6100 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

20:30:56.0260 6100 Spooler - ok

20:30:56.0353 6100 sprtsvc_telia - ok

20:30:56.0416 6100 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

20:30:56.0431 6100 srv - ok

20:30:56.0478 6100 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

20:30:56.0494 6100 srv2 - ok

20:30:56.0509 6100 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

20:30:56.0509 6100 srvnet - ok

20:30:56.0525 6100 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

20:30:56.0540 6100 SSDPSRV - ok

20:30:56.0572 6100 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

20:30:56.0572 6100 SstpSvc - ok

20:30:56.0618 6100 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

20:30:56.0634 6100 stisvc - ok

20:30:56.0790 6100 SupportSoft RemoteAssist (9a97b7024e2ca4d42046bf272997e14c) C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe

20:30:56.0790 6100 SupportSoft RemoteAssist - ok

20:30:56.0837 6100 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

20:30:56.0837 6100 swenum - ok

20:30:56.0868 6100 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

20:30:56.0899 6100 swprv - ok

20:30:56.0915 6100 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

20:30:56.0915 6100 Symc8xx - ok

20:30:56.0930 6100 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

20:30:56.0946 6100 Sym_hi - ok

20:30:56.0962 6100 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

20:30:56.0962 6100 Sym_u3 - ok

20:30:57.0008 6100 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

20:30:57.0040 6100 SysMain - ok

20:30:57.0055 6100 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

20:30:57.0055 6100 TabletInputService - ok

20:30:57.0086 6100 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

20:30:57.0102 6100 TapiSrv - ok

20:30:57.0118 6100 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

20:30:57.0118 6100 TBS - ok

20:30:57.0211 6100 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys

20:30:57.0242 6100 Tcpip - ok

20:30:57.0258 6100 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys

20:30:57.0274 6100 Tcpip6 - ok

20:30:57.0289 6100 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys

20:30:57.0320 6100 tcpipreg - ok

20:30:57.0336 6100 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

20:30:57.0336 6100 TDPIPE - ok

20:30:57.0398 6100 TdsNordecr (86d1b3662ec12f2fead9cc6f58ef36f6) C:\Windows\system32\DRIVERS\nordecr.sys

20:30:57.0398 6100 TdsNordecr - ok

20:30:57.0445 6100 Tdsshbecr (03e62cd83a62859f4f796434ee6c385e) C:\Windows\system32\DRIVERS\shbecr.sys

20:30:57.0445 6100 Tdsshbecr - ok

20:30:57.0476 6100 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

20:30:57.0476 6100 TDTCP - ok

20:30:57.0508 6100 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

20:30:57.0508 6100 tdx - ok

20:30:57.0523 6100 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

20:30:57.0539 6100 TermDD - ok

20:30:57.0570 6100 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

20:30:57.0601 6100 TermService - ok

20:30:57.0648 6100 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

20:30:57.0648 6100 Themes - ok

20:30:57.0679 6100 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

20:30:57.0679 6100 THREADORDER - ok

20:30:57.0742 6100 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

20:30:57.0742 6100 TomTomHOMEService - ok

20:30:57.0773 6100 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

20:30:57.0788 6100 TrkWks - ok

20:30:57.0820 6100 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

20:30:57.0820 6100 TrustedInstaller - ok

20:30:57.0835 6100 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:30:57.0851 6100 tssecsrv - ok

