Bifogat dumps av processerna. Nåt som ser skumt ut?
[attachment=4100:prc049.png
Det här inlägget har redigerats av Wheninrome: 03 augusti 2011 - 21:25
1
9 svar i den här tråden
#1
Wheninrome
-
- Medlem
-
- 844 inlägg
- Kön:Man
- Från:North Of Europe
Skrivet 02 augusti 2011 - 18:33
]Jag vet inte vad som skett men jag har jagat som en galning efter en störande sak. Ser ut som en ikon som dyker upp i aktivitetsfältet och försvinner lika snabbt igen. Kommer med jämna mellanrum. ca 15 sekunder. Jag har kollat alla aktiva processer och kontrollerat med Malwarebyte och spybot utan resultat. Jag vet ju inte vad det är och vet ju inte vad programmet gör eller om den skickar ut lösenord osv. Tips på hur man får bort eländet?
Bifogat dumps av processerna. Nåt som ser skumt ut?
[attachment=4100:prc049.png
Bifogat dumps av processerna. Nåt som ser skumt ut?
[attachment=4100:prc049.png
- Inte din sorts mobil? Jämför priser på fler hos
#2
Cecilia
-
- Hedersmedlem
-
- 3 435 inlägg
- Kön:Kvinna
- Från:Stockholm
Skrivet 02 augusti 2011 - 18:50
Jag ser inget skadligt i den processlistan. Jag har sett trådar förut om ungefär samma sak och i alla fall en gång visade det sig vara Norton som drog igång något då och då en kort stund.
När började det?
Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så får vi se om DDS visar något mer.
När började det?
Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så får vi se om DDS visar något mer.
#3
Wheninrome
-
- Medlem
-
- 844 inlägg
- Kön:Man
- Från:North Of Europe
Skrivet 02 augusti 2011 - 19:17
Började i lördags då MS ville installera några uppdateringar.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rockmuppen at 20:11:02 on 2011-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.3071.1602 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.se/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [CardReaderMonitor] c:\program files\realtek semiconductor corp.\realtek card reader monitor\CardReaderMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [<NO NAME>]
mRun: [tvjbmonitor] c:\program files\mmedia\tv jukebox 3.5\tvjbMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\typeitin.lnk - c:\program files\typeitin\TypeItIn.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: coop.se\www
Trusted Zone: live.se
Trusted Zone: miroi.se\exlearn
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{523F2FC2-74E3-4437-9AF2-2F67C08EB281} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB}\6427F67616E646D616E616475656 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl6513dfb0;MpKsl6513dfb0;c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys [2011-8-2 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-2 30312]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-7-3 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-3 208896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-3 72832]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-6-12 197224]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-2 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-2 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-2 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-8-2 114280]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2011-6-8 42368]
R3 vm331avs;Bison Webcam;c:\windows\system32\drivers\vm331avs.sys [2011-6-8 943016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2011-7-3 203776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-3 102784]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-6-11 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-21 109736]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-8 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]
S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]
S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29 1091984]
.
=============== Created Last 30 ================
.
2011-08-02 17:38:30 -------- d-----w- c:\users\rockmuppen\appdata\local\{A6079D29-EC3B-4AC7-A2B1-D8CEF122D0C5}
2011-08-02 17:30:59 6260088 ----a-w- c:\program files\common files\windows live\.cache\efe621a01cc513903\Silverlight.4.0.exe
2011-08-02 16:44:40 -------- d-----w- c:\users\rockmuppen\appdata\local\{879CEE3B-4171-46B1-8E5A-93A9CD94B359}
