Treg pc og samme ufrivillige startside.

[Grand]

Har tydeligvis skaffet meg noe snusk på pcen som ikke skal være her. Jeg har scannet pcen med f.secure og hitman. Men problemet er der fortsatt. Derfor hadde det vært konge om dere hadde sett over loggene fra Combofix og MBAM.

 

Statsiden min er konstant Delta Search, og etter litt tid på google fant jeg ut at dette er noe snusk, Pcen er også til tider sinsykt treig.

 

 

Combofix

 

ComboFix 13-02-13.02 - Sander 14.02.2013 13:28:28.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.8078.5659 [GMT 1:00]

Kjører fra: c:\users\Sander\Downloads\ComboFix.exe

AV: F-Secure Client Security 9.31 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: F-Secure Client Security 9.31 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Client Security 9.31 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\programdata\Roaming

c:\users\Sander\AppData\Local\Temp\_MEI43562\_ctypes.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\_elementtree.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\_hashlib.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\_socket.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\_ssl.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\pyexpat.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\pysqlite2._sqlite.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\python26.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\pythoncom26.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\PyWinTypes26.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\select.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\unicodedata.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32api.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32com.shell.shell.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32crypt.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32event.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32file.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32inet.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32pdh.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32process.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32profile.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32security.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\win32ts.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\windows._cacheinvalidation.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._controls_.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._core_.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._gdi_.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._html2.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._misc_.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._windows_.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wx._wizard.pyd

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxbase293u_net_vc.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxbase293u_vc.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxmsw293u_adv_vc.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxmsw293u_core_vc.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxmsw293u_html_vc.dll

c:\users\Sander\AppData\Local\Temp\_MEI43562\wxmsw293u_webview_vc.dll

c:\windows\msvcr71.dll

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2013-01-14 til 2013-02-14 )))))))))))))))))))))))))))))))))

.

.

2013-02-14 12:04 . 2013-02-14 12:04 -------- d-----w- c:\users\Sander\AppData\Roaming\Malwarebytes

2013-02-14 12:04 . 2013-02-14 12:04 -------- d-----w- c:\programdata\Malwarebytes

2013-02-14 12:04 . 2013-02-14 12:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-14 12:04 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-14 12:04 . 2013-02-14 12:04 -------- d-----w- c:\users\Sander\AppData\Local\Programs

2013-02-14 11:56 . 2013-02-14 11:56 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-02-14 11:39 . 2013-02-14 11:39 -------- d-----w- c:\program files\HitmanPro

2013-02-14 11:38 . 2013-02-14 11:56 -------- d-----w- c:\programdata\HitmanPro

2013-02-14 09:50 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:50 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 10:10 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 10:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 10:09 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 10:09 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 10:08 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 10:08 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 10:08 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 10:08 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 10:08 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 10:08 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 10:08 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 10:08 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-12 21:45 . 2013-02-12 21:45 -------- d-----w- c:\programdata\Babylon

2013-02-12 21:44 . 2013-02-12 21:46 -------- d-----w- c:\users\Sander\AppData\Local\Songr

2013-02-12 09:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{304783D6-EBF8-4108-AB2F-9AD44459D1CC}\mpengine.dll

2013-02-11 12:11 . 2013-02-11 12:11 -------- d-----w- c:\users\Sander\AppData\Roaming\Publish Providers

2013-02-11 12:03 . 2013-02-11 12:11 -------- d-----w- c:\users\Sander\AppData\Local\Sony

2013-02-11 12:03 . 2013-02-11 12:03 -------- d-----w- c:\programdata\Sony

2013-02-11 12:03 . 2013-02-11 12:03 -------- d-----w- c:\program files\Sony

2013-02-11 12:03 . 2013-02-11 12:03 -------- d-----w- c:\program files (x86)\Sony

2013-02-11 12:03 . 2013-02-11 14:13 -------- d-----w- c:\users\Sander\AppData\Roaming\Sony

2013-02-11 00:42 . 2013-02-14 12:26 -------- d-s---w- c:\users\Sander\Google Drive

2013-02-05 10:13 . 2013-02-05 10:13 -------- d-----w- c:\users\Sander\AppData\Local\Apple Computer

2013-02-05 10:13 . 2013-02-05 10:29 -------- d-----w- c:\users\Sander\AppData\Roaming\Apple Computer

2013-02-05 10:13 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-02-05 10:12 . 2013-02-05 10:12 -------- d-----w- c:\program files\iPod

2013-02-05 10:12 . 2013-02-05 10:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-05 10:12 . 2013-02-05 10:13 -------- d-----w- c:\program files\iTunes

