[LÖST] Ohyra i burken?

[Wheninrome]

]Jag vet inte vad som skett men jag har jagat som en galning efter en störande sak. Ser ut som en ikon som dyker upp i aktivitetsfältet och försvinner lika snabbt igen. Kommer med jämna mellanrum. ca 15 sekunder. Jag har kollat alla aktiva processer och kontrollerat med Malwarebyte och spybot utan resultat. Jag vet ju inte vad det är och vet ju inte vad programmet gör eller om den skickar ut lösenord osv. Tips på hur man får bort eländet?

Bifogat dumps av processerna. Nåt som ser skumt ut?

[attachment=4100:prc049.png

Redigerad Augusti 3, 2011 av Wheninrome

[Cecilia]

Jag ser inget skadligt i den processlistan. Jag har sett trådar förut om ungefär samma sak och i alla fall en gång visade det sig vara Norton som drog igång något då och då en kort stund.

När började det?

Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så får vi se om DDS visar något mer.

[Wheninrome]

Började i lördags då MS ville installera några uppdateringar.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Rockmuppen at 20:11:02 on 2011-08-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.3071.1602 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\DatacardService\DCService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCSHelper.exe

C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\IoctlSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\UI0Detect.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Mobile Partner\Mobile Partner.exe

C:\Program Files\TypeItIn\TypeItIn.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rockmuppen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.se/

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [CardReaderMonitor] c:\program files\realtek semiconductor corp.\realtek card reader monitor\CardReaderMonitor.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [<NO NAME>]

mRun: [tvjbmonitor] c:\program files\mmedia\tv jukebox 3.5\tvjbMonitor.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\typeitin.lnk - c:\program files\typeitin\TypeItIn.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: coop.se\www

Trusted Zone: live.se

Trusted Zone: miroi.se\exlearn

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{523F2FC2-74E3-4437-9AF2-2F67C08EB281} : NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{68C8DD45-3075-4254-8A34-B5AAA3B182CB}\6427F67616E646D616E616475656 : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl6513dfb0;MpKsl6513dfb0;c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys [2011-8-2 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-2 30312]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-7-3 11136]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-3 208896]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-3 72832]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-6-12 197224]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-2 121064]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-2 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-2 136808]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-8-2 114280]

R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2011-6-8 42368]

R3 vm331avs;Bison Webcam;c:\windows\system32\drivers\vm331avs.sys [2011-6-8 943016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2011-7-3 203776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-3 102784]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-6-11 13224]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-21 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-21 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-21 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-21 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-21 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-21 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-21 109736]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-8 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]

S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]

S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29 1091984]

.

=============== Created Last 30 ================

.

2011-08-02 17:38:30 -------- d-----w- c:\users\rockmuppen\appdata\local\{A6079D29-EC3B-4AC7-A2B1-D8CEF122D0C5}

2011-08-02 17:30:59 6260088 ----a-w- c:\program files\common files\windows live\.cache\efe621a01cc513903\Silverlight.4.0.exe

2011-08-02 16:44:40 -------- d-----w- c:\users\rockmuppen\appdata\local\{879CEE3B-4171-46B1-8E5A-93A9CD94B359}

2011-08-02 16:44:39 -------- d-----w- c:\users\rockmuppen\appdata\local\{DD368B46-9C1B-4EA9-9ECB-3EE9AA48765B}

2011-08-02 16:29:58 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2011-08-02 16:29:58 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2011-08-02 16:29:58 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2011-08-02 16:29:58 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2011-08-02 16:29:58 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys

2011-08-02 16:29:58 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2011-08-02 16:29:58 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2011-08-02 16:27:34 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-08-02 15:03:07 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\MpKsl6513dfb0.sys

2011-08-02 14:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-02 14:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-02 06:02:44 -------- d-----w- c:\users\rockmuppen\appdata\roaming\Malwarebytes

2011-08-02 06:02:27 -------- d-----w- c:\programdata\Malwarebytes

2011-08-01 22:58:22 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fea8fb9f-d2cd-4bae-af92-cc0d37cc1cb7}\mpengine.dll

2011-08-01 14:08:26 -------- d-----w- c:\users\rockmuppen\appdata\roaming\TaskmgrPro

2011-08-01 10:25:57 -------- d-----w- c:\windows\system32\System32

2011-07-31 19:37:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AB64E4B-3263-4E1C-9BAF-296841D2FA17}

