Virus med falskt polismeddelande

4 april, 2012

Min kompis har fått in ett virus som låser hela datorn med ett meddelande om att datoranvändaren har beblandat sig med bl.a. barnporr och terrorism!

(Läs mer här:

http://www.bltsydostran.se/nyheter/ronneby/falska-polismeddelanden-kan-lasa-datorn%283203382%29.gm)

Jag har försökt att hjälpa honom genom att köra BitDefenders Rescue CD med de senaste uppdateringarna, men tyvärr utan resultat. Nu undrar jag om det finns något annat "lätt" sätt att hjälpa honom med detta, eller om jag måste gå den "långa" vägen och använda mig av OTL och ComboFix som Cecilia visat mig tidigare?

Tack på förhand

PS. Ska jag köra ovannämnda program i Felsäkert läge eller från en annan användare på datorn? Hans användare är ju låst....

4 april, 2012

Tyvärr verkar det inte finnas något lätt sätt, även om du kan pröva med tipsen på http://blog.perhellqvist.se/blog/2012/03/22/lura-polis-trojanen/ till att börja med. Observera att de endast gäller att inaktivera trojanen och inte att ta bort den.

Eftersom trojanen stjäl information bör datorn vara ansluten till internet så lite som möjligt.

OTL körs bäst i felsäkert läge från det vanliga användarkontot.

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Välj "All users".

I rutan Custom scan klistra in följande rader (kolla att du verkligen får med alla raderna):

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

Tryck på "Quick Scan"-knappen och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

5 april, 2012

Min kompis ringde sent igår eftermiddag och sa att bluffmeddelandet hade försvunnit...

Jag körde ju som sagt BitDefenders Rescue CD, men då trodde jag att resultatet skulle visa sig med en gång, inte ett dygn senare. Jag har sagt åt honom att han bör vara på sin vakt, eftersom jag vet att denna trojan mycket väl kan ligga dold och samla information, men i slutändan är det ju faktiskt upp till min kompis att be om hjälp. Tycker han att problemen är borta så kan jag ju inte göra så mycket år det...

Skulle han komma på bättre tankar så återkommer jag med Logfil o Extras från OTL :-)

5 april, 2012

Om BitDefender Rescue CD fixade något så borde det absolut märkas på en gång. Det är stor risk för att där finns något som inte märks, t ex keylogger, bot som väntar på kommando för att delta i en DDoS-attack eller skicka spam.

5 april, 2012

[log]OTL logfile created on: 2012-04-05 16:29:36 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hemma\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,75 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 84,33% Memory free

5,70 Gb Paging File | 5,46 Gb Available in Paging File | 95,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 583,17 Gb Total Space | 309,87 Gb Free Space | 53,14% Space Free | Partition Type: NTFS

Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 13,00 Gb Total Space | 2,81 Gb Free Space | 21,64% Space Free | Partition Type: NTFS

Drive L: | 7,48 Gb Total Space | 6,75 Gb Free Space | 90,24% Space Free | Partition Type: NTFS

Computer Name: HEMMA-DATOR | User Name: Hemma | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-04 15:48:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hemma\Desktop\OTL.exe

PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010-05-16 08:39:18 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll

MOD - [2005-10-07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012-03-23 22:39:04 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011-07-20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011-01-05 17:09:54 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE -- (FSMA)

SRV - [2011-01-05 17:09:32 | 000,524,968 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD)

SRV - [2011-01-05 17:09:06 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2010-11-11 18:36:22 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2010-11-11 18:36:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe -- (tgsrvc_teliada) SupportSoft Repair Service (teliada)

SRV - [2010-11-11 18:36:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe -- (sprtsvc_teliada) SupportSoft Sprocket Service (teliada)

SRV - [2010-09-01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-10-20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009-04-02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2009-02-26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2009-01-16 04:09:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008-05-29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Stopped] -- C:\Windows\System32\HidService.exe -- (GenericHidService)

SRV - [2008-02-03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008-01-21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008-01-21 04:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008-01-21 04:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007-09-11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012-03-23 22:40:50 | 000,042,672 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)

DRV - [2012-03-23 22:38:19 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2011-01-05 17:09:48 | 000,070,184 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2011-01-05 17:09:32 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)

DRV - [2011-01-05 17:09:26 | 000,037,832 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fses.sys -- (FSES)

DRV - [2011-01-05 17:09:06 | 000,041,896 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)

DRV - [2011-01-05 17:09:06 | 000,027,304 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)

DRV - [2011-01-05 17:09:06 | 000,014,504 | ---- | M] () [Kernel | System | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsvista.sys -- (fsvista)

DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009-02-24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008-09-23 01:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr)

DRV - [2008-01-31 11:30:32 | 000,599,040 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2007-12-20 00:44:00 | 007,629,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007-10-31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007-07-02 21:40:34 | 000,201,216 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TridVid.sys -- (TridVid)

DRV - [2007-04-11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2007-04-11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2007-04-11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd

IE - HKLM\..\URLSearchHook: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2644243'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2644243

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\URLSearchHook: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes,DefaultScope = {5B3965B7-E61B-484A-B0A3-207E618C9A6F}

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{5B3965B7-E61B-484A-B0A3-207E618C9A6F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_svSE336

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_svSE336&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=cbjMaU0bgI2_BCeSFhDRJN6Efn8?q={searchTerms}

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2644243

IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-29 21:05:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-18 18:07:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-07-13 22:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hemma\AppData\Roaming\mozilla\Extensions

[2011-06-01 21:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions

[2010-05-08 15:35:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-07-14 13:56:34 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2011-06-01 21:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions\nostmp

[2011-11-15 23:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions

[2012-02-29 21:05:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012-02-26 19:19:35 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-02-26 19:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012-02-26 19:19:35 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-02-26 19:19:35 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-02-26 19:19:35 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-02-26 19:19:35 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Oryte Games 1.15 Toolbar) - {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Oryte Games 1.15 Toolbar) - {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program Files\Oryte_Games_1.15\prxtbOry0.dll̀ File not found

O3 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\Toolbar\WebBrowser: (Oryte Games 1.15 Toolbar) - {D2F11D8B-3EB5-4B42-9511-370DBEC707FB} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)

O4 - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [FujiKeyboard] c:\Acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe File not found

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smpcSys] C:\Program\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)

O4 - HKLM..\Run: [Telia] C:\Program Files\Telia\Supportassistenten\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [smpcSys] C:\Program\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [spriteService] C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe ()

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [update] C:\Users\Hemma\AppData\Roaming\ch8l0.exe File not found

O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O7 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..Trusted Ranges: GD ([http] in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A0B20A-0D89-463D-8780-54D85EB6F9E8}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)

O24 - Desktop WallPaper: C:\Users\Hemma\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\Hemma\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008-05-06 14:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{4f71d5cf-6f95-11de-a464-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4f71d5cf-6f95-11de-a464-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\smartaccess\Start-cd Telia Bredband.exe"

O33 - MountPoints2\{56f02778-7370-11de-ac77-002511156e5f}\Shell - "" = AutoRun

O33 - MountPoints2\{56f02778-7370-11de-ac77-002511156e5f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()

O33 - MountPoints2\{5f238a9d-cda1-11e0-aade-002511156e5f}\Shell - "" = AutoRun

O33 - MountPoints2\{5f238a9d-cda1-11e0-aade-002511156e5f}\Shell\AutoRun\command - "" = N:\SafeStore.exe

O33 - MountPoints2\{9edbfd46-7135-11de-89fb-002511156e5f}\Shell - "" = AutoRun

O33 - MountPoints2\{9edbfd46-7135-11de-89fb-002511156e5f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012-04-05 16:27:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Hemma\Desktop\OTL.exe

[2012-04-05 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Hemma\AppData\Roaming\Malwarebytes

[2012-04-05 15:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-04-05 15:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-04-05 15:40:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012-04-05 15:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-04-05 13:51:20 | 000,000,000 | ---D | C] -- C:\Users\Hemma\AppData\Roaming\f-secure

[2012-04-03 18:57:07 | 000,000,000 | -HSD | C] -- C:\found.000

[2012-03-23 21:42:44 | 000,037,832 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys

[2012-03-23 21:42:42 | 000,073,160 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys

[2012-03-23 21:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg

[2012-03-23 21:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure

[2012-03-23 18:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telia

[2012-03-23 18:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft

[2012-03-23 18:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Telia

[2012-03-22 13:01:07 | 000,000,000 | ---D | C] -- C:\Users\Hemma\AppData\Local\SupportSoft

[2012-03-22 13:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft

[2012-03-20 12:56:13 | 000,000,000 | ---D | C] -- C:\Users\Hemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D-Link

[2012-03-20 12:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap

[2012-03-20 12:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-05 16:29:13 | 000,615,184 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2012-04-05 16:29:13 | 000,605,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-04-05 16:29:13 | 000,124,012 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2012-04-05 16:29:13 | 000,107,548 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-04-05 16:24:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-04-05 16:23:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012-04-05 16:23:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012-04-05 16:16:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2012-04-05 16:14:51 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-04-05 15:45:06 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-04-05 15:40:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-04-04 17:47:19 | 000,059,904 | ---- | M] () -- C:\Users\Hemma\Desktop\Ny(tt) Microsoft Office Publisher Document.pub

[2012-04-04 17:18:58 | 000,156,672 | ---- | M] () -- C:\Users\Hemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-04-04 15:48:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hemma\Desktop\OTL.exe

[2012-04-03 16:58:30 | 000,383,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012-03-31 19:14:46 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012-03-29 12:23:25 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012-03-28 20:23:18 | 000,000,136 | ---- | M] () -- C:\Users\Hemma\Desktop\Harpan - genväg.lnk

[2012-03-28 18:43:49 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for

[2012-03-25 20:09:06 | 000,005,196 | ---- | M] () -- C:\Users\Hemma\Documents\VCD1.nrv

[2012-03-25 12:20:10 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{F30F6609-F411-4131-82E3-688EACEA0850}

[2012-03-25 12:13:26 | 000,000,006 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{F30F6609-F411-4131-82E3-688EACEA0850}

[2012-03-23 22:40:50 | 000,042,672 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys

[2012-03-23 22:29:49 | 346,241,643 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012-03-23 18:32:01 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Supportassistenten.lnk

[2012-03-20 20:55:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

[2012-03-19 19:20:14 | 000,471,040 | ---- | M] (ScreenTime Media) -- C:\Windows\Gadget & Gadgetinis.scr

[2012-03-19 19:20:09 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-05 15:40:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-04-04 17:47:19 | 000,059,904 | ---- | C] () -- C:\Users\Hemma\Desktop\Ny(tt) Microsoft Office Publisher Document.pub

[2012-03-28 20:23:18 | 000,000,136 | ---- | C] () -- C:\Users\Hemma\Desktop\Harpan - genväg.lnk

[2012-03-25 20:09:06 | 000,005,196 | ---- | C] () -- C:\Users\Hemma\Documents\VCD1.nrv

[2012-03-23 21:43:27 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys

[2012-03-23 18:32:01 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Supportassistenten.lnk

[2012-02-27 19:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2011-12-29 13:09:04 | 000,000,168 | ---- | C] () -- C:\Windows\KA.INI

[2011-11-20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\_delis32.ini

[2011-07-04 09:47:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll

[2011-03-26 19:16:40 | 000,000,032 | ---- | C] () -- C:\Program Files\plugins-04041e-3e8.dat

[2011-03-12 16:04:19 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2011-03-05 10:27:22 | 000,000,157 | ---- | C] () -- C:\Windows\Gnottarna.ini

[2011-02-24 21:38:02 | 000,000,680 | ---- | C] () -- C:\Users\Hemma\AppData\Local\d3d9caps.dat

[2011-01-18 19:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI

[2010-05-09 11:00:29 | 000,000,314 | ---- | C] () -- C:\Windows\LBFamily.ini

[2010-05-09 10:40:10 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

========== LOP Check ==========

[2011-08-23 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ctwo

[2011-04-11 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Personal

[2009-07-15 09:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Skinux

[2009-11-14 11:07:47 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Sprite PC Agent

[2009-11-14 11:07:48 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Sprite Software

[2010-10-01 18:02:50 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\1F2DD134260E2F0DE0FDB85FCAEFDD40

[2011-08-23 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Ctwo

[2009-11-23 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\DriverCure

[2012-04-05 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\f-secure

[2010-07-28 20:50:21 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\GARMIN

[2012-01-12 21:50:25 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Image Zone Express

[2011-09-21 17:24:30 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\ImgBurn

[2010-12-28 18:35:03 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Leadertech

[2009-07-13 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Packard Bell

[2009-07-19 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\PeerNetworking

[2011-03-23 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Personal

[2009-09-08 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Printer Info Cache

[2009-07-14 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Skinux

[2009-11-11 13:25:53 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Sprite PC Agent

[2009-11-11 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Sprite Setup Wizard

[2009-11-11 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Sprite Software

[2009-08-20 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\Template

[2012-03-31 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hemma\AppData\Roaming\uTorrent

[2011-04-28 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\Hugo & Elsa\AppData\Roaming\Personal

[2009-08-16 09:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hugo & Elsa\AppData\Roaming\Skinux

[2009-11-16 16:42:26 | 000,000,000 | ---D | M] -- C:\Users\Hugo & Elsa\AppData\Roaming\Sprite PC Agent

[2009-11-16 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\Hugo & Elsa\AppData\Roaming\Sprite Software

[2012-03-20 20:55:00 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job

[2012-04-05 16:23:13 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008-01-21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[2012-01-13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >

[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >

[2012-01-13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< type c:\diskreport.txt /c >

Microsoft DiskPart version 6.0.6002

Dator: HEMMA-DATOR

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volymnr 0 D DVD-ROM 0 B Inget med

Volymnr 1 J DVD-ROM 0 B Inget med

Volymnr 2 E U3 System CDFS CD-ROM 96 M Felfri

Volymnr 3 I PQSERVICE NTFS Partition 13 G Felfri

Volymnr 4 C OS NTFS Partition 583 G Felfri System

Volymnr 5 F Flyttbar 0 B Inget med

Volymnr 6 G Flyttbar 0 B Inget med

Volymnr 7 H Flyttbar 0 B Inget med

Volymnr 8 K Flyttbar 0 B Inget med

Volymnr 9 L NTFS Flyttbar 7656 M Felfri

========== Alternate Data Streams ==========

@Alternate Data Stream - 901 bytes -> C:\Users\Hemma\Documents\E-post_ CSRförfrågan_ 20111222_xml.eml:OECustomProperty

@Alternate Data Stream - 781 bytes -> C:\Users\Hemma\Documents\E-post_ INFO_KU.eml:OECustomProperty

@Alternate Data Stream - 769 bytes -> C:\Users\Hemma\Documents\E-post_ KURED.eml:OECustomProperty

< End of report >

[/log]

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Extras.Txt

5 april, 2012

Det ser ut att finnas fler inloggningskontot än detta "Hemma". Är det så att det är bara vissa konton som har/hade problem med "polis-trojanen"?

Fungerar datorn i normalt läge? För det är bättre att skapa loggar och köra fixar i normalt läge än i felsäkert läge.

Har MBAM hittat något?

Avinstallera:

Java 6 Update 24, gammal version med många säkerhetshål

Ask Toolbar, olämplig

Oryte Games 1.15 Toolbar http://www.systemlookup.com/CLSID/72983-tbOryt_dll_tbOry0_dll_tbOry1_dll_tbOry2_dll_prxtbOryt_dll_prxtbOry0_dll_prxtbOry1_dll_prxtbOry2_dll.html

Starta om.