2011-08-02 16:44:39 -------- d-----w- c:\users\rockmuppen\appdata\local\{DD368B46-9C1B-4EA9-9ECB-3EE9AA48765B}
2011-08-02 16:29:58 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-08-02 16:29:58 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-08-02 16:29:58 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-08-02 16:29:58 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-08-02 16:29:58 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-08-02 16:29:58 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-08-02 16:29:58 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-08-02 16:27:34 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-08-02 15:03:07 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys
2011-08-02 14:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-02 14:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-02 06:02:44 -------- d-----w- c:\users\rockmuppen\appdata\roaming\Malwarebytes
2011-08-02 06:02:27 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 22:58:22 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\mpengine.dll
2011-08-01 14:08:26 -------- d-----w- c:\users\rockmuppen\appdata\roaming\TaskmgrPro
2011-08-01 10:25:57 -------- d-----w- c:\windows\system32\System32
2011-07-31 19:37:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AB64E4B-3263-4E1C-9BAF-296841D2FA17}
2011-07-31 07:36:54 -------- d-----w- c:\users\rockmuppen\appdata\local\{867BC42F-A53F-47F8-956A-59138D53A805}
2011-07-30 12:13:40 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-30 11:49:44 -------- d-----w- c:\users\rockmuppen\appdata\local\{12C614EC-A0EC-4C1B-A43C-F12FBE6C7805}
2011-07-30 06:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{9A505A90-8EDE-4B08-BEAD-FD7B4FE63D6E}
2011-07-30 06:16:01 -------- d-----w- c:\users\rockmuppen\appdata\local\{6F1C0CA1-1FB4-4D3F-9B1B-727F52D21CAE}
2011-07-29 10:48:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 07:34:12 -------- d-----w- c:\users\rockmuppen\appdata\local\{8DFE21C0-D12A-4BC5-85F6-1A024F1B267E}
2011-07-29 07:12:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-27 13:53:55 -------- d-----w- c:\users\rockmuppen\appdata\local\ElevatedDiagnostics
2011-07-27 09:11:58 -------- d-----w- c:\users\rockmuppen\appdata\local\BVRP Software
2011-07-27 08:52:09 -------- d-----w- c:\users\rockmuppen\appdata\local\{11A7B549-992E-4BBD-BBD5-67DEAA24CD85}
2011-07-26 15:26:48 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-07-26 15:26:48 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-07-26 15:26:48 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-07-26 06:33:49 -------- d-----w- c:\users\rockmuppen\appdata\local\{3F5304B4-410A-4564-A13E-D90D393F1E07}
2011-07-24 20:34:49 -------- d-----w- c:\users\rockmuppen\appdata\roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-07-24 18:08:03 -------- d-----w- c:\users\rockmuppen\appdata\local\HP
2011-07-24 16:04:01 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Server CFG
2011-07-24 16:03:33 -------- d-----w- c:\windows\C_
2011-07-24 14:35:50 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Workstation CFG
2011-07-24 14:35:33 -------- d-----w- c:\program files\natso Backup
2011-07-24 07:46:51 -------- d-----w- c:\users\rockmuppen\appdata\local\{5D77F139-EFC3-4AAC-B770-94386E306BD1}
2011-07-23 09:37:43 -------- d-----w- c:\users\rockmuppen\appdata\local\{20ABC789-3EFE-4475-98C6-97BD764CD855}
2011-07-22 13:03:22 -------- d-----w- c:\programdata\WEBREG
2011-07-22 12:58:52 -------- d-----w- c:\program files\common files\HP
2011-07-22 12:58:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-07-22 12:57:27 -------- d-----w- c:\program files\HP
2011-07-22 12:54:50 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-07-22 12:54:50 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-07-22 12:54:49 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2011-07-22 12:54:49 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2011-07-22 12:54:49 303104 ----a-w- c:\windows\system32\hpovst15.dll
2011-07-22 09:26:16 -------- d-----w- c:\users\rockmuppen\appdata\local\{356250FB-80AE-484D-B1D7-15252FA989F6}
