Datorn går otroligt långsamt och sökmotorn "Trovi" syns i chrome

[Digital_orf]

Hej!

Jag brukar alltid vara väldigt försiktig med vad jag tankar hem och vara extra noga med att kryssa ur eventuella "gratiserbjudanden av mjukvara" då jag installerar något nytt. Jag måste dock ha tabbat mig, för nu har jag någon sökmotor som kallas trovi som kommer upp under en flik så fort jag startar Chrome. Har kört med AVG men inte hittat något och jag kan inte hitta programmet under avinstallera program i kontrollpanelen.

Någon som vet hur jag skall gå tillväga? Antar att jag inte är den första?

 

Tack på förhand

[Cecilia]

Hej!

 

Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

[Digital_orf]

Sådär då! Men finns det inget alternativ för att kopiera in koden i ett inlägg som kan expanderas om läsaren själv vill?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02

Ran by Johan (administrator) on JOHAN-DATOR on 29-09-2014 16:46:17

Running from C:\Users\Johan\Desktop

Loaded Profile: Johan (Available profiles: Johan)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Dipritec AB) C:\Program Files\Cirrato\cirratosrv.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Dipritec AB) C:\Program Files\Cirrato\CirratoClient.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Massachusetts Institute of Technology) C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe

(Dropbox, Inc.) C:\Users\Johan\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Massachusetts Institute of Technology) C:\Program Files (x86)\MIT\Kerberos\bin\krbcc32s.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)

HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [CirratoClient] => C:\Program Files\Cirrato\CirratoClient.exe [536576 2009-03-27] (Dipritec AB)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)

Winlogon\Notify\MIT_KFW-x32: C:\Windows\SysWOW64\kfwlogon.dll (Massachusetts Institute of Technology.)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [Google Update] => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [Facebook Update] => C:\Users\Johan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-28] (Facebook Inc.)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [spotify Web Helper] => C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-17] (Spotify Ltd)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Johan\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid b0505194c25d47d0b6c3ada0951f5833-0b72619f1636449f0cbf21a2303b3f3e5cf8e2a9 --CMPID 0913b

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-3183544866-3733486002-2271382909-1001\...\MountPoints2: {08ab8025-de3a-11e1-a4cf-7ce9d3fbb1c0} - G:\Startme.exe

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Identity Manager.lnk

ShortcutTarget: Network Identity Manager.lnk -> C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe (Massachusetts Institute of Technology)

Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Johan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {82CAAA01-6739-4B29-AFB1-DB82EA6E3578} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {82CAAA01-6739-4B29-AFB1-DB82EA6E3578} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKCU - {82CAAA01-6739-4B29-AFB1-DB82EA6E3578} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 143.169.252.201 143.169.252.202

 

FireFox:

========

FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\n4x0l1s5.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Johan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

FF Extension: Adblock Plus - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\n4x0l1s5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-26]

FF Extension: Adblock Edge - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\n4x0l1s5.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-09-26]

 

Chrome: 

=======

CHR Profile: C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-09-29]

CHR Extension: (Google Docs) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]

CHR Extension: (Google Drive) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]

CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]

CHR Extension: (Facebook Events on Google Calendar™) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnidmlmpjaemlbpiejlgdekhkcfhbejp [2014-08-19]

CHR Extension: (Google Search) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]

CHR Extension: (Type-ahead-find) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpecbmjeidppdiampimghndkikcmoadk [2014-08-19]

CHR Extension: (Website Logon) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2013-04-26]

CHR Extension: (AdBlock Premium) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-08-19]

CHR Extension: (AdBlock) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]

CHR Extension: (Add Facebook Events to Google Calendar™) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcimpbhnilcgolicdnepifecokinjof [2014-08-19]

CHR Extension: (Google Drive Client Native Proxy) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknebiagdodnminbdpflhpkgfpeijdbf [2014-08-10]

CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

CHR Extension: (Gmail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Johan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-16]

CHR HKCU\...\Chrome\Extension: [nknebiagdodnminbdpflhpkgfpeijdbf] - C:\Users\Johan\AppData\Local\Google\Drive\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx [2014-08-08]

CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]

CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 Cirrato; C:\Program Files\Cirrato\cirratosrv.exe [798720 2009-03-27] (Dipritec AB) [File not signed]

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]

S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-25] (DT Soft Ltd)

S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-10-18] (Line 6)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 16:46 - 2014-09-29 16:48 - 00025668 _____ () C:\Users\Johan\Desktop\FRST.txt

2014-09-29 16:46 - 2014-09-29 16:46 - 00000000 ____D () C:\FRST

2014-09-29 16:24 - 2014-09-29 16:24 - 00791393 _____ (Lars Hederer ) C:\Users\Johan\Desktop\erunt-setup.exe

2014-09-29 16:18 - 2014-09-29 16:18 - 02108928 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe

2014-09-29 15:50 - 2014-09-29 16:25 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-29 15:50 - 2014-09-29 15:50 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-09-29 15:50 - 2014-09-29 15:50 - 00000967 _____ () C:\ProgramData\Desktop\Steam.lnk

