Virus på min venns pc

[G]

Ok, nå har jeg forsøkt rydde på min venns PC. Det tok sin tid. Og jeg er ikke 100 % sikker at alt er vekk. Men, jeg har kjørt flere sikkerhetsprogrammer i sirkel for å komme mye av dritten til livs.

Men har jeg kommet det til livs, uten å reinstallere hele Windowsen? Det er alltid det store spørsmålet. Dessuten hadde det ikke hjulpet å reinstallere Windows på en slik maskin, hvor man har en bruker som ikke har kontroll på hva han selv innstallerer.

Denne artikkel er skillet ut fra følgende tidligere innlegg:

https://www.diskusjon.no/index.php?showtopic=1574562&page=1&&do=findComment&comment=21524003

Også har jeg postet en ny oppsummering av det jeg sysslet med der i en ny tråd igjen. Som nok er ryddigere (for ZenSearch - "plagevaren"):

https://www.diskusjon.no/index.php?showtopic=1575126

 

Her er noe av det jeg fant. Poster mer i neste innlegg:

Ellers må jeg få vise tre skann med HitmanPro. Måtte kjøre HitmanPro og i kombinasjon med flere av de andre verktøyene som jeg hadde for hånden i sirkel. 3 ganger på HitmanPro før funn-skjermen gikk i blå farge istedetfor den røde når den finner noe dritt:

 

Endret 5. april 2014 av G

[G]

Unnskyld for mine mange feil. Oppsummert:

1. Jeg var uheldig og ville innstallere hurtig noe CD-brenneprogram for å lage boot-CD for å kunne skanne datamaskinen til vennen min. Men, det var da jeg kom i fare for å akseptere for mange ja underveis, uten å få tenkt meg om først. Uff.

Sånn sett føler jeg at jeg er en litt uskyldig men skyldig part. Er helt sikker på at vennen min har brukt PC'en uvørent før jeg begynte å klå på den. Men at jeg da kommer i fare for å få dårlig samvittighet for å legge på litt ekstra PUP (potential unwanted Programs).

 

Jeg er litt samvittighetsfull av meg, og har derfor forsøkt rydde opp. Har nok til og med fjernet noe som ellers ville ha levd sitt liv på den PC'en.

2. Jeg kan ikke akkurat si at jeg elsker Windows og heller ikke å rydde opp i sånt helvete. Ren reinnstallering av OS er jo å foretrekke. Men jeg gidder ikke sitte med ekstra-innstallasjoner i bøtter og spann, og måtte konfigurere alt hva han hadde fra bunn av. Sorry, der går grensen. Kunne alltid ha gjort det. Men er blitt litt møkklei sånne arbeidsoppgaver etterhvert.

3. Jeg har ikke orket å dokumentere med screenshots i riktig rekkefølge, og noen av screenshots'ene er tatt også etter at jeg har kommet i gang og hatt suksess med fjerning av enkelte av de ekle programvarerestene. Så dere får ha meg unnskyldt.

Jeg hadde jo kun begrenset antall timer på meg, denne arbeidsdagen.

Også loggene viser kanskje ikke all Malware som lå på systemet før start. Unnskyld IGJEN. Det gir likevel litt av helhetsbilde om hvor infisert en PC kan bli.

Så her er noen logger:


AdwCleaner[R0].txt

# AdwCleaner v3.023 - Report created 04/04/2014 at 16:00:06
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : -------------- - --------------
# Running from : F:\__MY-FILES\Anti-malware\AdwCleaner\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Common Files\337
Folder Found C:\Program Files (x86)\FromDocToPDF_65
Folder Found C:\Program Files (x86)\Web Protect
Folder Found C:\Users\--------------\AppData\Local\FromDocToPDF_65
Folder Found C:\Users\--------------\AppData\LocalLow\FromDocToPDF_65

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Found : HKCU\Software\FromDocToPDF_65
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : [x64] HKCU\Software\FromDocToPDF_65
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\Software\FromDocToPDF_65
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Found : HKLM\Software\V9
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\--------------\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9777 octets] - [04/04/2014 16:00:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9837 octets] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by ------------- on 2014-04-04 at 15:01:23,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\--------------\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\--------------\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Users\--------------\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\--------------\appdata\local\{B2D4D64B-D74B-4799-90AE-5154E380E4CC}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-04-04 at 15:04:48,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fra DDS.SCR