2011-07-21 18:37:00 -------- d-----w- c:\users\rockmuppen\appdata\local\{D26EEA57-D9BD-4AC5-A2F1-632DA7D1EB0E}
2011-07-21 12:48:49 -------- d-----w- c:\program files\HyperCam 3
2011-07-20 22:48:11 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2011-07-20 22:48:11 196 ----a-w- c:\windows\system32\af15irtbl.bin
2011-07-20 22:47:46 151552 ----a-w- c:\windows\system32\MPEG2VideoDMO.dll
2011-07-20 18:46:48 -------- d-----w- c:\users\rockmuppen\appdata\local\{8A3CF621-3590-4D75-8366-63CC4BDE5375}
2011-07-20 06:46:22 -------- d-----w- c:\users\rockmuppen\appdata\local\{5E4B3503-FE01-4C4A-9CE9-2175A4689C2A}
2011-07-19 12:59:33 -------- d-----w- c:\users\rockmuppen\appdata\local\{69B8AF5B-BFD9-4FF4-8788-763D0B7966D7}
2011-07-18 20:19:13 -------- d-----w- c:\users\rockmuppen\appdata\local\{1871CCAB-7AA1-4A4A-816A-D45961A51A13}
2011-07-18 12:09:48 -------- d-----w- c:\program files\VideoLAN
2011-07-18 11:46:14 -------- d-----w- c:\program files\Android
2011-07-18 09:17:53 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-18 09:17:53 50688 ----a-w- c:\windows\system32\ff_acm.acm
2011-07-18 08:00:42 -------- d-----w- c:\users\rockmuppen\appdata\roaming\BSplayer PRO
2011-07-18 08:00:35 -------- d-----w- c:\program files\Webteh
2011-07-18 07:31:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{3032D722-B88C-4561-8F9A-B6BF57B16600}
2011-07-17 09:45:18 -------- d-----w- c:\users\rockmuppen\appdata\local\{65DB9EAC-ED1D-46B7-87E1-FABA7E1507E5}
2011-07-16 21:40:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AF23E43-033F-4F83-8977-6E514682BF42}
2011-07-16 08:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{D48134F8-63A6-46C6-B151-BB865B0F03B9}
2011-07-15 19:51:09 -------- d-----w- c:\program files\common files\MSSoap
2011-07-15 17:50:37 -------- d-----w- c:\users\rockmuppen\appdata\local\{10E45824-21A5-49F3-A05E-D4C7658677DB}
2011-07-14 17:57:46 -------- d-----w- c:\users\rockmuppen\appdata\local\{4128D9A7-35A0-4FBF-9DBD-FB9EBD090195}
2011-07-14 05:57:20 -------- d-----w- c:\users\rockmuppen\appdata\local\{23596385-6FB9-451E-938F-519DFE0F3A55}
2011-07-13 14:24:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{505B344A-BE3C-41BB-90F8-A26D50D7C4C8}
2011-07-13 06:52:27 -------- d-----w- c:\program files\MSXML 4.0
2011-07-12 21:14:28 -------- d-----w- c:\users\rockmuppen\appdata\local\{031EDA54-249C-4CB6-9A6C-595B2E27A49E}
2011-07-12 09:35:32 -------- d-----w- c:\windows\system32\Adobe
2011-07-12 09:30:17 -------- d-----w- c:\users\rockmuppen\appdata\roaming\jAlbum
2011-07-12 08:22:47 -------- d-----w- c:\users\rockmuppen\appdata\local\{B91742A1-123A-4858-A854-7C27233A0E3D}
2011-07-11 19:03:25 -------- d-----w- c:\users\rockmuppen\appdata\local\{B8641FE1-5FB3-4554-A4FE-00CAFDA60B12}
2011-07-11 07:02:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{2EA29487-806A-4AA9-94EA-BBD21B666ED3}
2011-07-10 18:43:55 -------- d-----w- c:\users\rockmuppen\appdata\local\{32D3D2F1-869F-46E5-B549-B606C65740F9}
2011-07-10 16:39:20 -------- d-----w- c:\users\rockmuppen\appdata\local\Xmarks
2011-07-10 06:43:29 -------- d-----w- c:\users\rockmuppen\appdata\local\{EA31A95B-DEB1-43DC-93FB-22F3225138DC}
2011-07-08 20:26:34 -------- d-----w- c:\users\rockmuppen\appdata\local\{D6FA8488-EC68-4F61-BE02-46C12CF49DA0}
2011-07-08 20:26:10 -------- d-----w- c:\users\rockmuppen\appdata\local\{673256CC-45C7-4DDB-8974-0079A4EFD6D7}
2011-07-08 19:08:33 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-08 06:05:59 -------- d-----w- c:\users\rockmuppen\appdata\local\{3117122F-F459-4AA0-80F4-1EF28C199DC6}
2011-07-07 17:12:24 -------- d-----w- c:\users\rockmuppen\appdata\local\{DFAC3F51-49D7-4341-A0E4-694B0704F050}
2011-07-07 16:27:30 -------- d-----w- c:\program files\Serif
2011-07-07 16:24:49 -------- d-----w- c:\windows\system32\appmgmt
2011-07-07 12:08:10 -------- d-----w- c:\users\rockmuppen\appdata\local\ApplicationHistory
2011-07-07 08:31:19 -------- d-----w- c:\users\rockmuppen\appdata\local\Omnius for SE
2011-07-07 08:31:19 -------- d-----w- c:\programdata\Omnius for SE
2011-07-07 08:14:21 -------- d-----w- c:\users\rockmuppen\appdata\roaming\aerix
2011-07-04 09:18:19 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-07-04 09:18:19 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
.