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
IE - HKLM\..\URLSearchHook: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2644243
IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\URLSearchHook: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2644243
[2009-07-14 13:56:34 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.15 Toolbar) - {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Oryte Games 1.15 Toolbar) - {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - C:\Program Files\Oryte_Games_1.15\prxtbOry0.dll̀ File not found
O3 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000\..\Toolbar\WebBrowser: (Oryte Games 1.15 Toolbar) - {D2F11D8B-3EB5-4B42-9511-370DBEC707FB} - C:\Program\Oryte_Games_1.15\prxtbOry0.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3170945090-252909393-2143582771-1000..\Run: [update] C:\Users\Hemma\AppData\Roaming\ch8l0.exe File not found
O32 - AutoRun File - [2008-05-06 14:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

5 april, 2012

Jag får kolla allt detta imorgon, eftersom jag inte är vid den datorn mer idag.

Jag vet dock att där är tre inloggningskonton, men att det bara är "Hemma" som har drabbats.

MBAM hittade inget, och datorn ser "normal" ut för tillfället, men det kan ju vara lurigt. Dessutom sa hans antivirusprogram (Telia - Säker Surf, tror jag) ifrån att den hade hittat tre infekterade filer och att de var borttagna nu. Det kan ju faktiskt hända att allt är ok, men jag ska ändå fullfölja dina rekommendationer i morgon. Är du verksam då, eller tar du påskledigt?

Tack så länge

5 april, 2012

Mitt på dagen i morgon åker jag iväg och kommer tillbaks söndag eller måndag.

Det mesta av det jag skrev om har inte med polis-trojanen att göra utan gäller andra olämpliga program. Om du kan få fram någon logg eller något annat som visar vad F-secure hittade så vore det bra.

5 april, 2012

Jag hittade en sida där det stod att den är förknippad stöld av lösenord och annan personlig information. Det är därför viktigt att byta alla lösenord som man använder.

6 april, 2012

Jag råkade ut för "polistrojanen" för några dagar sedan och kopplade genast bort mig från nätet.

Med tanke på att uppstartsprocessen påverkades utgick jag från att eländet hade nästlat sig in i OS.

Så jag körde datorn i felsäkert läge stand alone och körde verktyget systemåterställning.

Valde att ställa om systemet som det var den 14 mars, vilket ska innebära att alla filer som inte

fanns i OS då, tas bort. Efter denna åtgärd lyckades jag inte genast, men lite senare, få igång

datorn i normal drift och på nätet igen. Jag har plockat bort känslig information och observerar

noga om det uppstår konstigheter. och tar bort nätverkskabeln när jag inte behöver nätet.

Jag har en Dell Inspiron med Win 7 Professional och MacAffee. Jag körde en fullständig genomsökning

och fick en fångst i karantänen! Den heter JS/Exploit-Blacole.q!htm enligt MacAffee,

Ingen aning om den har med trojanen att göra.

hälsar

Lars W

8 april, 2012

[log]========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d2f11d8b-3eb5-4b42-9511-370dbec707fb} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}\ not found.

File C:\Program\Oryte_Games_1.15\prxtbOry0.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry value HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d2f11d8b-3eb5-4b42-9511-370dbec707fb} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}\ not found.

File C:\Program\Oryte_Games_1.15\prxtbOry0.dll not found.

Registry key HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.

Registry key HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Folder C:\Users\Hemma\AppData\Roaming\mozilla\Firefox\Profiles\7wsjogsq.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

File C:\Program\AskBarDis\bar\bin\askBar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program\ConduitEngine\prxConduitEngine.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}\ not found.

File C:\Program\Oryte_Games_1.15\prxtbOry0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.

File C:\Program\AskBarDis\bar\bin\askBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d2f11d8b-3eb5-4b42-9511-370dbec707fb} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}\ not found.

Registry value HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.

File C:\Program\AskBarDis\bar\bin\askBar.dll not found.

Registry value HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D2F11D8B-3EB5-4B42-9511-370DBEC707FB} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2F11D8B-3EB5-4B42-9511-370DBEC707FB}\ not found.

File C:\Program\Oryte_Games_1.15\prxtbOry0.dll not found.

Registry value HKEY_USERS\S-1-5-21-3170945090-252909393-2143582771-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04082012_180350

Files\Folders moved on Reboot...

File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[/log]

Varsågod Cecilia, här är loggfilen från OTL.

Jag kanske strulade till det med att koppla ifrån antivirusprogram, men internet var i alla fall frånkopplat.

Jag hoppas att påskhelgen har varit trevlig

8 april, 2012

Lars W:

Om du vill ha någon hjälp med din dator så var vänlig starta en ny tråd och följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

8 april, 2012

Tack detsamma, Pelleman!

Spara RougueKiller på Skrivbordet.

http://www.sur-la-toile.com/RogueKiller/

Stäng av alla program.

Kör RogueKiller. Om det inte går att köra så pröva med att döpa om programmet till winlogon.

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport ska då ha skapats på Skrivbordet.

Om något har hittats så klicka på "Delete"-knappen.

En till rapport ska då ha skapats på Skrivbordet.

Klicka på "ShortcutsFix"-knappen.

En till rapport ska då ha skapats på Skrivbordet.

Klistra in innehållet i alla "RKreport.txt", som finns på Skrivbordet, i ditt svar.

9 april, 2012

Hej igen,

Jag hoppas att det var så här du menade att jag skulle svara?

RKreport 1:

[log]RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/'>http://www.geekstogo.com/forum/files/file/413-roguekiller/'>http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com'>http://tigzyrk.blogspot.com'>http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Hemma [Admin rights]

Mode: Scan -- Date: 04/09/2012 16:36:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\GADGET~1.SCR) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++

--- User ---

[MBR] 4bef2123998ff0d6b82e9ae82c5ecf45

[bSP] e697f6ad8864116add2a78a101e037cb : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[/log]

RKreport 2:

[log]RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Hemma [Admin rights]

Mode: Remove -- Date: 04/09/2012 16:38:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\GADGET~1.SCR) -> REPLACED (c:\windows\system32\logon.scr)

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++

--- User ---

[MBR] 4bef2123998ff0d6b82e9ae82c5ecf45

[bSP] e697f6ad8864116add2a78a101e037cb : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[/log]

RKreport 3:

[log]RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Hemma [Admin rights]

Mode: Shortcuts HJfix -- Date: 04/09/2012 16:40:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 0 / Fail 0

Programs: Success 6 / Fail 0

Start menu: Success 0 / Fail 0

User folder: Success 144 / Fail 0

My documents: Success 3 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 0 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 241 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[D:] \Device\CdRom0 -- 0x5 --> Skipped

[E:] \Device\CdRom2 -- 0x5 --> Skipped

[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored

[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored

[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored

[i:] \Device\HarddiskVolume1 -- 0x3 --> Restored

[J:] \Device\CdRom1 -- 0x5 --> Skipped

[K:] \Device\HarddiskVolume6 -- 0x2 --> Restored

[L:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[/log]

9 april, 2012

Utmärkt! :thumbsup:

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

Klicka på Start Scan.

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

11 april, 2012

Hej igen,

Inga hot dök upp, men här är loggen.

Jag har för mig att det är lite omständligt att avinstallera OTL (och kanske även de andra programmen, RougeKiller och TDSS), har jag rätt? I så fall behöver jag klart en liten sista vägledning från dig

[log]13:35:26.0639 4080 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

13:35:27.0004 4080 ============================================================

13:35:27.0004 4080 Current date / time: 2012/04/11 13:35:27.0004

13:35:27.0004 4080 SystemInfo:

13:35:27.0004 4080

13:35:27.0005 4080 OS Version: 6.0.6002 ServicePack: 2.0

13:35:27.0005 4080 Product type: Workstation

13:35:27.0005 4080 ComputerName: HEMMA-DATOR

13:35:27.0005 4080 UserName: Hemma

13:35:27.0005 4080 Windows directory: C:\Windows

13:35:27.0005 4080 System windows directory: C:\Windows

13:35:27.0005 4080 Processor architecture: Intel x86

13:35:27.0005 4080 Number of processors: 2

13:35:27.0005 4080 Page size: 0x1000

13:35:27.0005 4080 Boot type: Normal boot

13:35:27.0005 4080 ============================================================

13:35:27.0772 4080 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:35:27.0835 4080 Drive \Device\Harddisk5\DR100 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:35:27.0839 4080 \Device\Harddisk0\DR0:

13:35:27.0840 4080 MBR used

13:35:27.0840 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1A00000

13:35:27.0840 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000

13:35:27.0840 4080 \Device\Harddisk5\DR100:

13:35:27.0840 4080 MBR used

13:35:27.0840 4080 \Device\Harddisk5\DR100\Partition0: MBR, Type 0x7, StartLBA 0x2C, BlocksNum 0xEF3FA4

13:35:28.0039 4080 Initialize success

13:35:28.0039 4080 ============================================================

13:35:34.0463 6980 ============================================================

13:35:34.0463 6980 Scan started

13:35:34.0463 6980 Mode: Manual;

13:35:34.0463 6980 ============================================================

13:35:35.0381 6980 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

13:35:35.0383 6980 ACDaemon - ok

13:35:35.0469 6980 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:35:35.0475 6980 ACPI - ok

13:35:35.0511 6980 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

13:35:35.0514 6980 AdobeActiveFileMonitor6.0 - ok

13:35:35.0548 6980 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:35:35.0549 6980 AdobeARMservice - ok

13:35:35.0717 6980 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

13:35:35.0728 6980 adp94xx - ok

13:35:35.0770 6980 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

13:35:35.0777 6980 adpahci - ok

13:35:35.0819 6980 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

13:35:35.0823 6980 adpu160m - ok

13:35:35.0855 6980 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

13:35:35.0859 6980 adpu320 - ok

13:35:35.0897 6980 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:35:35.0899 6980 AeLookupSvc - ok

13:35:35.0963 6980 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:35:35.0978 6980 AFD - ok

13:35:36.0026 6980 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

13:35:36.0028 6980 agp440 - ok

13:35:36.0052 6980 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:35:36.0056 6980 aic78xx - ok

13:35:36.0070 6980 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:35:36.0119 6980 ALG - ok

13:35:36.0205 6980 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

13:35:36.0207 6980 aliide - ok

13:35:36.0250 6980 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

13:35:36.0253 6980 amdagp - ok

13:35:36.0275 6980 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

13:35:36.0279 6980 amdide - ok

13:35:36.0323 6980 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

13:35:36.0327 6980 AmdK7 - ok

13:35:36.0393 6980 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

13:35:36.0397 6980 AmdK8 - ok

13:35:36.0437 6980 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:35:36.0438 6980 Appinfo - ok

13:35:36.0478 6980 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

13:35:36.0484 6980 arc - ok

13:35:36.0528 6980 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

13:35:36.0532 6980 arcsas - ok

13:35:36.0570 6980 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:35:36.0573 6980 AsyncMac - ok

13:35:36.0598 6980 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:35:36.0600 6980 atapi - ok

13:35:36.0636 6980 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:35:36.0640 6980 AudioEndpointBuilder - ok

13:35:36.0677 6980 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:35:36.0681 6980 Audiosrv - ok

13:35:36.0708 6980 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:35:36.0710 6980 Beep - ok

13:35:36.0867 6980 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

13:35:36.0873 6980 BFE - ok

13:35:36.0950 6980 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:35:36.0966 6980 BITS - ok

13:35:37.0002 6980 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

13:35:37.0005 6980 blbdrive - ok

13:35:37.0035 6980 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:35:37.0038 6980 bowser - ok

13:35:37.0066 6980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:35:37.0068 6980 BrFiltLo - ok

13:35:37.0093 6980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:35:37.0095 6980 BrFiltUp - ok

13:35:37.0127 6980 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:35:37.0129 6980 Browser - ok

13:35:37.0160 6980 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:35:37.0162 6980 Brserid - ok

13:35:37.0182 6980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:35:37.0186 6980 BrSerWdm - ok

13:35:37.0217 6980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:35:37.0221 6980 BrUsbMdm - ok

13:35:37.0249 6980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:35:37.0251 6980 BrUsbSer - ok

13:35:37.0293 6980 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:35:37.0296 6980 BTHMODEM - ok

13:35:37.0342 6980 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:35:37.0345 6980 cdfs - ok

13:35:37.0397 6980 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:35:37.0400 6980 cdrom - ok

13:35:37.0472 6980 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:35:37.0474 6980 CertPropSvc - ok

13:35:37.0495 6980 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

13:35:37.0499 6980 circlass - ok

13:35:37.0546 6980 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:35:37.0551 6980 CLFS - ok

13:35:37.0718 6980 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:35:37.0721 6980 clr_optimization_v2.0.50727_32 - ok

13:35:37.0777 6980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:35:37.0852 6980 clr_optimization_v4.0.30319_32 - ok

13:35:37.0896 6980 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

13:35:37.0899 6980 cmdide - ok

13:35:37.0936 6980 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

13:35:37.0938 6980 Compbatt - ok

13:35:37.0947 6980 COMSysApp - ok

13:35:37.0980 6980 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

13:35:37.0984 6980 crcdisk - ok

13:35:38.0011 6980 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

13:35:38.0014 6980 Crusoe - ok

13:35:38.0069 6980 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

13:35:38.0072 6980 CryptSvc - ok

13:35:38.0126 6980 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:35:38.0142 6980 DcomLaunch - ok

13:35:38.0169 6980 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:35:38.0173 6980 DfsC - ok

13:35:38.0239 6980 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

13:35:38.0337 6980 DFSR - ok

13:35:38.0385 6980 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:35:38.0389 6980 Dhcp - ok

13:35:38.0419 6980 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:35:38.0422 6980 disk - ok

13:35:38.0454 6980 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:35:38.0457 6980 Dnscache - ok

13:35:38.0487 6980 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:35:38.0492 6980 dot3svc - ok

13:35:38.0530 6980 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:35:38.0535 6980 Dot4 - ok

13:35:38.0555 6980 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:35:38.0557 6980 Dot4Print - ok

13:35:38.0582 6980 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:35:38.0585 6980 dot4usb - ok

13:35:38.0627 6980 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:35:38.0629 6980 DPS - ok

13:35:38.0669 6980 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:35:38.0673 6980 drmkaud - ok

13:35:38.0733 6980 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:35:38.0750 6980 DXGKrnl - ok

13:35:38.0786 6980 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:35:38.0791 6980 E1G60 - ok

13:35:38.0829 6980 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:35:38.0831 6980 EapHost - ok

13:35:38.0869 6980 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:35:38.0874 6980 Ecache - ok

13:35:38.0907 6980 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

13:35:38.0915 6980 elxstor - ok

13:35:38.0962 6980 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:35:38.0979 6980 EMDMgmt - ok

13:35:39.0011 6980 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

13:35:39.0013 6980 ErrDev - ok

13:35:39.0066 6980 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:35:39.0070 6980 EventSystem - ok

13:35:39.0120 6980 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:35:39.0123 6980 exfat - ok

13:35:39.0180 6980 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll

13:35:39.0182 6980 ezSharedSvc - ok

13:35:39.0271 6980 F-Secure Filter (a50f0292af440777b0b6ec78e6a1542d) C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys

13:35:39.0273 6980 F-Secure Filter - ok

13:35:39.0298 6980 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys

13:35:39.0301 6980 F-Secure Gatekeeper - ok

13:35:39.0329 6980 F-Secure Gatekeeper Handler Starter (b2583531c7d98cfbf0bbda4cbaf32af8) C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

13:35:39.0331 6980 F-Secure Gatekeeper Handler Starter - ok

13:35:39.0391 6980 F-Secure HIPS (fbd9ac64a4f31f40cf51afc86c3b1f31) C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys

13:35:39.0395 6980 F-Secure HIPS - ok

13:35:39.0423 6980 F-Secure Recognizer (2bb88e5ee3e0a54f4d61be0804806319) C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys

13:35:39.0425 6980 F-Secure Recognizer - ok

13:35:39.0489 6980 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:35:39.0493 6980 fastfat - ok

13:35:39.0547 6980 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

13:35:39.0550 6980 fdc - ok

13:35:39.0588 6980 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:35:39.0589 6980 fdPHost - ok

13:35:39.0618 6980 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:35:39.0620 6980 FDResPub - ok

13:35:39.0648 6980 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:35:39.0651 6980 FileInfo - ok