2014-09-29 15:37 - 2013-09-01 13:35 - 00000000 ____D () C:\Users\Johan\Desktop\Steam

2014-09-29 15:36 - 2014-09-29 15:37 - 204492857 _____ () C:\Users\Johan\Desktop\Steam.zip

2014-09-29 15:32 - 2014-09-29 15:32 - 01142392 _____ () C:\Users\Johan\Downloads\SteamSetup (1).exe

2014-09-29 15:26 - 2014-09-29 15:26 - 01142392 _____ () C:\Users\Johan\Downloads\SteamSetup.exe

2014-09-29 14:59 - 2014-09-29 14:59 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab

2014-09-28 21:20 - 2014-09-28 21:20 - 00128995 _____ () C:\Users\Johan\Downloads\Gorgoroth - Unchain My Heart (Pro).gp5

2014-09-28 17:55 - 2014-09-28 17:55 - 00063532 _____ () C:\Users\Johan\Downloads\Ghost - Ritual (Pro) (2).gp5

2014-09-28 17:03 - 2014-09-28 17:03 - 00074107 _____ () C:\Users\Johan\Downloads\Kent - Mannen I Den Vita Hatten 16 R Senare (Pro).gp4

2014-09-26 22:49 - 2014-09-26 22:49 - 00000000 ____D () C:\Users\Johan\AppData\Local\Macromedia

2014-09-26 22:42 - 2014-09-26 22:44 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla

2014-09-26 22:41 - 2014-09-26 22:41 - 00000000 ____D () C:\ProgramData\Mozilla

2014-09-26 22:41 - 2014-09-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-26 22:41 - 2014-09-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-24 09:55 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 09:55 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-14 13:06 - 2014-09-27 11:16 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohan

2014-09-14 13:06 - 2014-09-27 11:16 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJohan.job

2014-09-12 05:38 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-12 05:38 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-12 05:38 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-12 05:38 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-12 05:38 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-12 05:38 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-12 05:38 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-12 05:38 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-12 05:38 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-12 05:38 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-12 05:38 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-12 05:38 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-12 05:38 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-12 05:38 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-12 05:38 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-12 05:38 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-12 05:38 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 05:38 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-12 05:38 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-12 05:38 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-12 05:38 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-12 05:38 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-12 05:38 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-12 05:38 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-12 05:38 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-12 05:38 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-12 05:38 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-12 05:38 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-12 05:38 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-12 05:38 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-12 05:38 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 05:38 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-12 05:38 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-12 05:38 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-12 05:38 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-12 05:37 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-12 05:37 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-12 05:37 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-12 05:37 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-12 05:37 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-12 05:37 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-12 05:37 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-12 05:37 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-12 05:37 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-12 05:37 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-12 05:37 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-12 05:37 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-12 05:37 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-12 05:37 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-12 05:37 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-12 05:37 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-12 05:37 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-12 05:37 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-12 05:37 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-12 05:37 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-12 05:37 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-12 05:23 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-12 05:23 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 19:04 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 19:04 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 19:03 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-10 19:03 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-10 19:03 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 19:03 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 19:03 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 19:03 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 19:03 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 19:03 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 19:03 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-08-30 22:56 - 2014-08-30 23:17 - 00000000 ____D () C:\Users\Johan\Desktop\GlovePie

2014-08-30 19:59 - 2014-08-30 20:02 - 00007081 _____ () C:\Users\Johan\Documents\Uninstall Mass Effect 2.log

2014-08-30 19:47 - 2014-08-30 19:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf

2014-08-30 17:21 - 2014-08-30 17:22 - 08388608 ____R () C:\Users\Johan\Downloads\Super Mario 64 # N64.N64

2014-08-30 17:19 - 2014-08-30 17:19 - 03703013 _____ () C:\Users\Johan\Downloads\Project64 2.1.rar

2014-08-30 17:19 - 2014-08-30 17:19 - 00000000 ____D () C:\Users\Johan\Desktop\Project64 2.1

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 16:46 - 2012-08-31 11:38 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-29 16:46 - 2012-07-12 19:08 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype

2014-09-29 16:28 - 2012-08-28 16:23 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3183544866-3733486002-2271382909-1001UA.job

2014-09-29 16:28 - 2012-08-28 16:23 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3183544866-3733486002-2271382909-1001Core.job

2014-09-29 16:18 - 2012-03-02 00:33 - 01911723 _____ () C:\Windows\WindowsUpdate.log

2014-09-29 16:14 - 2012-07-12 19:26 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183544866-3733486002-2271382909-1001UA.job

2014-09-29 16:07 - 2012-09-26 13:02 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-29 16:05 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-29 16:05 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-29 15:56 - 2012-07-31 22:47 - 00000000 ___RD () C:\Users\Johan\Dropbox

2014-09-29 15:55 - 2012-09-26 13:03 - 00000000 ___RD () C:\Users\Johan\Google Drive

2014-09-29 15:55 - 2012-07-31 22:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Dropbox