==================== Find3M ====================
.
2011-07-26 15:26:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-07-08 19:08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-14 15:16:44 218416 ----a-w- c:\windows\system32\iwpsetup.exe
2011-06-11 16:57:42 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-06-11 16:57:42 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-06-11 16:57:41 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-08 17:25:15 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-05 13:15:21 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-06-05 13:15:20 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2011-06-05 13:15:20 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-16 17:01:00 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-16 17:01:00 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-16 17:01:00 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-13 14:03:34 49016 ----a-w- c:\windows\system32\sirenacm.dll
.
============= FINISH: 20:11:57,00 ===============
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rockmuppen at 20:11:02 on 2011-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.3071.1602 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.se/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [CardReaderMonitor] c:\program files\realtek semiconductor corp.\realtek card reader monitor\CardReaderMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [<NO NAME>]
mRun: [tvjbmonitor] c:\program files\mmedia\tv jukebox 3.5\tvjbMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\typeitin.lnk - c:\program files\typeitin\TypeItIn.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: coop.se\www
Trusted Zone: live.se
Trusted Zone: miroi.se\exlearn
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{523F2FC2-74E3-4437-9AF2-2F67C08EB281} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB}\6427F67616E646D616E616475656 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl6513dfb0;MpKsl6513dfb0;c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys [2011-8-2 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-2 30312]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-7-3 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-3 208896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-3 72832]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-6-12 197224]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-2 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-2 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-2 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-8-2 114280]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2011-6-8 42368]
R3 vm331avs;Bison Webcam;c:\windows\system32\drivers\vm331avs.sys [2011-6-8 943016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2011-7-3 203776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-3 102784]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-6-11 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-21 109736]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-8 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]
S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]
S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29 1091984]
.
=============== Created Last 30 ================
.
2011-08-02 17:38:30 -------- d-----w- c:\users\rockmuppen\appdata\local\{A6079D29-EC3B-4AC7-A2B1-D8CEF122D0C5}
2011-08-02 17:30:59 6260088 ----a-w- c:\program files\common files\windows live\.cache\efe621a01cc513903\Silverlight.4.0.exe
2011-08-02 16:44:40 -------- d-----w- c:\users\rockmuppen\appdata\local\{879CEE3B-4171-46B1-8E5A-93A9CD94B359}
2011-08-02 16:44:39 -------- d-----w- c:\users\rockmuppen\appdata\local\{DD368B46-9C1B-4EA9-9ECB-3EE9AA48765B}
2011-08-02 16:29:58 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-08-02 16:29:58 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-08-02 16:29:58 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-08-02 16:29:58 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-08-02 16:29:58 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-08-02 16:29:58 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-08-02 16:29:58 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-08-02 16:27:34 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-08-02 15:03:07 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys
2011-08-02 14:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-02 14:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-02 06:02:44 -------- d-----w- c:\users\rockmuppen\appdata\roaming\Malwarebytes