13:35:39.0674 6980 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:35:39.0677 6980 Filetrace - ok

13:35:39.0736 6980 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:35:39.0775 6980 FLEXnet Licensing Service - ok

13:35:39.0824 6980 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

13:35:39.0826 6980 flpydisk - ok

13:35:39.0871 6980 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:35:39.0875 6980 FltMgr - ok

13:35:39.0956 6980 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

13:35:39.0988 6980 FontCache - ok

13:35:40.0067 6980 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:35:40.0069 6980 FontCache3.0.0.0 - ok

13:35:40.0110 6980 fsbts (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys

13:35:40.0113 6980 fsbts - ok

13:35:40.0238 6980 FSDFWD (a96b8f72efda58432704df3102b987a5) C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

13:35:40.0242 6980 FSDFWD - ok

13:35:40.0286 6980 FSES (9f9021d5cff0b57e3f8028da2469dabf) C:\Windows\system32\drivers\fses.sys

13:35:40.0290 6980 FSES - ok

13:35:40.0336 6980 FSFW (8b2b18409244f4c9bfd075ddcca21ff3) C:\Windows\system32\drivers\fsdfw.sys

13:35:40.0341 6980 FSFW - ok

13:35:40.0376 6980 FSMA (bf389daead4c5d77059f942b9f659a0b) C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

13:35:40.0378 6980 FSMA - ok

13:35:40.0415 6980 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe

13:35:40.0416 6980 FSORSPClient - ok

13:35:40.0437 6980 fsvista (bb4336f856798bc42b26111e00fb7ad9) C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsvista.sys

13:35:40.0439 6980 fsvista - ok

13:35:40.0465 6980 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

13:35:40.0467 6980 Fs_Rec - ok

13:35:40.0499 6980 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

13:35:40.0506 6980 gagp30kx - ok

13:35:40.0538 6980 GenericHidService - ok

13:35:40.0593 6980 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

13:35:40.0596 6980 GoogleDesktopManager-051210-111108 - ok

13:35:40.0645 6980 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:35:40.0661 6980 gpsvc - ok

13:35:40.0692 6980 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:35:40.0695 6980 gupdate - ok

13:35:40.0714 6980 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:35:40.0716 6980 gupdatem - ok

13:35:40.0761 6980 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:35:40.0765 6980 gusvc - ok

13:35:40.0815 6980 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

13:35:40.0821 6980 HdAudAddService - ok

13:35:40.0866 6980 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:35:40.0883 6980 HDAudBus - ok

13:35:40.0904 6980 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:35:40.0906 6980 HidBth - ok

13:35:40.0932 6980 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:35:40.0934 6980 HidIr - ok

13:35:40.0970 6980 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

13:35:40.0973 6980 hidserv - ok

13:35:40.0997 6980 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

13:35:40.0999 6980 HidUsb - ok

13:35:41.0025 6980 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:35:41.0031 6980 hkmsvc - ok

13:35:41.0070 6980 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

13:35:41.0073 6980 HpCISSs - ok

13:35:41.0114 6980 hpqcxs08 (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

13:35:41.0116 6980 hpqcxs08 - ok

13:35:41.0178 6980 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

13:35:41.0181 6980 hpqddsvc - ok

13:35:41.0259 6980 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

13:35:41.0270 6980 HTTP - ok

13:35:41.0303 6980 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

13:35:41.0306 6980 i2omp - ok

13:35:41.0349 6980 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:35:41.0353 6980 i8042prt - ok

13:35:41.0382 6980 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

13:35:41.0387 6980 iaStorV - ok

13:35:41.0509 6980 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:35:41.0530 6980 idsvc - ok

13:35:41.0564 6980 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:35:41.0568 6980 iirsp - ok

13:35:41.0617 6980 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:35:41.0632 6980 IKEEXT - ok

13:35:41.0741 6980 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys

13:35:41.0780 6980 IntcAzAudAddService - ok

13:35:41.0808 6980 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

13:35:41.0810 6980 intelide - ok

13:35:41.0836 6980 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:35:41.0837 6980 intelppm - ok

13:35:41.0867 6980 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:35:41.0871 6980 IPBusEnum - ok

13:35:41.0906 6980 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:35:41.0910 6980 IpFilterDriver - ok

13:35:41.0954 6980 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

13:35:41.0957 6980 iphlpsvc - ok

13:35:41.0971 6980 IpInIp - ok

13:35:42.0013 6980 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

13:35:42.0017 6980 IPMIDRV - ok

13:35:42.0041 6980 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:35:42.0044 6980 IPNAT - ok

13:35:42.0084 6980 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:35:42.0086 6980 IRENUM - ok

13:35:42.0118 6980 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

13:35:42.0120 6980 isapnp - ok

13:35:42.0160 6980 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:35:42.0166 6980 iScsiPrt - ok

13:35:42.0201 6980 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:35:42.0203 6980 iteatapi - ok

13:35:42.0249 6980 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:35:42.0252 6980 iteraid - ok

13:35:42.0293 6980 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:35:42.0297 6980 kbdclass - ok

13:35:42.0333 6980 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

13:35:42.0337 6980 kbdhid - ok

13:35:42.0391 6980 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:35:42.0394 6980 KeyIso - ok

13:35:42.0453 6980 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:35:42.0471 6980 KSecDD - ok

13:35:42.0525 6980 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:35:42.0542 6980 KtmRm - ok

13:35:42.0568 6980 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys

13:35:42.0570 6980 L8042Kbd - ok

13:35:42.0610 6980 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\Windows\system32\DRIVERS\L8042mou.Sys

13:35:42.0613 6980 L8042mou - ok

13:35:42.0668 6980 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

13:35:42.0673 6980 LanmanServer - ok

13:35:42.0748 6980 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:35:42.0754 6980 LanmanWorkstation - ok

13:35:42.0831 6980 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:35:42.0835 6980 lltdio - ok

13:35:42.0870 6980 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:35:42.0877 6980 lltdsvc - ok

13:35:42.0893 6980 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:35:42.0895 6980 lmhosts - ok

13:35:42.0933 6980 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\Windows\system32\DRIVERS\LMouKE.Sys

13:35:42.0937 6980 LMouKE - ok

13:35:42.0973 6980 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

13:35:42.0976 6980 LSI_FC - ok

13:35:43.0001 6980 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

13:35:43.0006 6980 LSI_SAS - ok

13:35:43.0045 6980 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

13:35:43.0048 6980 LSI_SCSI - ok

13:35:43.0089 6980 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:35:43.0093 6980 luafv - ok

13:35:43.0121 6980 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

13:35:43.0128 6980 mcdbus - ok

13:35:43.0156 6980 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

13:35:43.0159 6980 megasas - ok

13:35:43.0237 6980 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

13:35:43.0245 6980 MegaSR - ok

13:35:43.0335 6980 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

13:35:43.0338 6980 Microsoft Office Groove Audit Service - ok

13:35:43.0382 6980 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:35:43.0386 6980 MMCSS - ok

13:35:43.0428 6980 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:35:43.0431 6980 Modem - ok

13:35:43.0467 6980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:35:43.0469 6980 monitor - ok

13:35:43.0486 6980 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:35:43.0493 6980 mouclass - ok

13:35:43.0520 6980 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:35:43.0524 6980 mouhid - ok

13:35:43.0546 6980 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:35:43.0549 6980 MountMgr - ok

13:35:43.0583 6980 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

13:35:43.0588 6980 mpio - ok

13:35:43.0614 6980 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:35:43.0616 6980 mpsdrv - ok

13:35:43.0653 6980 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

13:35:43.0672 6980 MpsSvc - ok

13:35:43.0705 6980 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:35:43.0708 6980 Mraid35x - ok

13:35:43.0755 6980 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:35:43.0758 6980 MRxDAV - ok

13:35:43.0791 6980 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:35:43.0796 6980 mrxsmb - ok

13:35:43.0827 6980 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:35:43.0834 6980 mrxsmb10 - ok

13:35:43.0852 6980 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:35:43.0855 6980 mrxsmb20 - ok