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 2012-09-10 08:29:27
System Uptime: 2014-04-04 15:34:03 (0 hours ago)
.
Motherboard: Dell Inc. | | 0YJPT1
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 21,929 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 926,237 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP271: 2014-03-30 01:42:07 - Windows Update
RP272: 2014-03-30 19:00:19 - Windows Sikkerhetskopiering
RP273: 2014-04-02 04:27:29 - Windows Update
RP274: 2014-04-03 03:00:10 - Windows Update
RP275: 2014-04-04 15:09:03 - Norton_Power_Eraser_20140404150902784
RP276: 2014-04-04 15:13:42 - Removed Java 7 Update 9
RP277: 2014-04-04 15:17:35 - Installed Java 7 Update 51
RP278: 2014-04-04 15:49:17 - Windows Update
.
==== Installed Programs ======================
.
MFC-9840CDW
ActKey
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9) MUI
Apple-programsupport
Apple Software Update
ASUS nVidia Driver
Atheros Bluetooth Suite (64)
Brother BRAdmin Light 1.09
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Support Center
Dell WLAN and Bluetooth Client Installation
DivX Setup
doPDF 7.3 printer
Free PDF to Word Doc Converter v1.1
FromDocToPDF Toolbar
Google Chrome
Google SketchUp 8
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPTInstaller
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Norwegian (Bokmål)) 2010
Microsoft Office Proof (Norwegian (Nynorsk)) 2010
Microsoft Office Proofing (Norwegian (Bokmål)) 2010
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision-driver 311.06
NVIDIA Driver for HD-lyd 1.2.24.0
NVIDIA Driver til 3D Vision-kontroller 285.62
NVIDIA Grafikkdriver 311.06
NVIDIA Install Application
NVIDIA kontrollpanel 311.06
NVIDIA oppdateringer 1.11.3
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA PhysX systemprogramvare 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
OKI ActKey
OKI Alert Info
OKI Color Swatch Utility
OKI Configuration Tool
OKI Device Setting
OKI MC5(3)x2/ES5(3)4x2 Scanner
OKI Network Extension
OKI Network Setting
OKI PDF Print Direct
OKI Print Job Accounting Client
OKI Storage Manager
OKI User Setting
QuickTime
Realtek High Definition Audio Driver
ScannerDriver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
SelectionLinks
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Transfer MyPC
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
USBDriversLite
VC80CRTRedist - 8.0.50727.6195
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