2013-02-05 10:12 . 2013-02-05 10:13 -------- d-----w- c:\program files (x86)\iTunes

2013-02-05 10:12 . 2013-02-05 10:12 -------- d-----w- c:\programdata\Apple Computer

2013-02-05 10:11 . 2013-02-05 10:11 -------- d-----w- c:\users\Sander\AppData\Local\Apple

2013-02-05 10:10 . 2013-02-05 10:10 -------- d-----w- c:\program files (x86)\Apple Software Update

2013-02-05 10:10 . 2013-02-05 10:10 -------- d-----w- c:\program files\Common Files\Apple

2013-02-05 10:10 . 2013-02-05 10:10 -------- d-----w- c:\program files\Bonjour

2013-02-05 10:10 . 2013-02-05 10:10 -------- d-----w- c:\program files (x86)\Bonjour

2013-02-05 10:10 . 2013-02-05 10:12 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-02-05 10:10 . 2013-02-05 10:10 -------- d-----w- c:\programdata\Apple

2013-01-28 22:50 . 2013-01-28 22:50 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 12:34 . 2012-11-08 16:38 387 ----a-w- c:\users\Sander\AppData\Roaming\sp_data.sys

2013-02-14 09:54 . 2012-11-09 11:21 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-07 22:15 . 2012-11-08 16:56 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-07 22:15 . 2012-11-08 16:56 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-17 00:28 . 2012-11-11 13:47 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-04 04:43 . 2013-02-13 10:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-23 14:28 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-23 14:28 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-23 14:28 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-23 14:28 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 12:33 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 12:33 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 12:33 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 12:33 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 12:33 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 12:33 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 12:33 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 12:33 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 12:33 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 12:33 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 12:33 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 12:33 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 12:33 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 12:33 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 12:33 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 12:33 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 12:33 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 12:33 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 12:33 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 12:33 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 12:33 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 12:33 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 12:33 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 12:33 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 12:33 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 12:33 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 12:33 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 12:33 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 12:33 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 12:33 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 12:33 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-07 10:46 . 2013-01-09 12:33 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-11-30 05:45 . 2013-01-09 12:32 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 12:32 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 12:32 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 12:32 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 12:32 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 12:32 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 12:32 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Spotify"="c:\users\Sander\AppData\Roaming\Spotify\Spotify.exe" [2012-11-08 7880664]

"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2013-01-13 980376]

"Spotify Web Helper"="c:\users\Sander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-08 1199576]

"Facebook Update"="c:\users\Sander\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-30 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-23 3331312]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2012-02-06 303808]

"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2012-02-06 1655488]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Skjermutklipp og hurtigstart for OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys [2010-05-26 12416]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-21 34200]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-09 1255736]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-02-06 42048]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-02-06 27328]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-11-11 56016]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-02-06 62016]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-02-06 46848]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-02-06 95136]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-02-06 15040]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-12 135952]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 fsdevcon;F-Secure Device Control Daemon;c:\program files (x86)\F-Secure\Device Control\\fsdevcon64.exe [2012-02-06 517824]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-02-14 108904]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-29 363800]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]

S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 35968]

S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 16512]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2013-01-08 199736]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-02-06 62144]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-21 25496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2011-12-28 292456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-31 19:07 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 22:15]

.

2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2931694557-2834929439-3149579305-1001Core.job

- c:\users\Sander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-30 00:06]

.

2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2931694557-2834929439-3149579305-1001UA.job

- c:\users\Sander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-30 00:06]

.

2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 06:07]

.

2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 06:07]

.

2013-02-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

2013-02-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=e094a2d2000000000000685d43a94b1b

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\gbwet39f.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - prefs.js: browser.startup.homepage - about:home

FF - ExtSQL: 2013-01-30 16:40; [email protected]; c:\users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\gbwet39f.default\extensions\[email protected]

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - e094a2d2000000000000685d43a94b1b

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15748

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.022:45

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

- - - - TOMME PEKERE FJERNET - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files (x86)\F-Secure\Anti-Virus\FSGK32.EXE

c:\program files (x86)\F-Secure\Common\FSMA32.EXE

c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\F-Secure\Common\FNRB32.EXE

c:\program files (x86)\F-Secure\Anti-Virus\fssm32.exe

c:\program files (x86)\F-Secure\Common\FIH32.EXE

c:\windows\SysWOW64\ACEngSvr.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\F-Secure\Anti-Virus\fsav32.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Asus\AsusVibe\AsusVibe2.0.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2013-02-14 13:40:18 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2013-02-14 12:40

.

Pre-Run: 80 038 010 880 byte ledig

Post-Run: 79 692 697 600 byte ledig

.