2011-07-31 07:36:54 -------- d-----w- c:\users\rockmuppen\appdata\local\{867BC42F-A53F-47F8-956A-59138D53A805}

2011-07-30 12:13:40 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-07-30 11:49:44 -------- d-----w- c:\users\rockmuppen\appdata\local\{12C614EC-A0EC-4C1B-A43C-F12FBE6C7805}

2011-07-30 06:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{9A505A90-8EDE-4B08-BEAD-FD7B4FE63D6E}

2011-07-30 06:16:01 -------- d-----w- c:\users\rockmuppen\appdata\local\{6F1C0CA1-1FB4-4D3F-9B1B-727F52D21CAE}

2011-07-29 10:48:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-29 07:34:12 -------- d-----w- c:\users\rockmuppen\appdata\local\{8DFE21C0-D12A-4BC5-85F6-1A024F1B267E}

2011-07-29 07:12:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2011-07-27 13:53:55 -------- d-----w- c:\users\rockmuppen\appdata\local\ElevatedDiagnostics

2011-07-27 09:11:58 -------- d-----w- c:\users\rockmuppen\appdata\local\BVRP Software

2011-07-27 08:52:09 -------- d-----w- c:\users\rockmuppen\appdata\local\{11A7B549-992E-4BBD-BBD5-67DEAA24CD85}

2011-07-26 15:26:48 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2011-07-26 15:26:48 325552 ----a-w- c:\windows\MASetupCaller.dll

2011-07-26 15:26:48 30568 ----a-w- c:\windows\MusiccityDownload.exe

2011-07-26 06:33:49 -------- d-----w- c:\users\rockmuppen\appdata\local\{3F5304B4-410A-4564-A13E-D90D393F1E07}

2011-07-24 20:34:49 -------- d-----w- c:\users\rockmuppen\appdata\roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2011-07-24 18:08:03 -------- d-----w- c:\users\rockmuppen\appdata\local\HP

2011-07-24 16:04:01 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Server CFG

2011-07-24 16:03:33 -------- d-----w- c:\windows\C_

2011-07-24 14:35:50 -------- d-----w- c:\users\rockmuppen\appdata\roaming\natso Backup Workstation CFG

2011-07-24 14:35:33 -------- d-----w- c:\program files\natso Backup

2011-07-24 07:46:51 -------- d-----w- c:\users\rockmuppen\appdata\local\{5D77F139-EFC3-4AAC-B770-94386E306BD1}

2011-07-23 09:37:43 -------- d-----w- c:\users\rockmuppen\appdata\local\{20ABC789-3EFE-4475-98C6-97BD764CD855}

2011-07-22 13:03:22 -------- d-----w- c:\programdata\WEBREG

2011-07-22 12:58:52 -------- d-----w- c:\program files\common files\HP

2011-07-22 12:58:35 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-07-22 12:57:27 -------- d-----w- c:\program files\HP

2011-07-22 12:54:50 452408 ----a-w- c:\windows\system32\hpzids01.dll

2011-07-22 12:54:50 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2011-07-22 12:54:49 729088 ----a-w- c:\windows\system32\hpowiax7.dll

2011-07-22 12:54:49 581632 ----a-w- c:\windows\system32\hpotscl6.dll

2011-07-22 12:54:49 303104 ----a-w- c:\windows\system32\hpovst15.dll

2011-07-22 09:26:16 -------- d-----w- c:\users\rockmuppen\appdata\local\{356250FB-80AE-484D-B1D7-15252FA989F6}

2011-07-21 18:37:00 -------- d-----w- c:\users\rockmuppen\appdata\local\{D26EEA57-D9BD-4AC5-A2F1-632DA7D1EB0E}

2011-07-21 12:48:49 -------- d-----w- c:\program files\HyperCam 3

2011-07-20 22:48:11 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll

2011-07-20 22:48:11 196 ----a-w- c:\windows\system32\af15irtbl.bin

2011-07-20 22:47:46 151552 ----a-w- c:\windows\system32\MPEG2VideoDMO.dll

2011-07-20 18:46:48 -------- d-----w- c:\users\rockmuppen\appdata\local\{8A3CF621-3590-4D75-8366-63CC4BDE5375}