Fra DDS.SCR

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by -------------- at 15:50:18 on 2014-04-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1044.18.8155.5706 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\monitor.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
D:\Adobe Acrobat XI Pro\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Påloggingshjelp for Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
mRun: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~2\FROMDO~2\bar\1.bin\65brmon.exe
mRun: [Acrobat Assistant 8.0] "D:\Adobe Acrobat XI Pro\Acrobat\Acrotray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Gorm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKJERM~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Konverter koblingsmål til en Adobe PDF-fil - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter til Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Tilføy koblingsmål til en eksisterende PDF-fil - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Tilføy til eksisterende PDF-fil - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 212.33.131.67 212.33.135.184
TCP: Interfaces\{4912CB7F-B88F-421B-80FA-CC864B7454C6} : DHCPNameServer = 212.33.131.67 212.33.135.184
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mCustomizeSearch = hxxp://www.awesomehp.com/web/?type=ds&ts=1392379705&from=adks&uid=CorsairXForceXGT_12387905000014820279&q={searchTerms}
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Network Configuration] C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe /RunWithOS
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver for Intel® USB 3.0 vertskontrollerbryter;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-29 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 MpKsl257c3800;MpKsl257c3800;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9A305EA-1A02-4D17-B0DD-7AFD5C070A9D}\MpKsl257c3800.sys [2014-4-4 45352]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-8-30 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-29 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 OpLclSrv;OKI Local Port Manager;C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [2013-6-14 181760]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-8-29 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-29 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-8-29 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 IntcDAud;Intel® Skjermlyd;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-30 331264]
R3 iusb3hub;Driver for Intel® USB 3.0 hub;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-29 356120]
R3 iusb3xhc;Driver for Intel® USB 3.0 utvidbar vertskontroller;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-29 787736]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-30 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe [2014-2-13 34244]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2014-3-9 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-11 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-04 13:45:53 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9A305EA-1A02-4D17-B0DD-7AFD5C070A9D}\offreg.dll
2014-04-04 13:45:53 45352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9A305EA-1A02-4D17-B0DD-7AFD5C070A9D}\MpKsl257c3800.sys
2014-04-04 13:43:46 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9A305EA-1A02-4D17-B0DD-7AFD5C070A9D}\mpengine.dll
2014-04-04 13:19:07 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-04 13:17:48 -------- d-----w- C:\ProgramData\Oracle
2014-04-04 13:17:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-04 13:06:07 -------- d-----w- C:\Users\--------------\AppData\Local\NPE
2014-04-04 13:06:07 -------- d-----w- C:\ProgramData\Norton
2014-04-04 13:01:22 -------- d-----w- C:\Windows\ERUNT
2014-04-04 12:30:07 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-04-04 12:30:04 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-04-04 12:30:04 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-04-04 01:50:01 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35D5D5F7-4645-4377-BDC8-BBB0868C5CD7}\gapaengine.dll
2014-04-04 01:49:54 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-11 21:06:07 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 21:06:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 21:06:07 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 21:06:07 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-09 14:25:01 -------- d-----w- C:\Program Files (x86)\HTC
2014-03-09 14:24:44 33736 ----a-w- C:\Windows\System32\drivers\ANDROIDUSB.sys
2014-03-09 14:24:44 1122664 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-03-09 14:24:43 -------- d-----w- C:\ProgramData\HTC
.
==================== Find3M ====================
.
2014-03-12 08:51:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 08:51:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 08:51:22 5128584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 07:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-13 14:12:36 487517 ----a-w- C:\monitor.exe
2014-02-13 13:43:24 34244 ----a-w- C:\monitorsvc.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-24 23:19:42 268512 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-08 06:08:30 330624 ----a-w- C:\Windows\System32\PCProtect64.dll
.
============= FINISH: 15:50:27,77 ===============

 

Endret 4. april 2014 av G

[r2d290]

Tar en titt på loggene i morgen

[r2d290]

Hei igjen

 

Det ser ikke ut til at AdwCleaner har slettet det den har funnet. Du kan se av loggen at det står "Key found" og Folder Found". Når de er slettet skal det stå "Folder deleted" og "Key deleted".

 

Kjør AdwCleaner en gang til med følgende instruksjoner. Husk at det er rapporten etter at du har trykket på "Clean" som er av interesse.

 

• Dobbelklikk på AdwCleaner.exe for å kjøre verktøyet
• Klikk på Scan knappen og vent til prosessen er ferdig.
• Klikk på Report knappen. Dette vil åpne rapporten i Notepad.
• MERK: Hvis du får en feilmelding, betyr det bare at ingenting ble funnet. Avslutt AdwCleaner.
• Klikk på Clean knappen, og følg veiledningen
• En logg-fil vil automatisk åpne seg etter søket er ferdig og pc-en er restartet.
• Vennligst post innholdet av denne logg-filen i ditt neste svar.
• Du kan finne denne loggfilen på C:\AdwCleaner

 

Post deretter en ny logg fra DDS.

 

Så for å oppsummere:

• Kjør en ny runde med AdwCleaner. Se til at den fjerner det den finner, og post logg.
• Kjør ny runde med DDS og post logg.

[G]

Forstår. Har ikke direkte tilgang til den PC'en til en hver tid. Mulig jeg kan stikke innom og fortelle at jeg skal sjekke om ting har forsvunnet.

 

Jeg glemte at du har Moderatorrettigheter. Artig at du skillet ut den biten. Liker å ha lenker til steder ting har tilhørt. Så tilføyer det selv nå.

 

EDIT:

Det kan ta litt tid før jeg får gjort det da. Sett på det igjen.

Endret 5. april 2014 av G

[r2d290]

Ja, burde ha gjort det.

 

Hører fra deg

Endret 6. april 2014 av r2d290