2011-08-02 06:02:27 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 22:58:22 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\mpengine.dll
2011-08-01 14:08:26 -------- d-----w- c:\users\rockmuppen\appdata\roaming\TaskmgrPro
2011-08-01 10:25:57 -------- d-----w- c:\windows\system32\System32
2011-07-31 19:37:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AB64E4B-3263-4E1C-9BAF-296841D2FA17}
2011-07-31 07:36:54 -------- d-----w- c:\users\rockmuppen\appdata\local\{867BC42F-A53F-47F8-956A-59138D53A805}
2011-07-30 12:13:40 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-30 11:49:44 -------- d-----w- c:\users\rockmuppen\appdata\local\{12C614EC-A0EC-4C1B-A43C-F12FBE6C7805}
2011-07-30 06:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{9A505A90-8EDE-4B08-BEAD-FD7B4FE63D6E}
2011-07-30 06:16:01 -------- d-----w- c:\users\rockmuppen\appdata\local\{6F1C0CA1-1FB4-4D3F-9B1B-727F52D21CAE}
2011-07-29 10:48:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 07:34:12 -------- d-----w- c:\users\rockmuppen\appdata\local\{8DFE21C0-D12A-4BC5-85F6-1A024F1B267E}
2011-07-29 07:12:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-27 13:53:55 -------- d-----w- c:\users\rockmuppen\appdata\local\ElevatedDiagnostics
2011-07-27 09:11:58 -------- d-----w- c:\users\rockmuppen\appdata\local\BVRP Software
2011-07-27 08:52:09 -------- d-----w- c:\users\rockmuppen\appdata\local\{11A7B549-992E-4BBD-BBD5-67DEAA24CD85}
2011-07-26 15:26:48 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-07-26 15:26:48 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-07-26 15:26:48 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-07-26 06:33:49 -------- d-----w- c:\users\rockmuppen\appdata\local\{3F5304B4-410A-4564-A13E-D90D393F1E07}
2011-07-24 20:34:49 -------- d-----w- c:\users\rockmuppen\appdata\roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-07-24 18:08:03 -------- d-----w- c:\users\rockmuppen\appdata\local\HP
2011-07-24 16:04:01 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Server CFG
2011-07-24 16:03:33 -------- d-----w- c:\windows\C_
2011-07-24 14:35:50 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Workstation CFG
2011-07-24 14:35:33 -------- d-----w- c:\program files\natso Backup
2011-07-24 07:46:51 -------- d-----w- c:\users\rockmuppen\appdata\local\{5D77F139-EFC3-4AAC-B770-94386E306BD1}
2011-07-23 09:37:43 -------- d-----w- c:\users\rockmuppen\appdata\local\{20ABC789-3EFE-4475-98C6-97BD764CD855}
2011-07-22 13:03:22 -------- d-----w- c:\programdata\WEBREG
2011-07-22 12:58:52 -------- d-----w- c:\program files\common files\HP
2011-07-22 12:58:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-07-22 12:57:27 -------- d-----w- c:\program files\HP
2011-07-22 12:54:50 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-07-22 12:54:50 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-07-22 12:54:49 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2011-07-22 12:54:49 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2011-07-22 12:54:49 303104 ----a-w- c:\windows\system32\hpovst15.dll
2011-07-22 09:26:16 -------- d-----w- c:\users\rockmuppen\appdata\local\{356250FB-80AE-484D-B1D7-15252FA989F6}
2011-07-21 18:37:00 -------- d-----w- c:\users\rockmuppen\appdata\local\{D26EEA57-D9BD-4AC5-A2F1-632DA7D1EB0E}
2011-07-21 12:48:49 -------- d-----w- c:\program files\HyperCam 3
2011-07-20 22:48:11 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2011-07-20 22:48:11 196 ----a-w- c:\windows\system32\af15irtbl.bin
2011-07-20 22:47:46 151552 ----a-w- c:\windows\system32\MPEG2VideoDMO.dll
2011-07-20 18:46:48 -------- d-----w- c:\users\rockmuppen\appdata\local\{8A3CF621-3590-4D75-8366-63CC4BDE5375}
2011-07-20 06:46:22 -------- d-----w- c:\users\rockmuppen\appdata\local\{5E4B3503-FE01-4C4A-9CE9-2175A4689C2A}
2011-07-19 12:59:33 -------- d-----w- c:\users\rockmuppen\appdata\local\{69B8AF5B-BFD9-4FF4-8788-763D0B7966D7}
2011-07-18 20:19:13 -------- d-----w- c:\users\rockmuppen\appdata\local\{1871CCAB-7AA1-4A4A-816A-D45961A51A13}
2011-07-18 12:09:48 -------- d-----w- c:\program files\VideoLAN
2011-07-18 11:46:14 -------- d-----w- c:\program files\Android
2011-07-18 09:17:53 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-18 09:17:53 50688 ----a-w- c:\windows\system32\ff_acm.acm
2011-07-18 08:00:42 -------- d-----w- c:\users\rockmuppen\appdata\roaming\BSplayer PRO
2011-07-18 08:00:35 -------- d-----w- c:\program files\Webteh