13:35:43.0881 6980 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

13:35:43.0884 6980 msahci - ok

13:35:43.0907 6980 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

13:35:43.0912 6980 msdsm - ok

13:35:43.0950 6980 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:35:43.0956 6980 MSDTC - ok

13:35:44.0023 6980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:35:44.0025 6980 Msfs - ok

13:35:44.0052 6980 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:35:44.0054 6980 msisadrv - ok

13:35:44.0088 6980 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:35:44.0092 6980 MSiSCSI - ok

13:35:44.0112 6980 msiserver - ok

13:35:44.0148 6980 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:35:44.0153 6980 MSKSSRV - ok

13:35:44.0178 6980 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:35:44.0181 6980 MSPCLOCK - ok

13:35:44.0219 6980 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:35:44.0221 6980 MSPQM - ok

13:35:44.0251 6980 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:35:44.0257 6980 MsRPC - ok

13:35:44.0276 6980 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:35:44.0278 6980 mssmbios - ok

13:35:44.0316 6980 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:35:44.0318 6980 MSTEE - ok

13:35:44.0332 6980 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:35:44.0336 6980 Mup - ok

13:35:44.0364 6980 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:35:44.0381 6980 napagent - ok

13:35:44.0411 6980 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:35:44.0415 6980 NativeWifiP - ok

13:35:44.0450 6980 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:35:44.0476 6980 NDIS - ok

13:35:44.0494 6980 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:35:44.0497 6980 NdisTapi - ok

13:35:44.0547 6980 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:35:44.0549 6980 Ndisuio - ok

13:35:44.0573 6980 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:35:44.0577 6980 NdisWan - ok

13:35:44.0594 6980 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:35:44.0598 6980 NDProxy - ok

13:35:44.0769 6980 Nero BackItUp Scheduler 3 (78073f606ae3b24f6c1f555759aa8511) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

13:35:44.0802 6980 Nero BackItUp Scheduler 3 - ok

13:35:44.0844 6980 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll

13:35:44.0848 6980 Net Driver HPZ12 - ok

13:35:44.0882 6980 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:35:44.0886 6980 NetBIOS - ok

13:35:44.0922 6980 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:35:44.0927 6980 netbt - ok

13:35:44.0961 6980 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:35:44.0963 6980 Netlogon - ok

13:35:45.0014 6980 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:35:45.0031 6980 Netman - ok

13:35:45.0103 6980 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:35:45.0119 6980 netprofm - ok

13:35:45.0208 6980 netr28u (4c65025b10a2052a516a0d7949292aac) C:\Windows\system32\DRIVERS\netr28u.sys

13:35:45.0225 6980 netr28u - ok

13:35:45.0344 6980 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:35:45.0349 6980 NetTcpPortSharing - ok

13:35:45.0400 6980 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:35:45.0404 6980 nfrd960 - ok

13:35:45.0437 6980 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:35:45.0443 6980 NlaSvc - ok

13:35:45.0540 6980 NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

13:35:45.0553 6980 NMIndexingService - ok

13:35:45.0589 6980 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

13:35:45.0592 6980 nosGetPlusHelper - ok

13:35:45.0641 6980 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys

13:35:45.0645 6980 NPF - ok

13:35:45.0684 6980 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:35:45.0686 6980 Npfs - ok

13:35:45.0702 6980 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:35:45.0706 6980 nsi - ok

13:35:45.0741 6980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:35:45.0744 6980 nsiproxy - ok

13:35:45.0827 6980 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:35:45.0857 6980 Ntfs - ok

13:35:45.0887 6980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:35:45.0890 6980 ntrigdigi - ok

13:35:45.0916 6980 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:35:45.0918 6980 Null - ok

13:35:46.0165 6980 nvlddmkm (1d35fbcb03d4b1e702674c1d9e37ca0e) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:35:46.0314 6980 nvlddmkm - ok

13:35:46.0381 6980 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

13:35:46.0385 6980 nvraid - ok

13:35:46.0439 6980 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

13:35:46.0442 6980 nvstor - ok

13:35:46.0484 6980 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys

13:35:46.0486 6980 nvstor32 - ok

13:35:46.0523 6980 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

13:35:46.0527 6980 nv_agp - ok

13:35:46.0539 6980 NwlnkFlt - ok

13:35:46.0555 6980 NwlnkFwd - ok

13:35:46.0622 6980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:35:46.0647 6980 odserv - ok

13:35:46.0678 6980 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

13:35:46.0681 6980 ohci1394 - ok

13:35:46.0742 6980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:35:46.0746 6980 ose - ok

13:35:46.0792 6980 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:35:46.0806 6980 p2pimsvc - ok

13:35:46.0821 6980 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:35:46.0829 6980 p2psvc - ok

13:35:46.0858 6980 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:35:46.0861 6980 Parport - ok

13:35:46.0895 6980 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:35:46.0898 6980 partmgr - ok

13:35:46.0920 6980 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:35:46.0924 6980 Parvdm - ok

13:35:46.0948 6980 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:35:46.0954 6980 PcaSvc - ok

13:35:47.0044 6980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:35:47.0049 6980 pci - ok

13:35:47.0128 6980 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:35:47.0130 6980 pciide - ok

13:35:47.0167 6980 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:35:47.0171 6980 pcmcia - ok

13:35:47.0214 6980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:35:47.0231 6980 PEAUTH - ok

13:35:47.0311 6980 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:35:47.0353 6980 pla - ok

13:35:47.0393 6980 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe

13:35:47.0394 6980 PLFlash DeviceIoControl Service - ok

13:35:47.0463 6980 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:35:47.0469 6980 PlugPlay - ok

13:35:47.0492 6980 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll

13:35:47.0493 6980 Pml Driver HPZ12 - ok

13:35:47.0533 6980 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:35:47.0539 6980 PNRPAutoReg - ok

13:35:47.0562 6980 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:35:47.0571 6980 PNRPsvc - ok

13:35:47.0626 6980 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:35:47.0639 6980 PolicyAgent - ok

13:35:47.0677 6980 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:35:47.0681 6980 PptpMiniport - ok

13:35:47.0723 6980 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

13:35:47.0727 6980 Processor - ok

13:35:47.0768 6980 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:35:47.0773 6980 ProfSvc - ok

13:35:47.0799 6980 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:35:47.0803 6980 ProtectedStorage - ok

13:35:47.0836 6980 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:35:47.0839 6980 PSched - ok

13:35:47.0873 6980 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

13:35:47.0876 6980 PxHelp20 - ok

13:35:48.0139 6980 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

13:35:48.0162 6980 ql2300 - ok

13:35:48.0192 6980 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:35:48.0196 6980 ql40xx - ok

13:35:48.0255 6980 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:35:48.0262 6980 QWAVE - ok

13:35:48.0282 6980 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:35:48.0284 6980 QWAVEdrv - ok

13:35:48.0334 6980 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll

13:35:48.0338 6980 RapiMgr - ok

13:35:48.0364 6980 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:35:48.0366 6980 RasAcd - ok

13:35:48.0403 6980 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:35:48.0408 6980 RasAuto - ok

13:35:48.0442 6980 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:35:48.0446 6980 Rasl2tp - ok

13:35:48.0481 6980 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:35:48.0495 6980 RasMan - ok

13:35:48.0524 6980 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:35:48.0526 6980 RasPppoe - ok

13:35:48.0544 6980 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:35:48.0547 6980 RasSstp - ok

13:35:48.0572 6980 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:35:48.0578 6980 rdbss - ok

13:35:48.0600 6980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:35:48.0602 6980 RDPCDD - ok

13:35:48.0645 6980 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

13:35:48.0650 6980 rdpdr - ok

13:35:48.0662 6980 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:35:48.0665 6980 RDPENCDD - ok

13:35:48.0714 6980 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

13:35:48.0718 6980 RDPWD - ok

13:35:48.0751 6980 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:35:48.0755 6980 RemoteAccess - ok

13:35:48.0785 6980 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:35:48.0790 6980 RemoteRegistry - ok

13:35:48.0842 6980 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe

13:35:48.0845 6980 rpcapd - ok

13:35:48.0898 6980 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:35:48.0903 6980 RpcLocator - ok