2011-07-20 06:46:22 -------- d-----w- c:\users\rockmuppen\appdata\local\{5E4B3503-FE01-4C4A-9CE9-2175A4689C2A}

2011-07-19 12:59:33 -------- d-----w- c:\users\rockmuppen\appdata\local\{69B8AF5B-BFD9-4FF4-8788-763D0B7966D7}

2011-07-18 20:19:13 -------- d-----w- c:\users\rockmuppen\appdata\local\{1871CCAB-7AA1-4A4A-816A-D45961A51A13}

2011-07-18 12:09:48 -------- d-----w- c:\program files\VideoLAN

2011-07-18 11:46:14 -------- d-----w- c:\program files\Android

2011-07-18 09:17:53 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-18 09:17:53 50688 ----a-w- c:\windows\system32\ff_acm.acm

2011-07-18 08:00:42 -------- d-----w- c:\users\rockmuppen\appdata\roaming\BSplayer PRO

2011-07-18 08:00:35 -------- d-----w- c:\program files\Webteh

2011-07-18 07:31:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{3032D722-B88C-4561-8F9A-B6BF57B16600}

2011-07-17 09:45:18 -------- d-----w- c:\users\rockmuppen\appdata\local\{65DB9EAC-ED1D-46B7-87E1-FABA7E1507E5}

2011-07-16 21:40:19 -------- d-----w- c:\users\rockmuppen\appdata\local\{9AF23E43-033F-4F83-8977-6E514682BF42}

2011-07-16 08:41:27 -------- d-----w- c:\users\rockmuppen\appdata\local\{D48134F8-63A6-46C6-B151-BB865B0F03B9}

2011-07-15 19:51:09 -------- d-----w- c:\program files\common files\MSSoap

2011-07-15 17:50:37 -------- d-----w- c:\users\rockmuppen\appdata\local\{10E45824-21A5-49F3-A05E-D4C7658677DB}

2011-07-14 17:57:46 -------- d-----w- c:\users\rockmuppen\appdata\local\{4128D9A7-35A0-4FBF-9DBD-FB9EBD090195}

2011-07-14 05:57:20 -------- d-----w- c:\users\rockmuppen\appdata\local\{23596385-6FB9-451E-938F-519DFE0F3A55}

2011-07-13 14:24:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{505B344A-BE3C-41BB-90F8-A26D50D7C4C8}

2011-07-13 06:52:27 -------- d-----w- c:\program files\MSXML 4.0

2011-07-12 21:14:28 -------- d-----w- c:\users\rockmuppen\appdata\local\{031EDA54-249C-4CB6-9A6C-595B2E27A49E}

2011-07-12 09:35:32 -------- d-----w- c:\windows\system32\Adobe

2011-07-12 09:30:17 -------- d-----w- c:\users\rockmuppen\appdata\roaming\jAlbum

2011-07-12 08:22:47 -------- d-----w- c:\users\rockmuppen\appdata\local\{B91742A1-123A-4858-A854-7C27233A0E3D}

2011-07-11 19:03:25 -------- d-----w- c:\users\rockmuppen\appdata\local\{B8641FE1-5FB3-4554-A4FE-00CAFDA60B12}

2011-07-11 07:02:58 -------- d-----w- c:\users\rockmuppen\appdata\local\{2EA29487-806A-4AA9-94EA-BBD21B666ED3}

2011-07-10 18:43:55 -------- d-----w- c:\users\rockmuppen\appdata\local\{32D3D2F1-869F-46E5-B549-B606C65740F9}

2011-07-10 16:39:20 -------- d-----w- c:\users\rockmuppen\appdata\local\Xmarks

2011-07-10 06:43:29 -------- d-----w- c:\users\rockmuppen\appdata\local\{EA31A95B-DEB1-43DC-93FB-22F3225138DC}

2011-07-08 20:26:34 -------- d-----w- c:\users\rockmuppen\appdata\local\{D6FA8488-EC68-4F61-BE02-46C12CF49DA0}

2011-07-08 20:26:10 -------- d-----w- c:\users\rockmuppen\appdata\local\{673256CC-45C7-4DDB-8974-0079A4EFD6D7}

2011-07-08 19:08:33 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-07-08 06:05:59 -------- d-----w- c:\users\rockmuppen\appdata\local\{3117122F-F459-4AA0-80F4-1EF28C199DC6}