20:30:57.0851 6100 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

20:30:57.0851 6100 tunmp - ok

20:30:57.0898 6100 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

20:30:57.0898 6100 tunnel - ok

20:30:57.0913 6100 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

20:30:57.0913 6100 uagp35 - ok

20:30:57.0960 6100 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

20:30:57.0976 6100 udfs - ok

20:30:57.0991 6100 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

20:30:57.0991 6100 UI0Detect - ok

20:30:58.0007 6100 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

20:30:58.0022 6100 uliagpkx - ok

20:30:58.0054 6100 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

20:30:58.0054 6100 uliahci - ok

20:30:58.0085 6100 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

20:30:58.0085 6100 UlSata - ok

20:30:58.0116 6100 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

20:30:58.0116 6100 ulsata2 - ok

20:30:58.0132 6100 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

20:30:58.0132 6100 umbus - ok

20:30:58.0163 6100 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

20:30:58.0178 6100 upnphost - ok

20:30:58.0225 6100 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

20:30:58.0225 6100 usbccgp - ok

20:30:58.0241 6100 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys

20:30:58.0241 6100 usbcir - ok

20:30:58.0272 6100 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

20:30:58.0272 6100 usbehci - ok

20:30:58.0303 6100 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

20:30:58.0350 6100 usbhub - ok

20:30:58.0366 6100 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

20:30:58.0366 6100 usbohci - ok

20:30:58.0381 6100 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

20:30:58.0381 6100 usbprint - ok

20:30:58.0412 6100 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

20:30:58.0412 6100 usbscan - ok

20:30:58.0444 6100 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:30:58.0444 6100 USBSTOR - ok

20:30:58.0459 6100 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

20:30:58.0459 6100 usbuhci - ok

20:30:58.0475 6100 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

20:30:58.0490 6100 UxSms - ok

20:30:58.0522 6100 V0260VID (513e9c22c6cd913ee594140de881adda) C:\Windows\system32\DRIVERS\V0260Vid.sys

20:30:58.0537 6100 V0260VID - ok

20:30:58.0553 6100 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

20:30:58.0568 6100 vds - ok

20:30:58.0584 6100 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

20:30:58.0600 6100 vga - ok

20:30:58.0615 6100 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

20:30:58.0615 6100 VgaSave - ok

20:30:58.0631 6100 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

20:30:58.0631 6100 viaide - ok

20:30:58.0646 6100 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

20:30:58.0646 6100 volmgr - ok

20:30:58.0678 6100 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

20:30:58.0693 6100 volmgrx - ok

20:30:58.0740 6100 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

20:30:58.0771 6100 volsnap - ok

20:30:58.0787 6100 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

20:30:58.0787 6100 vsmraid - ok

20:30:58.0865 6100 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

20:30:58.0896 6100 VSS - ok

20:30:58.0912 6100 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

20:30:58.0927 6100 W32Time - ok

20:30:58.0974 6100 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

20:30:58.0974 6100 WacomPen - ok

20:30:58.0990 6100 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:30:58.0990 6100 Wanarp - ok

20:30:59.0005 6100 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:30:59.0005 6100 Wanarpv6 - ok

20:30:59.0036 6100 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

20:30:59.0052 6100 wcncsvc - ok

20:30:59.0083 6100 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

20:30:59.0083 6100 WcsPlugInService - ok

20:30:59.0099 6100 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

20:30:59.0099 6100 Wd - ok

20:30:59.0146 6100 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

20:30:59.0177 6100 Wdf01000 - ok

20:30:59.0192 6100 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

20:30:59.0192 6100 WdiServiceHost - ok

20:30:59.0192 6100 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

20:30:59.0192 6100 WdiSystemHost - ok

20:30:59.0224 6100 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

20:30:59.0239 6100 WebClient - ok

20:30:59.0302 6100 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

20:30:59.0317 6100 Wecsvc - ok

20:30:59.0364 6100 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

20:30:59.0380 6100 wercplsupport - ok

20:30:59.0395 6100 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

20:30:59.0395 6100 WerSvc - ok

20:30:59.0426 6100 WinDefend - ok

20:30:59.0442 6100 WinHttpAutoProxySvc - ok

20:30:59.0473 6100 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

20:30:59.0489 6100 Winmgmt - ok

20:30:59.0645 6100 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

20:30:59.0692 6100 WinRM - ok

20:30:59.0785 6100 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

20:30:59.0816 6100 Wlansvc - ok

20:30:59.0848 6100 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

20:30:59.0848 6100 WmiAcpi - ok

20:30:59.0879 6100 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

20:30:59.0879 6100 wmiApSrv - ok

20:30:59.0910 6100 WMPNetworkSvc - ok

20:30:59.0941 6100 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

20:30:59.0941 6100 WPCSvc - ok

20:30:59.0988 6100 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

20:30:59.0988 6100 WPDBusEnum - ok

20:31:00.0035 6100 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

20:31:00.0050 6100 WpdUsb - ok

20:31:00.0175 6100 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:31:00.0206 6100 WPFFontCache_v0400 - ok