- - End Of File - - 5462D9C6F0B05D7145C00DE377010702

 

 

MBAM logg

 

Malwarebytes Anti-Malware (Prøveversjon) 1.70.0.1100

www.malwarebytes.org

Databaseversjon: v2013.02.14.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sander :: SANDER-PC [administrator]

Beskyttelse: Aktivert

14.02.2013 13:11:51

mbam-log-2013-02-14 (13-11-51).txt

Skanntype: Hurtigsøk

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 236127

Tid tilbakelagt: 35 sekund(er)

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0

(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0

(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0

(Ingen skadelige objekter funnet)

Mapper oppdaget: 0

(Ingen skadelige objekter funnet)

Filer oppdaget 0

(Ingen skadelige objekter funnet)

(klar)

 

 

Tusen hjertelig takk for svar!

[GeirGrusom]

Hva er c:\windows\system32\bootdelete.exe?

[Grand]

Hitman Pro 3.5 BootDelete kom opp som beskrivelse.

[Dr.Geek]

Hai,

 

jeg går utfra at "Delta Search" er problemet, ser dette i loggen. Funnene fra Combofix er merkelig: Mange filer som er programert i "Python programerings språk". Kjenner du noe til dette? http://www.portablepython.com/

http://www.wxwidgets.org/about/

 

Fjerne Delta Search:

 

Last ned pg kjør adw cleaner som Administrator:

http://www.bleepingc...oad/adwcleaner/ (Først scan så delete)

 

Fant HitmanPro noe? Noe meldinger fra F-secure?

Endret 14. februar 2013 av TheGenius

[Grand]

Jeg er veldig usikker på hva Python er, og har ingen kjennskap til hvordan det har kommet på dataen. Leste litt rundt om Python, men klarte ikke å finne noen sammenheng med program jeg har installert tidligere og Python.

 

F - Secure fant ingenting, men Hitmanpro fant noe, jeg var kanskje litt korttenkt og fjernet det uten å notere det ned..

 

Men jeg fikk fjernet Delta Search nå hvertfall!

Endret 14. februar 2013 av Sno

[quantum]

Jeg er veldig usikker på hva Python er, og har ingen kjennskap til hvordan det har kommet på dataen.

Python er et ganske utbredt script-språk. Hvis du skal kjøre et program skrevet i Python behøves en Python runtime for å tolke det. Litt - men ikke helt - på samme måte som et Java-program trenger en JVM for å kjøre. Sannsynligvis har Python blitt installert når du har installert et annet program skrevet i Pyton.

 

Hvis du vil kan du prøve å rename mappen som Python er installert i. Hvis "noe" slutter å virke vet du antagelig hvordan python er blitt installert. Har du tenkt å bruke programmet som sluttet å virke renamer du bare python-mappa tilbake til det opprinnelige navnet, hvis ikke kan du slette både den og programmet som sluttet å funke.

Endret 14. februar 2013 av quantum

[Dr.Geek]

 

 

Men jeg fikk fjernet Delta Search nå hvertfall!

 

Bra. adw cleaner gjorde jobben sin.

 

Treg PC: Kan være mange grunner til det. Deinstall software du ikke trenger, ta ut unødvendige programer ut av autostart og slett Temp filer. Mye av det kan gjøres med: http://www.piriform.com/ccleaner

 

Anbefaler deg også videre Antivirusscan med ESET: http://www.eset.com/us/online-scanner/ Post log.

[Grand]

Jeg installerte det antivirusprogrammet, og da låste dataen helt. Jeg fikk ikke åpnet noe som helt og det kom opp feilmeldinga "Microsoft Windows har sluttet å fungere" Så jeg måtte ta systemgjengoppretting.

[Dr.Geek]

Det er ingen som sa noe om at du skulle installere et Antivirus-programm:

 

Linken heter: online-scanner og henviser til en Online-Scan med Eset.

[kkleive]

Hai,

 

jeg går utfra at "Delta Search" er problemet, ser dette i loggen. Funnene fra Combofix er merkelig: Mange filer som er programert i "Python programerings språk". Kjenner du noe til dette? http://www.portablepython.com/

http://www.wxwidgets.org/about/

 

Fjerne Delta Search:

 

Last ned pg kjør adw cleaner som Administrator:

http://www.bleepingc...oad/adwcleaner/ (Først scan så delete)

 

Fant HitmanPro noe? Noe meldinger fra F-secure?

Jeg hadde også Deltasearch på maskinen, som var umulig å få fjernet i Firefox. Alle andre nettlesere klarte jeg å få DS fjernet. Men adwcleaner fixet Firefox for meg, så takk for tipset her!