2011-07-07 17:12:24 -------- d-----w- c:\users\rockmuppen\appdata\local\{DFAC3F51-49D7-4341-A0E4-694B0704F050}

2011-07-07 16:27:30 -------- d-----w- c:\program files\Serif

2011-07-07 16:24:49 -------- d-----w- c:\windows\system32\appmgmt

2011-07-07 12:08:10 -------- d-----w- c:\users\rockmuppen\appdata\local\ApplicationHistory

2011-07-07 08:31:19 -------- d-----w- c:\users\rockmuppen\appdata\local\Omnius for SE

2011-07-07 08:31:19 -------- d-----w- c:\programdata\Omnius for SE

2011-07-07 08:14:21 -------- d-----w- c:\users\rockmuppen\appdata\roaming\aerix

2011-07-04 09:18:19 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2011-07-04 09:18:19 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

.

==================== Find3M ====================

.

2011-07-26 15:26:54 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-07-08 19:08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-14 15:16:44 218416 ----a-w- c:\windows\system32\iwpsetup.exe

2011-06-11 16:57:42 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-06-11 16:57:42 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-06-11 16:57:41 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-08 17:25:15 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll

2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll

2011-06-05 13:15:21 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll

2011-06-05 13:15:20 313960 ----a-w- c:\windows\system32\RtsUStor.dll

2011-06-05 13:15:20 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys

2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-16 17:01:00 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-05-16 17:01:00 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-05-16 17:01:00 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-05-13 14:03:34 49016 ----a-w- c:\windows\system32\sirenacm.dll

.

============= FINISH: 20:11:57,00 ===============

[Cecilia]

Då låter det ju inte så sannolikt att det rör sig om skadliga program, men för säkerhets skull ska du få kolla upp en fil:

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

c:\windows\system32\Redemption.dll

Enligt Attach.txt finns där flera inaktiverade enheter i Enhetshanteraren. Är det något du känner till?

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb9f9723b

Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000

Manufacturer:

Name: MpKslb9f9723b

PNP Device ID: ROOT\LEGACY_MPKSLB9F9723B\0000

Service: MpKslb9f9723b

[Wheninrome]

Jag såg också att det var märkliga enheter inaktiverade och jag kollade filen du bad om men fick bara till svar att den verkade harmlös.

Update: Jag har tagit reda på att det är en tjänst som heter Interactive Service detection och nu kommer frågan om varför den plötsligt börjat ploppa upp och vad den vill. Nån som vet hur man kan ta reda på vad den vill?

Redigerad Augusti 3, 2011 av Wheninrome

[Gepe]

Den finns med bland en av de tjänster som du hittar via kontrollpanelen-administrationsverktyg-tjänster.

Texten förklarar vad den gör och det förefaller ju vara "klart som korvspad" eller "not". I min dator står den med startalternativ "manuellt" och den är stoppad.

Verkar ju ändå inte vara någon hotfull "ohyra", men då ska du veta gissar jag..............

[Cecilia]

Då låter det ju lite på den beskrivningen där som att det är något annat program (interaktiv tjänst?) som använder sig av tjänsten "Interactive Service detection".

[Wheninrome]

Jo förvisso, men varför börjar den mucka med min dator nu tro? Jag har kollat lite på forum om den tjänsten och uppenbarligen vill systemet säga mig något men detta ska enligt uppgift inte vara ett fungerande sätt i Win 7. Jag har testat avinstallera samtliga program från senaste tiden men fortfarande vill något program öppna en dialogruta från services (vilket inte ska ske i win 7 tydligen). Fortsätter felsöka...

[Gepe]

När ikonen dyker upp, hinner du klicka på den? Enligt beskrivning på nedannämnda sida så skall man då få upp en dialogruta där man på något vis skall kunna utläsa vad det är för program eller tjänst som pockar på uppmärksamhet.

http://blogs.msdn.co...king-at-me.aspx

http://blogs.msdn.com/b/patricka/archive/2011/03/14/troubleshooting-interactive-services-detection.aspx

Redigerad Augusti 3, 2011 av Gepe

[Wheninrome]

Nej jag hann aldrig klicka på den men det spelar ingen roll längre. Kör x64 istället av prestandaskäl. Tack snälla för all hjälp ändå.