20:31:00.0222 6100 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

20:31:00.0222 6100 ws2ifsl - ok

20:31:00.0253 6100 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

20:31:00.0253 6100 wscsvc - ok

20:31:00.0253 6100 WSearch - ok

20:31:00.0394 6100 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:31:00.0472 6100 wuauserv - ok

20:31:00.0550 6100 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:31:00.0550 6100 WUDFRd - ok

20:31:00.0581 6100 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

20:31:00.0581 6100 wudfsvc - ok

20:31:00.0612 6100 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0

20:31:00.0784 6100 \Device\Harddisk0\DR0 - ok

20:31:00.0784 6100 MBR (0x1B8) (4606a12aed5e4ce105136c6c9c8ea568) \Device\Harddisk1\DR1

20:31:00.0784 6100 \Device\Harddisk1\DR1 - ok

20:31:00.0784 6100 Boot (0x1200) (46661f19c487351eb80f197d4b574353) \Device\Harddisk0\DR0\Partition0

20:31:00.0799 6100 \Device\Harddisk0\DR0\Partition0 - ok

20:31:00.0799 6100 Boot (0x1200) (0ba349e268cf8d3ece65e0b548b74d54) \Device\Harddisk1\DR1\Partition0

20:31:00.0799 6100 \Device\Harddisk1\DR1\Partition0 - ok

20:31:00.0799 6100 ============================================================

20:31:00.0799 6100 Scan finished

20:31:00.0799 6100 ============================================================

20:31:00.0799 6384 Detected object count: 0

20:31:00.0799 6384 Actual detected object count: 0

20:31:53.0746 5116 Deinitialize success

 

Startade om datorn och körde sen direkt igång aswMBR och här kommer loggen från den:

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-01 20:36:01

-----------------------------

20:36:01.650 OS Version: Windows x64 6.0.6002 Service Pack 2

20:36:01.650 Number of processors: 4 586 0xF0B

20:36:01.650 ComputerName: HP-LILJA UserName:

20:36:02.789 Initialize success

20:37:42.946 AVAST engine defs: 12080100

20:37:57.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:37:57.345 Disk 0 Vendor: ST350062 HP24 Size: 476940MB BusType: 8

20:37:57.360 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

20:37:57.360 Disk 1 Vendor: ST350062 HP24 Size: 476940MB BusType: 8

20:37:57.376 Disk 0 MBR read successfully

20:37:57.376 Disk 0 MBR scan

20:37:57.470 Disk 0 unknown MBR code

20:37:57.470 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464378 MB offset 63

20:37:57.532 Disk 0 scanning C:\Windows\system32\drivers

20:38:14.068 Service scanning

20:38:44.238 Modules scanning

20:38:44.238 Disk 0 trace - called modules:

20:38:44.270 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

20:38:44.270 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800669d790]

20:38:44.285 3 CLASSPNP.SYS[fffffa6000fc9c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004990050]

20:38:45.596 AVAST engine scan C:\Windows

20:38:56.890 AVAST engine scan C:\Windows\system32

20:44:08.906 AVAST engine scan C:\Windows\system32\drivers

20:44:28.406 AVAST engine scan C:\Users\Fam. Lilja

21:34:49.082 AVAST engine scan C:\ProgramData

21:38:53.410 Scan finished successfully

21:40:25.101 Disk 0 MBR has been saved successfully to "C:\Users\Fam. Lilja\Desktop\MBR.dat"

21:40:25.194 The log file has been saved successfully to "C:\Users\Fam. Lilja\Desktop\aswMBR.txt"

 

Under tiden som aswMBR kördes rapporterade MSE att den hittat något, nämligen detta:

Exploit:Java/CVE-2012-1723.AL i följande sökväg C:\Users\Fam. Lilja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7f3c7da-59ce5664

[Cecilia]

1.

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på Spybot-ikonen vid klockan och välj "Reset lists". Ikonen ser ut ungefär som ett Windows-fönster med ett hänglås på.

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

2.

Ta bort den ComboFix som du har nu och ladda ner en ny från den tidigare länken eftersom det nog har kommit ut en ny version vid det här laget.

 

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
C:\Windows\Temp\wneffounek
DirLook::

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

3.

Spara RougueKiller på Skrivbordet.

http://www.sur-la-toile.com/RogueKiller/

Stäng av alla program.