2011-07-18 07:31:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{3032D722-B88C-4561-8F9A-B6BF57B16600}
2011-07-17 09:45:18 -------- d-----w- c:\users\rockmuppen\appdata\local\{65DB9EAC-ED1D-46B7-87E1-FABA7E1507E5}
2011-07-16 21:40:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AF23E43-033F-4F83-8977-6E514682BF42}
2011-07-16 08:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{D48134F8-63A6-46C6-B151-BB865B0F03B9}
2011-07-15 19:51:09 -------- d-----w- c:\program files\common files\MSSoap
2011-07-15 17:50:37 -------- d-----w- c:\users\rockmuppen\appdata\local\{10E45824-21A5-49F3-A05E-D4C7658677DB}
2011-07-14 17:57:46 -------- d-----w- c:\users\rockmuppen\appdata\local\{4128D9A7-35A0-4FBF-9DBD-FB9EBD090195}
2011-07-14 05:57:20 -------- d-----w- c:\users\rockmuppen\appdata\local\{23596385-6FB9-451E-938F-519DFE0F3A55}
2011-07-13 14:24:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{505B344A-BE3C-41BB-90F8-A26D50D7C4C8}
2011-07-13 06:52:27 -------- d-----w- c:\program files\MSXML 4.0
2011-07-12 21:14:28 -------- d-----w- c:\users\rockmuppen\appdata\local\{031EDA54-249C-4CB6-9A6C-595B2E27A49E}
2011-07-12 09:35:32 -------- d-----w- c:\windows\system32\Adobe
2011-07-12 09:30:17 -------- d-----w- c:\users\rockmuppen\appdata\roaming\jAlbum
2011-07-12 08:22:47 -------- d-----w- c:\users\rockmuppen\appdata\local\{B91742A1-123A-4858-A854-7C27233A0E3D}
2011-07-11 19:03:25 -------- d-----w- c:\users\rockmuppen\appdata\local\{B8641FE1-5FB3-4554-A4FE-00CAFDA60B12}
2011-07-11 07:02:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{2EA29487-806A-4AA9-94EA-BBD21B666ED3}
2011-07-10 18:43:55 -------- d-----w- c:\users\rockmuppen\appdata\local\{32D3D2F1-869F-46E5-B549-B606C65740F9}
2011-07-10 16:39:20 -------- d-----w- c:\users\rockmuppen\appdata\local\Xmarks
2011-07-10 06:43:29 -------- d-----w- c:\users\rockmuppen\appdata\local\{EA31A95B-DEB1-43DC-93FB-22F3225138DC}
2011-07-08 20:26:34 -------- d-----w- c:\users\rockmuppen\appdata\local\{D6FA8488-EC68-4F61-BE02-46C12CF49DA0}
2011-07-08 20:26:10 -------- d-----w- c:\users\rockmuppen\appdata\local\{673256CC-45C7-4DDB-8974-0079A4EFD6D7}
2011-07-08 19:08:33 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-08 06:05:59 -------- d-----w- c:\users\rockmuppen\appdata\local\{3117122F-F459-4AA0-80F4-1EF28C199DC6}
2011-07-07 17:12:24 -------- d-----w- c:\users\rockmuppen\appdata\local\{DFAC3F51-49D7-4341-A0E4-694B0704F050}
2011-07-07 16:27:30 -------- d-----w- c:\program files\Serif
2011-07-07 16:24:49 -------- d-----w- c:\windows\system32\appmgmt
2011-07-07 12:08:10 -------- d-----w- c:\users\rockmuppen\appdata\local\ApplicationHistory
2011-07-07 08:31:19 -------- d-----w- c:\users\rockmuppen\appdata\local\Omnius for SE
2011-07-07 08:31:19 -------- d-----w- c:\programdata\Omnius for SE
2011-07-07 08:14:21 -------- d-----w- c:\users\rockmuppen\appdata\roaming\aerix
2011-07-04 09:18:19 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-07-04 09:18:19 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
.
==================== Find3M ====================
.
2011-07-26 15:26:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-07-08 19:08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-14 15:16:44 218416 ----a-w- c:\windows\system32\iwpsetup.exe
2011-06-11 16:57:42 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-06-11 16:57:42 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-06-11 16:57:41 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-08 17:25:15 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-05 13:15:21 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-06-05 13:15:20 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2011-06-05 13:15:20 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-16 17:01:00 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-16 17:01:00 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-16 17:01:00 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-13 14:03:34 49016 ----a-w- c:\windows\system32\sirenacm.dll
.
============= FINISH: 20:11:57,00 ===============
#4
Cecilia
-
- Hedersmedlem
-
- 3 435 inlägg
- Kön:Kvinna
- Från:Stockholm
Skrivet 03 augusti 2011 - 00:06
Då låter det ju inte så sannolikt att det rör sig om skadliga program, men för säkerhets skull ska du få kolla upp en fil:
På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.
c:\windows\system32\Redemption.dll
Enligt Attach.txt finns där flera inaktiverade enheter i Enhetshanteraren. Är det något du känner till?