13:35:48.0951 6980 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:35:48.0957 6980 RpcSs - ok

13:35:48.0980 6980 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:35:48.0983 6980 rspndr - ok

13:35:49.0011 6980 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

13:35:49.0015 6980 RTL8169 - ok

13:35:49.0031 6980 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:35:49.0035 6980 SamSs - ok

13:35:49.0082 6980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:35:49.0085 6980 sbp2port - ok

13:35:49.0147 6980 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:35:49.0153 6980 SCardSvr - ok

13:35:49.0201 6980 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:35:49.0217 6980 Schedule - ok

13:35:49.0264 6980 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:35:49.0266 6980 SCPolicySvc - ok

13:35:49.0296 6980 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:35:49.0302 6980 SDRSVC - ok

13:35:49.0320 6980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:35:49.0322 6980 secdrv - ok

13:35:49.0337 6980 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:35:49.0340 6980 seclogon - ok

13:35:49.0363 6980 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:35:49.0367 6980 SENS - ok

13:35:49.0397 6980 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:35:49.0401 6980 Serenum - ok

13:35:49.0431 6980 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:35:49.0437 6980 Serial - ok

13:35:49.0481 6980 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:35:49.0485 6980 sermouse - ok

13:35:49.0532 6980 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:35:49.0538 6980 SessionEnv - ok

13:35:49.0562 6980 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

13:35:49.0565 6980 sffdisk - ok

13:35:49.0587 6980 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

13:35:49.0589 6980 sffp_mmc - ok

13:35:49.0610 6980 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

13:35:49.0613 6980 sffp_sd - ok

13:35:49.0631 6980 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:35:49.0633 6980 sfloppy - ok

13:35:49.0669 6980 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

13:35:49.0675 6980 SharedAccess - ok

13:35:49.0700 6980 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:35:49.0706 6980 ShellHWDetection - ok

13:35:49.0739 6980 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

13:35:49.0742 6980 sisagp - ok

13:35:49.0767 6980 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

13:35:49.0769 6980 SiSRaid2 - ok

13:35:49.0798 6980 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

13:35:49.0803 6980 SiSRaid4 - ok

13:35:50.0121 6980 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:35:50.0210 6980 slsvc - ok

13:35:50.0241 6980 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:35:50.0251 6980 SLUINotify - ok

13:35:50.0282 6980 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:35:50.0285 6980 Smb - ok

13:35:50.0322 6980 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:35:50.0325 6980 SNMPTRAP - ok

13:35:50.0384 6980 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:35:50.0387 6980 spldr - ok

13:35:50.0423 6980 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:35:50.0427 6980 Spooler - ok

13:35:50.0460 6980 sprtsvc_teliada - ok

13:35:50.0505 6980 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:35:50.0512 6980 srv - ok

13:35:50.0546 6980 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:35:50.0554 6980 srv2 - ok

13:35:50.0592 6980 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:35:50.0596 6980 srvnet - ok

13:35:50.0616 6980 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:35:50.0622 6980 SSDPSRV - ok

13:35:50.0641 6980 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:35:50.0645 6980 SstpSvc - ok

13:35:50.0678 6980 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:35:50.0695 6980 stisvc - ok

13:35:50.0791 6980 SupportSoft RemoteAssist (9a97b7024e2ca4d42046bf272997e14c) C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

13:35:50.0808 6980 SupportSoft RemoteAssist - ok

13:35:50.0847 6980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:35:50.0850 6980 swenum - ok

13:35:50.0880 6980 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:35:50.0897 6980 swprv - ok

13:35:50.0924 6980 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:35:50.0927 6980 Symc8xx - ok

13:35:50.0962 6980 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:35:50.0964 6980 Sym_hi - ok

13:35:50.0990 6980 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:35:50.0993 6980 Sym_u3 - ok

13:35:51.0046 6980 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:35:51.0062 6980 SysMain - ok

13:35:51.0135 6980 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:35:51.0141 6980 TabletInputService - ok

13:35:51.0211 6980 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:35:51.0228 6980 TapiSrv - ok

13:35:51.0252 6980 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:35:51.0258 6980 TBS - ok

13:35:51.0317 6980 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

13:35:51.0341 6980 Tcpip - ok

13:35:51.0373 6980 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

13:35:51.0384 6980 Tcpip6 - ok

13:35:51.0439 6980 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

13:35:51.0442 6980 tcpipreg - ok

13:35:51.0505 6980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:35:51.0511 6980 TDPIPE - ok

13:35:51.0571 6980 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\Windows\system32\DRIVERS\shbecr.sys

13:35:51.0573 6980 Tdsshbecr - ok

13:35:51.0601 6980 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:35:51.0603 6980 TDTCP - ok

13:35:51.0651 6980 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:35:51.0654 6980 tdx - ok

13:35:51.0692 6980 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:35:51.0695 6980 TermDD - ok

13:35:51.0738 6980 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:35:51.0754 6980 TermService - ok

13:35:51.0818 6980 tgsrvc_teliada - ok

13:35:51.0894 6980 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:35:51.0900 6980 Themes - ok

13:35:51.0962 6980 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:35:51.0965 6980 THREADORDER - ok

13:35:52.0029 6980 TridVid (edb4065c757df24db891e3d0b66c2b72) C:\Windows\system32\DRIVERS\TridVid.sys

13:35:52.0034 6980 TridVid - ok

13:35:52.0066 6980 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:35:52.0071 6980 TrkWks - ok

13:35:52.0090 6980 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:35:52.0092 6980 TrustedInstaller - ok

13:35:52.0192 6980 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:35:52.0195 6980 tssecsrv - ok

13:35:52.0210 6980 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:35:52.0214 6980 tunmp - ok

13:35:52.0244 6980 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:35:52.0249 6980 tunnel - ok

13:35:52.0276 6980 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

13:35:52.0280 6980 uagp35 - ok

13:35:52.0330 6980 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:35:52.0335 6980 udfs - ok

13:35:52.0377 6980 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:35:52.0380 6980 UI0Detect - ok

13:35:52.0405 6980 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

13:35:52.0408 6980 uliagpkx - ok

13:35:52.0463 6980 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

13:35:52.0468 6980 uliahci - ok

13:35:52.0490 6980 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:35:52.0493 6980 UlSata - ok

13:35:52.0530 6980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:35:52.0534 6980 ulsata2 - ok

13:35:52.0566 6980 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:35:52.0568 6980 umbus - ok

13:35:52.0595 6980 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:35:52.0602 6980 upnphost - ok

13:35:52.0628 6980 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:35:52.0631 6980 usbccgp - ok

13:35:52.0663 6980 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:35:52.0667 6980 usbcir - ok

13:35:52.0707 6980 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:35:52.0709 6980 usbehci - ok

13:35:52.0733 6980 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:35:52.0738 6980 usbhub - ok

13:35:52.0758 6980 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

13:35:52.0760 6980 usbohci - ok

13:35:52.0796 6980 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

13:35:52.0798 6980 usbprint - ok

13:35:52.0822 6980 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:35:52.0824 6980 usbscan - ok

13:35:52.0845 6980 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:35:52.0848 6980 USBSTOR - ok

13:35:52.0874 6980 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:35:52.0879 6980 usbuhci - ok

13:35:52.0904 6980 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

13:35:52.0907 6980 usb_rndisx - ok

13:35:52.0931 6980 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

13:35:52.0936 6980 UxSms - ok

13:35:52.0986 6980 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

13:35:53.0003 6980 vds - ok

13:35:53.0031 6980 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:35:53.0034 6980 vga - ok

13:35:53.0054 6980 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:35:53.0057 6980 VgaSave - ok

13:35:53.0091 6980 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

13:35:53.0097 6980 viaagp - ok

13:35:53.0159 6980 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

13:35:53.0161 6980 ViaC7 - ok

13:35:53.0227 6980 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

13:35:53.0231 6980 viaide - ok

13:35:53.0254 6980 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:35:53.0258 6980 volmgr - ok

13:35:53.0285 6980 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:35:53.0292 6980 volmgrx - ok