 

Kör RogueKiller. Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

 

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport RKreport.txt ska då ha skapats på Skrivbordet.

 

Klistra in innehållet i "RKreport.txt" i ditt svar.

 

4.

Det som MSE hittade nu senast tyder på att någon har surfat till en webbsida med skadlig Java-kod. Eftersom det fanns gamla Java-versioner i datorn kan datorn ha blivit infekterad den vägen.

[Smirre]

Hej!

 

Då har jag stängt av Tea-Timer och sen laddat ner en ny Combofix och startat den med scriptet, här kommer loggen:

 

ComboFix 12-08-04.02 - Fam. Lilja 2012-08-04 9:25.2.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2064 [GMT 2:00]

Körs från: c:\users\Fam. Lilja\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Fam. Lilja\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Fam. Lilja\AppData\Roaming\Howusu

c:\users\Fam. Lilja\AppData\Roaming\Howusu\guehp.exe

.

.

(((((((((((((((((((((((( Filer skapade från 2012-07-04 till 2012-08-04 ))))))))))))))))))))))))))))))

.

.

2012-08-04 07:34 . 2012-08-04 07:34 -------- d-----w- c:\users\FAM~1~LIL\AppData\Local\temp

2012-08-04 07:34 . 2012-08-04 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 07:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9DA18B5-F4FF-4DA1-B675-190F44F133A1}\mpengine.dll

2012-08-04 07:11 . 2012-08-04 07:11 -------- d-----w- c:\windows\LastGood.Tmp

2012-08-02 20:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-01 12:40 . 2012-08-04 07:21 -------- d-----w- c:\users\Fam. Lilja\AppData\Roaming\Uvteri

2012-08-01 12:40 . 2012-08-01 12:40 -------- d-----w- c:\users\Fam. Lilja\AppData\Roaming\Evsire

2012-07-28 17:13 . 2012-07-28 17:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-28 17:12 . 2012-07-28 17:12 -------- d-----w- c:\program files (x86)\Oracle

2012-07-28 17:11 . 2012-07-28 17:11 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-23 16:47 . 2012-07-23 16:47 -------- d-----w- c:\users\Fam. Lilja\AppData\Roaming\f-secure

2012-07-23 16:46 . 2012-07-23 16:46 -------- d-----w- c:\programdata\F-Secure

2012-07-13 15:56 . 2012-07-13 15:56 -------- d-----w- c:\users\Fam. Lilja\AppData\Local\CRE

2012-07-12 01:00 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 20:28 . 2012-07-09 20:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59238CFC-B72F-41DF-A282-70C56D272B30}\gapaengine.dll

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-09 20:23 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-09 17:01 . 2012-07-09 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 17:01 . 2012-07-09 17:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-06 07:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0E29DE7-0DE2-4567-8BD1-CC2A0BC7CD4C}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 21:22 . 2012-04-04 16:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-02 21:22 . 2011-07-04 16:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe

2012-07-03 16:21 . 2011-01-14 08:57 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-02 22:19 . 2012-06-21 12:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 12:18 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 12:18 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 12:18 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 12:18 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-21 12:18 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 12:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-21 12:18 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 13:19 . 2012-06-21 12:17 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:19 . 2012-06-21 12:17 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 13:15 . 2012-06-21 12:17 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 13:12 . 2012-06-21 12:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-28_15.32.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 03:20 . 2012-08-04 07:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2012-07-27 14:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2012-07-27 14:22 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-08-04 07:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2012-07-27 14:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2012-08-04 07:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2012-08-04 07:10 69800 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-08-04 07:10 77640 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-28 20:12 . 2012-08-04 07:10 17960 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382750804-3770663983-371864604-1004_UserData.bin

+ 2008-09-27 15:38 . 2012-08-03 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-27 15:38 . 2012-07-27 14:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-27 15:38 . 2012-08-03 15:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 15:38 . 2012-07-27 14:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 15:38 . 2012-07-27 14:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-27 15:38 . 2012-08-03 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 12:40 . 2012-07-04 06:36 86016 c:\windows\inf\infpub.dat

+ 2006-11-02 12:40 . 2012-08-04 07:11 86016 c:\windows\inf\infpub.dat

- 2008-09-28 01:20 . 2012-07-08 20:31 5616 c:\windows\system32\WDI\ERCQueuedResolutions.dat