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb9f9723b
Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000
Manufacturer:
Name: MpKslb9f9723b
PNP Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000
Service: MpKslb9f9723b
På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.
c:\windows\system32\Redemption.dll
Enligt Attach.txt finns där flera inaktiverade enheter i Enhetshanteraren. Är det något du känner till?
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb9f9723b
Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000
Manufacturer:
Name: MpKslb9f9723b
PNP Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000
Service: MpKslb9f9723b
#5
Wheninrome
-
- Medlem
-
- 844 inlägg
- Kön:Man
- Från:North Of Europe
Skrivet 03 augusti 2011 - 07:22
Jag såg också att det var märkliga enheter inaktiverade och jag kollade filen du bad om men fick bara till svar att den verkade harmlös.
Update: Jag har tagit reda på att det är en tjänst som heter Interactive Service detection och nu kommer frågan om varför den plötsligt börjat ploppa upp och vad den vill. Nån som vet hur man kan ta reda på vad den vill?
Update: Jag har tagit reda på att det är en tjänst som heter Interactive Service detection och nu kommer frågan om varför den plötsligt börjat ploppa upp och vad den vill. Nån som vet hur man kan ta reda på vad den vill?
Det här inlägget har redigerats av Wheninrome: 03 augusti 2011 - 09:48
#6
Gepe
-
- Medlem
-
- 430 inlägg
- Kön:Man
Skrivet 03 augusti 2011 - 11:29
Den finns med bland en av de tjänster som du hittar via kontrollpanelen-administrationsverktyg-tjänster.
Services.jpg 235K
9 Antal nedladdningar
Texten förklarar vad den gör och det förefaller ju vara "klart som korvspad" eller "not". I min dator står den med startalternativ "manuellt" och den är stoppad.
Verkar ju ändå inte vara någon hotfull "ohyra", men då ska du veta gissar jag..............
Services.jpg 235K
9 Antal nedladdningarTexten förklarar vad den gör och det förefaller ju vara "klart som korvspad" eller "not". I min dator står den med startalternativ "manuellt" och den är stoppad.
Verkar ju ändå inte vara någon hotfull "ohyra", men då ska du veta gissar jag..............
#7
Cecilia
-
- Hedersmedlem
-
- 3 435 inlägg
- Kön:Kvinna
- Från:Stockholm
Skrivet 03 augusti 2011 - 12:03
Då låter det ju lite på den beskrivningen där som att det är något annat program (interaktiv tjänst?) som använder sig av tjänsten "Interactive Service detection".
#8
Wheninrome
-
- Medlem
-
- 844 inlägg
- Kön:Man
- Från:North Of Europe
Skrivet 03 augusti 2011 - 13:38
Jo förvisso, men varför börjar den mucka med min dator nu tro? Jag har kollat lite på forum om den tjänsten och uppenbarligen vill systemet säga mig något men detta ska enligt uppgift inte vara ett fungerande sätt i Win 7. Jag har testat avinstallera samtliga program från senaste tiden men fortfarande vill något program öppna en dialogruta från services (vilket inte ska ske i win 7 tydligen). Fortsätter felsöka...
#9
Gepe
-
- Medlem
-
- 430 inlägg
- Kön:Man
Skrivet 03 augusti 2011 - 14:21
När ikonen dyker upp, hinner du klicka på den? Enligt beskrivning på nedannämnda sida så skall man då få upp en dialogruta där man på något vis skall kunna utläsa vad det är för program eller tjänst som pockar på uppmärksamhet.
http://blogs.msdn.co...king-at-me.aspx
http://blogs.msdn.co...-detection.aspx
http://blogs.msdn.co...king-at-me.aspx
http://blogs.msdn.co...-detection.aspx
Det här inlägget har redigerats av Gepe: 03 augusti 2011 - 14:28
#10
Wheninrome
-
- Medlem
-
- 844 inlägg
- Kön:Man
- Från:North Of Europe
Skrivet 03 augusti 2011 - 21:26
Nej jag hann aldrig klicka på den men det spelar ingen roll längre. Kör x64 istället av prestandaskäl. Tack snälla för all hjälp ändå.