13:35:53.0320 6980 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:35:53.0326 6980 volsnap - ok

13:35:53.0370 6980 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

13:35:53.0375 6980 vsmraid - ok

13:35:53.0437 6980 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

13:35:53.0461 6980 VSS - ok

13:35:53.0491 6980 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

13:35:53.0499 6980 W32Time - ok

13:35:53.0535 6980 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:35:53.0537 6980 WacomPen - ok

13:35:53.0562 6980 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:35:53.0565 6980 Wanarp - ok

13:35:53.0572 6980 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:35:53.0575 6980 Wanarpv6 - ok

13:35:53.0635 6980 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll

13:35:53.0641 6980 WcesComm - ok

13:35:53.0672 6980 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

13:35:53.0689 6980 wcncsvc - ok

13:35:53.0722 6980 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:35:53.0726 6980 WcsPlugInService - ok

13:35:53.0750 6980 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

13:35:53.0752 6980 Wd - ok

13:35:53.0779 6980 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:35:53.0792 6980 Wdf01000 - ok

13:35:53.0818 6980 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:35:53.0823 6980 WdiServiceHost - ok

13:35:53.0830 6980 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:35:53.0835 6980 WdiSystemHost - ok

13:35:53.0857 6980 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

13:35:53.0862 6980 WebClient - ok

13:35:53.0897 6980 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

13:35:53.0901 6980 Wecsvc - ok

13:35:53.0921 6980 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

13:35:53.0925 6980 wercplsupport - ok

13:35:53.0957 6980 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

13:35:53.0961 6980 WerSvc - ok

13:35:54.0036 6980 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

13:35:54.0046 6980 WinDefend - ok

13:35:54.0069 6980 WinHttpAutoProxySvc - ok

13:35:54.0104 6980 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

13:35:54.0107 6980 Winmgmt - ok

13:35:54.0235 6980 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

13:35:54.0255 6980 WinRM - ok

13:35:54.0329 6980 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys

13:35:54.0332 6980 winusb - ok

13:35:54.0401 6980 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

13:35:54.0411 6980 Wlansvc - ok

13:35:54.0441 6980 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:35:54.0442 6980 WmiAcpi - ok

13:35:54.0534 6980 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

13:35:54.0551 6980 wmiApSrv - ok

13:35:54.0639 6980 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:35:54.0645 6980 WMPNetworkSvc - ok

13:35:54.0666 6980 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

13:35:54.0675 6980 WPCSvc - ok

13:35:54.0702 6980 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

13:35:54.0707 6980 WPDBusEnum - ok

13:35:54.0758 6980 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:35:54.0761 6980 WpdUsb - ok

13:35:54.0842 6980 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:35:54.0865 6980 WPFFontCache_v0400 - ok

13:35:54.0903 6980 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:35:54.0906 6980 ws2ifsl - ok

13:35:54.0937 6980 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

13:35:54.0941 6980 wscsvc - ok

13:35:54.0957 6980 WSearch - ok

13:35:55.0066 6980 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:35:55.0109 6980 wuauserv - ok

13:35:55.0161 6980 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:35:55.0164 6980 WUDFRd - ok

13:35:55.0239 6980 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

13:35:55.0244 6980 wudfsvc - ok

13:35:55.0347 6980 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:35:55.0410 6980 \Device\Harddisk0\DR0 - ok

13:35:55.0425 6980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR100

13:35:55.0430 6980 \Device\Harddisk5\DR100 - ok

13:35:55.0457 6980 Boot (0x1200) (93cc29382876afdc443ca5089d26972c) \Device\Harddisk0\DR0\Partition0

13:35:55.0465 6980 \Device\Harddisk0\DR0\Partition0 - ok

13:35:55.0480 6980 Boot (0x1200) (02a5c8ab89eec3cf6d168392b032bba0) \Device\Harddisk0\DR0\Partition1

13:35:55.0500 6980 \Device\Harddisk0\DR0\Partition1 - ok

13:35:55.0523 6980 Boot (0x1200) (11ec39dba41633c5144b50ef4c76a847) \Device\Harddisk5\DR100\Partition0

13:35:55.0527 6980 \Device\Harddisk5\DR100\Partition0 - ok

13:35:55.0535 6980 ============================================================

13:35:55.0535 6980 Scan finished

13:35:55.0535 6980 ============================================================

13:35:55.0559 6928 Detected object count: 0

13:35:55.0559 6928 Actual detected object count: 0

[/log]

11 april, 2012

Det ser ju bra ut men för säkerhets skull kör OTL för en sista koll.

Stäng alla program.

Kör OTL.

Under Output högt upp så välj Minimal Output.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så klistra in loggen OTL.txt.

12 april, 2012

Här är den förhoppningsvis sista loggen

[log]OTL logfile created on: 2012-04-12 12:55:54 - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hemma\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,75 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 48,30% Memory free

5,70 Gb Paging File | 4,30 Gb Available in Paging File | 75,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 583,17 Gb Total Space | 308,10 Gb Free Space | 52,83% Space Free | Partition Type: NTFS

Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 13,00 Gb Total Space | 2,51 Gb Free Space | 19,30% Space Free | Partition Type: NTFS

Drive L: | 7,48 Gb Total Space | 4,00 Gb Free Space | 53,49% Space Free | Partition Type: NTFS

Computer Name: HEMMA-DATOR | User Name: Hemma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hemma\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32.exe (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe (F-Secure Corporation)

PRC - C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Common\FSHDLL32.EXE (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe (F-Secure Corporation)

PRC - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

PRC - C:\Program\Telia\Supportassistenten\bin\tgsrvc.exe (SupportSoft, Inc.)

PRC - C:\Program\Telia\Supportassistenten\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program\Telia\Supportassistenten\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe (Packard Bell BV)

PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)

PRC - C:\Program\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)

PRC - C:\Windows\System32\HidService.exe (Packard Bell Services)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)

PRC - C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

PRC - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

PRC - C:\Program\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)

PRC - C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

PRC - C:\Program\Sprite Software\Sprite Backup\SpriteService.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\strres.eng ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\gres.dll ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\about.dll ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\flyerres.eng ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\aboutres.dll ()

MOD - C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsavures.eng ()

MOD - C:\Program\Google\Google Desktop Search\gzlib.dll ()

MOD - C:\Windows\System32\WlanApp.dll ()

MOD - C:\Program\Sprite Software\Sprite Backup\SpriteService.exe ()

MOD - C:\Program\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (FSORSPClient) -- C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe (F-Secure Corporation)

SRV - (AdobeARMservice) -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (odserv) -- C:\Program\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (FSMA) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE (F-Secure Corporation)

SRV - (FSDFWD) -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe (F-Secure Corporation)

SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

SRV - (SupportSoft RemoteAssist) -- C:\Program\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)

SRV - (tgsrvc_teliada) SupportSoft Repair Service (teliada) -- C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe (SupportSoft, Inc.)

SRV - (sprtsvc_teliada) SupportSoft Sprocket Service (teliada) -- C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (nosGetPlusHelper) getPlus® -- C:\Program\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (ACDaemon) -- C:\Program\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (GenericHidService) -- C:\Windows\System32\HidService.exe (Packard Bell Services)

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor6.0) -- C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()

SRV - (ose) -- C:\Program\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()

DRV - (F-Secure Gatekeeper) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys ()

DRV - (F-Secure HIPS) -- C:\Program\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure Corporation)

DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)

DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)

DRV - (F-Secure Filter) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys ()

DRV - (F-Secure Recognizer) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsrec.sys ()

DRV - (fsvista) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsvista.sys ()

DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (Tdsshbecr) -- C:\Windows\System32\drivers\shbecr.sys (Todos Data System AB)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (TridVid) -- C:\Windows\System32\drivers\TridVid.sys (Trident Multimedia Technologies Co.,Ltd)

DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.)

DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.)

DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd'>http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&s=1&o=vb32&d=0709&m=imedia_b3921_ncd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {5B3965B7-E61B-484A-B0A3-207E618C9A6F}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{5B3965B7-E61B-484A-B0A3-207E618C9A6F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_svSE336

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_svSE336&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0