+ 2008-09-28 01:20 . 2012-08-01 20:51 5616 c:\windows\system32\WDI\ERCQueuedResolutions.dat

+ 2012-08-04 07:36 . 2012-08-04 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-28 15:32 . 2012-07-28 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-04 07:36 . 2012-08-04 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-28 15:32 . 2012-07-28 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-02 21:22 . 2012-08-02 21:22 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe

+ 2012-08-02 20:22 . 2012-08-02 20:22 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

+ 2012-08-02 20:22 . 2012-08-02 20:22 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll

- 2012-04-04 16:56 . 2012-07-27 14:22 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-04 16:56 . 2012-08-02 21:22 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-28 17:11 . 2012-07-28 17:11 227824 c:\windows\SysWOW64\javaws.exe

+ 2012-07-28 17:11 . 2012-07-28 17:11 174064 c:\windows\SysWOW64\javaw.exe

+ 2012-07-28 17:11 . 2012-07-28 17:11 174064 c:\windows\SysWOW64\java.exe

- 2011-04-16 08:54 . 2012-07-27 14:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-04-16 08:54 . 2012-08-04 07:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2008-09-27 17:22 . 2012-08-03 18:44 332080 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-08-02 21:22 . 2012-08-02 21:22 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe

+ 2012-08-02 20:22 . 2012-08-02 20:22 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe

+ 2012-08-02 20:22 . 2012-08-02 20:22 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll

- 2010-04-03 19:28 . 2012-07-27 14:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-04-03 19:28 . 2012-08-02 21:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-02-22 21:41 . 2012-08-04 07:35 403936 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

- 2012-02-22 21:41 . 2012-07-28 15:31 403936 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

+ 2012-02-28 08:28 . 2012-08-04 07:35 456360 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

- 2012-02-28 08:28 . 2012-07-27 23:57 456360 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

+ 2011-07-14 21:01 . 2012-08-04 07:35 390784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-07-14 21:01 . 2012-07-28 15:31 390784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-28 17:13 . 2012-07-28 17:13 176128 c:\windows\Installer\5ad208.msi

+ 2012-07-28 17:12 . 2012-07-28 17:12 457216 c:\windows\Installer\5ad1f8.msi

+ 2012-07-28 17:11 . 2012-07-28 17:11 863744 c:\windows\Installer\5ad1f4.msi

+ 2006-11-02 12:40 . 2012-08-04 07:11 143360 c:\windows\inf\infstrng.dat

- 2006-11-02 12:40 . 2012-07-04 06:36 143360 c:\windows\inf\infstrng.dat

+ 2006-11-02 12:40 . 2012-08-04 07:11 143360 c:\windows\inf\infstor.dat

- 2006-11-02 12:40 . 2012-07-04 06:36 143360 c:\windows\inf\infstor.dat

+ 2012-08-02 21:22 . 2012-08-02 21:22 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

+ 2012-08-02 21:22 . 2012-08-02 21:22 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

+ 2011-05-24 08:59 . 2011-05-24 08:59 1002728 c:\windows\system32\DriverStore\FileRepository\so0101adb.inf_cbfe86d9\amd64\WinUSBCoInstaller2.dll

+ 2011-05-24 08:59 . 2011-05-24 08:59 1721576 c:\windows\system32\DriverStore\FileRepository\so0101adb.inf_cbfe86d9\amd64\WdfCoInstaller01009.dll

+ 2012-08-02 21:22 . 2012-08-02 21:22 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll

+ 2011-07-20 21:32 . 2012-08-04 07:35 10979596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

.

-- 'Snapshot' återställt till dagens datum --

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]

"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\SysWOW64\V0260Ext.ax"="c:\windows\SysWOW64\V0260Ext.ax" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-23 274608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Telia"="c:\program files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" [2009-06-16 201976]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Fam. Lilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Media Player.lnk - c:\program files (x86)\Adobe Media Player\Adobe Media Player.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-8-8 1087896]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Polar WebSync.lnk - d:\dokument\Erik´s\Polar\WebSync.exe [2011-12-13 6121984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

ezSharedSvc

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:22]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [bU]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656]

"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"snp2std"="c:\windows\vsnp2std.exe" [bU]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.dn.se/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Fam. Lilja\AppData\Roaming\Mozilla\Firefox\Profiles\s1ydk5gg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Wow6432Node-HKCU-Run-Sabuebo - c:\users\Fam. Lilja\AppData\Roaming\Howusu\guehp.exe

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\CDBurnerXP\NMSAccessU.exe

c:\program files (x86)\Telia\Supportassistent\bin\sprtsvc.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Sluttid: 2012-08-04 09:48:44 - datorn startades om.

ComboFix-quarantined-files.txt 2012-08-04 07:48

ComboFix2.txt 2012-07-28 15:39

.

Före genomsökningen: 220 992 167 936 byte ledigt

Efter genomsökningen: 221 035 536 384 byte ledigt

.

- - End Of File - - DC0D49D1DF4BDC131063491F578F2F51

 

 

 

Och så körde jag RougueKiller och här kommer den loggen:

 

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Fam. Lilja [Admin rights]

Mode: Scan -- Date: 08/04/2012 10:40:36

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 5 ¤¤¤

[RANDOMNAME] HKLM\[...]\Wow6432Node\Run : C:\Windows\SysWOW64\V0260Ext.ax (C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0260Ext.ax) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST3500620AS +++++

--- User ---

[MBR] b6d963747d291f5d27ca0c1e588c38ad

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464378 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST3500620AS +++++

--- User ---

[MBR] 22032b68f7ba9812b833d66496a955b1

[bSP] 2b4ffdc049fc2e15730af06cb23b564c : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Cecilia]

1.

Vistas och Windows 7s kontroll av användarkonto (UAC) är bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen:

Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

 

2.

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
c:\users\Fam. Lilja\AppData\Roaming\Uvteri
c:\users\Fam. Lilja\AppData\Roaming\Evsire
C:\Windows\Temp\wneffounek

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript och med kodningen ANSI.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

3.

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

[Smirre]

Logg från Combofix:

 

ComboFix 12-08-04.02 - Fam. Lilja 2012-08-04 20:47:15.3.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2677 [GMT 2:00]

Körs från: c:\users\Fam. Lilja\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Fam. Lilja\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Fam. Lilja\AppData\Roaming\Evsire

c:\users\Fam. Lilja\AppData\Roaming\Evsire\fixa.nah

c:\users\Fam. Lilja\AppData\Roaming\Uvteri

.

.

(((((((((((((((((((((((( Filer skapade från 2012-07-04 till 2012-08-04 ))))))))))))))))))))))))))))))

.

.

2012-08-04 18:56 . 2012-08-04 18:56 -------- d-----w- c:\users\FAM~1~LIL\AppData\Local\temp

2012-08-04 18:56 . 2012-08-04 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 08:57 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD46D4E6-902B-440E-858A-76A9CFC793F4}\mpengine.dll

2012-08-02 20:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-28 17:13 . 2012-07-28 17:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-28 17:12 . 2012-07-28 17:12 -------- d-----w- c:\program files (x86)\Oracle

2012-07-28 17:11 . 2012-07-28 17:11 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-23 18:39 . 2012-07-23 18:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-23 16:47 . 2012-07-23 16:47 -------- d-----w- c:\users\Fam. Lilja\AppData\Roaming\f-secure

2012-07-23 16:46 . 2012-07-23 16:46 -------- d-----w- c:\programdata\F-Secure

2012-07-13 15:56 . 2012-07-13 15:56 -------- d-----w- c:\users\Fam. Lilja\AppData\Local\CRE

2012-07-12 01:00 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 20:28 . 2012-07-09 20:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59238CFC-B72F-41DF-A282-70C56D272B30}\gapaengine.dll

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-09 20:24 . 2012-07-09 20:24 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-09 20:23 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-09 17:01 . 2012-07-09 17:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 17:01 . 2012-07-09 17:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 21:22 . 2012-04-04 16:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-02 21:22 . 2011-07-04 16:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe

2012-07-03 16:21 . 2011-01-14 08:57 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-02 22:19 . 2012-06-21 12:18 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 12:18 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 12:18 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 12:18 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-21 12:18 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 12:18 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-21 12:18 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 12:18 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-21 12:18 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 13:19 . 2012-06-21 12:17 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:19 . 2012-06-21 12:17 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 13:15 . 2012-06-21 12:17 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 13:12 . 2012-06-21 12:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-05-31 04:04 . 2012-07-06 07:34 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0E29DE7-0DE2-4567-8BD1-CC2A0BC7CD4C}\mpengine.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-08-04_07.36.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2012-08-04 18:59 69942 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-08-04 18:59 77664 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-28 20:12 . 2012-08-04 18:59 18190 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382750804-3770663983-371864604-1004_UserData.bin

+ 2008-09-27 15:38 . 2012-08-04 18:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-27 15:38 . 2012-08-03 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-27 15:38 . 2012-08-04 18:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 15:38 . 2012-08-03 15:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-27 15:38 . 2012-08-04 18:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-27 15:38 . 2012-08-03 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-28 01:20 . 2012-08-04 11:04 5712 c:\windows\system32\WDI\ERCQueuedResolutions.dat

- 2012-08-04 07:36 . 2012-08-04 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-04 18:57 . 2012-08-04 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-04 18:57 . 2012-08-04 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-04 07:36 . 2012-08-04 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-27 17:22 . 2012-08-03 18:44 332080 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-09-27 17:22 . 2012-08-04 10:52 332080 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-02-22 21:41 . 2012-08-04 18:56 403936 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

- 2012-02-22 21:41 . 2012-08-04 07:35 403936 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

- 2012-02-28 08:28 . 2012-08-04 07:35 456360 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

+ 2012-02-28 08:28 . 2012-08-04 18:56 456360 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

+ 2011-07-14 21:01 . 2012-08-04 18:56 390784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-07-14 21:01 . 2012-08-04 07:35 390784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-20 21:32 . 2012-08-04 18:56 10979596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

- 2011-07-20 21:32 . 2012-08-04 07:35 10979596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3382750804-3770663983-371864604-1004-12288.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]

"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\SysWOW64\V0260Ext.ax"="c:\windows\SysWOW64\V0260Ext.ax" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-23 274608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Telia"="c:\program files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" [2009-06-16 201976]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Fam. Lilja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Media Player.lnk - c:\program files (x86)\Adobe Media Player\Adobe Media Player.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-8-8 1087896]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Polar WebSync.lnk - d:\dokument\Erik´s\Polar\WebSync.exe [2011-12-13 6121984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

ezSharedSvc

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:22]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 11:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [bU]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656]

"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"snp2std"="c:\windows\vsnp2std.exe" [bU]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.dn.se/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Fam. Lilja\AppData\Roaming\Mozilla\Firefox\Profiles\s1ydk5gg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\CDBurnerXP\NMSAccessU.exe

c:\program files (x86)\Telia\Supportassistent\bin\sprtsvc.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Sluttid: 2012-08-04 21:09:58 - datorn startades om.

ComboFix-quarantined-files.txt 2012-08-04 19:09

ComboFix2.txt 2012-08-04 07:48

ComboFix3.txt 2012-07-28 15:39

.

Före genomsökningen: 220 882 509 824 byte ledigt

Efter genomsökningen: 220 835 102 720 byte ledigt

.

- - End Of File - - 6E68F0E958B7EA244EFC39B48970B972

 

 

Logg från Eset:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0005bb3e4957314ca03cf07c877c3467

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-04 10:01:02

# local_time=2012-08-05 12:01:02 (+0100, Västeuropa, sommartid)

# country="Sweden"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 56 2254797 181635762 0 0

# compatibility_mode=8192 67108863 100 0 145 145 0 0

# scanned=271256

# found=3

# cleaned=0

# scan_time=5805

C:\Qoobox\Quarantine\C\Users\Fam. Lilja\AppData\Roaming\Howusu\guehp.exe.vir a variant of Win32/Kryptik.AJKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Fam. Lilja\Downloads\PCSafeDoctor_Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\Fam. Lilja\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

[Cecilia]

Ta bort de här två filerna:

C:\Users\Fam. Lilja\Downloads\PCSafeDoctor_Setup.exe

C:\Users\Fam. Lilja\Downloads\registrybooster.exe

 

Kör DDS igen och klistra in loggarna.

 

Hur fungerar datorn nu?

[Smirre]

Hej,

 

Då har jag tagit bort filerna och kör DDS igen, här kommer loggen:

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by Fam. Lilja at 22:30:15 on 2012-08-05

.

============== Running Processes ===============

.

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

D:\Dokument\Erik´s\Polar\WebSync.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Polar\Daemon\polard.exe

C:\Program Files (x86)\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Users\Fam. Lilja\Desktop\dds.com

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dn.se/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=83&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

uRun: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot

mRun: [C:\Windows\SysWOW64\V0260Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0260Ext.ax

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Telia] "C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{07BF25FE-961C-40AD-9073-A55C226257C0} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EB1C08C3-3389-4DA6-B79D-36A46A6085BC} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{0347C33E-8762-4905-BF09-768834316C61}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3049C3E9-B461-4BC5-8870-4C09146192CA}

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

{53707962-6F74-2D53-2644-206D7942484F}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot

mRun-x64: [C:\Windows\SysWOW64\V0260Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0260Ext.ax

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Telia] "C:\Program Files (x86)\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE-X64: {925DAB62-F9AC-4221-806A-057BFB1014AA}

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Fam. Lilja\AppData\Roaming\Mozilla\Firefox\Profiles\s1ydk5gg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.godstart.se/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa2.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? gupdate;Tj„nsten Google Update (gupdate)

R? gupdatem;Tj„nsten Google Update (gupdatem)

R? MozillaMaintenance;Mozilla Maintenance Service

R? NDISKIO;NDISKIO

R? NisDrv;Microsoft Network Inspection System

R? NisSrv;Microsoft N„tverkskontroll

R? PerfHost;V„rd f”r prestandar„knar-DLL

R? Sony PC Companion;Sony PC Companion

R? TdsNordecr;Nordea NCR1 SmartCard Reader

R? Tdsshbecr;Handelsbanken card reader

R? V0260VID;Live! Cam Vista IM

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-05 19:37:50 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{890837E5-BAB7-4F3F-9801-3821E104346A}\mpengine.dll

2012-08-05 08:34:53 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-04 18:57:46 -------- d-----w- C:\$RECYCLE.BIN

2012-07-28 17:12:38 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-28 17:11:41 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-28 15:16:52 98816 ----a-w- C:\Windows\sed.exe

2012-07-28 15:16:52 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-28 15:16:52 256000 ----a-w- C:\Windows\PEV.exe

2012-07-28 15:16:52 208896 ----a-w- C:\Windows\MBR.exe

2012-07-23 18:39:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-23 16:47:03 -------- d-----w- C:\Users\Fam. Lilja\AppData\Roaming\f-secure

2012-07-23 16:46:30 -------- d-----w- C:\ProgramData\F-Secure

2012-07-13 15:56:44 -------- d-----w- C:\Users\Fam. Lilja\AppData\Local\CRE

2012-07-12 01:00:58 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 20:28:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59238CFC-B72F-41DF-A282-70C56D272B30}\gapaengine.dll

2012-07-09 20:24:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-07-09 20:24:19 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-07-09 20:23:39 345984 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-07-09 17:01:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-07-09 17:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

.

==================== Find3M ====================

.

2012-08-02 21:22:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-02 21:22:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 13:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 22:31:00,99 ===============

 

 

Datorn funkar bra tycker jag. :-)

Attach.txt

[Cecilia]

Har du avinstallerat Microsoft Security Essential?

 

Hur fungerar datorn nu?

[Smirre]

MSE finns kvar, men det kan vara så att realtidsskanningen var avstängd när jag körde DDS.

 

Jag tycker datorn fungerar bra.

[Cecilia]

Kolla att MSE är på genom att ladda ner http://eicar.org/download/eicar.com och kontrollera att MSE reagerar på filen. Det är en ofarlig fil men det finns en överenskommelse med antivirusföretagen att antivirusprogram ska reagera på den, bara för att man ska kunna se att programmen är igång, se http://eicar.org/86-0-Intended-use.html

 

Nu återstår bara en sista städomgång:

 

1. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

 

Observera att det är ett mellanrum före /

Klicka på OK.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[Smirre]

Jag testade MSE och det reagerar på eicar så det verkar i sin ordning. Och så avinstallerade jag med verktygen du länkade till och det fungerade bra.

 

Stort tack för snabb och perfekt hjälp! Det hade inte gått vägen utan dig!

[Cecilia]

Vad bra!

Bara trevligt att kunna hjälpa till.