2014-09-29 15:54 - 2012-09-26 13:02 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-29 15:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-29 15:54 - 2009-07-14 06:51 - 00290714 _____ () C:\Windows\setupact.log

2014-09-29 15:53 - 2010-11-21 05:47 - 00917182 _____ () C:\Windows\PFRO.log

2014-09-29 15:51 - 2013-04-24 08:29 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Spotify

2014-09-29 15:50 - 2012-12-23 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-09-29 15:42 - 2012-07-28 14:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\uTorrent

2014-09-29 14:59 - 2012-08-19 13:19 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-09-29 14:57 - 2013-04-24 08:29 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify

2014-09-29 11:57 - 2012-07-12 19:24 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-29 02:00 - 2012-07-25 11:21 - 00000000 ____D () C:\Users\Johan\AppData\Local\Adobe

2014-09-28 23:14 - 2012-07-12 19:26 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183544866-3733486002-2271382909-1001Core.job

2014-09-28 20:23 - 2012-07-12 19:09 - 00003936 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F432FBA8-2EAF-45D7-A812-0AA3BEBF0000}

2014-09-28 14:08 - 2014-06-25 19:40 - 00450048 ___SH () C:\Users\Johan\Desktop\Thumbs.db

2014-09-28 02:30 - 2012-07-30 20:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps

2014-09-27 01:52 - 2012-07-12 21:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc

2014-09-26 22:46 - 2012-08-31 11:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-26 22:46 - 2012-08-31 11:38 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-26 22:46 - 2011-11-16 23:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-26 22:44 - 2012-08-21 17:09 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla

2014-09-25 06:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-24 14:20 - 2014-08-21 19:00 - 00028795 _____ () C:\Users\Johan\Desktop\Löksmurfen.gp5

2014-09-22 12:31 - 2011-11-16 23:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-09-22 12:23 - 2011-11-16 23:17 - 00000000 ____D () C:\ProgramData\Skype

2014-09-19 21:12 - 2012-07-21 02:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-09-19 21:12 - 2012-07-13 23:43 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-09-18 20:39 - 2012-12-19 12:43 - 00002595 _____ () C:\Windows\wininit.ini

2014-09-18 20:39 - 2012-07-31 22:46 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-15 21:07 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-14 13:04 - 2012-07-12 19:05 - 00000000 ____D () C:\Users\Johan

2014-09-12 05:43 - 2012-11-15 23:08 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-12 05:35 - 2012-03-02 00:43 - 01556052 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-12 05:35 - 2011-11-16 21:52 - 00664052 _____ () C:\Windows\system32\perfh01D.dat

2014-09-12 05:35 - 2011-11-16 21:52 - 00142820 _____ () C:\Windows\system32\perfc01D.dat

2014-09-12 05:34 - 2013-08-14 15:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-12 05:34 - 2009-07-14 07:13 - 01556052 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-12 05:24 - 2012-09-20 11:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-12 05:23 - 2014-05-07 11:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-09 07:59 - 2009-07-14 06:45 - 05045448 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-06 12:41 - 2012-07-12 19:11 - 00113680 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-02 20:48 - 2014-03-31 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-30 20:14 - 2012-10-18 13:25 - 00000000 ____D () C:\Users\Johan\AppData\Local\Boss Media

2014-08-30 20:14 - 2012-10-18 13:25 - 00000000 ____D () C:\ProgramData\Boss Media

2014-08-30 19:59 - 2011-11-16 23:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-08-30 19:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-08-30 19:57 - 2012-10-01 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO

2014-08-30 19:57 - 2012-10-01 19:24 - 00000000 ____D () C:\Program Files (x86)\3DO

2014-08-30 19:54 - 2012-07-31 16:49 - 00000000 ____D () C:\Program Files (x86)\VstPlugins

2014-08-30 19:52 - 2011-11-16 23:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2014-08-30 19:51 - 2013-09-03 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter

2014-08-30 19:50 - 2014-04-30 02:58 - 00000000 ____D () C:\Program Files (x86)\SlySoft

2014-08-30 19:41 - 2013-12-23 13:57 - 00000000 ____D () C:\Program Files (x86)\Age of Empires II HD

 

Files to move or delete:

====================

C:\Users\Public\Aoe2AokC 2,0.exe

 

 

Some content of TEMP:

====================

C:\Users\Johan\AppData\Local\Temp\10433.exe

C:\Users\Johan\AppData\Local\Temp\23853.exe

C:\Users\Johan\AppData\Local\Temp\4STXSJGIO3.exe

C:\Users\Johan\AppData\Local\Temp\60757.exe

C:\Users\Johan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjp4xbd.dll

C:\Users\Johan\AppData\Local\Temp\Extract.exe

C:\Users\Johan\AppData\Local\Temp\HPHelpUpdater.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Johan\AppData\Local\Temp\L6GPInst.dll

C:\Users\Johan\AppData\Local\Temp\ose00000.exe

C:\Users\Johan\AppData\Local\Temp\Resource.exe

C:\Users\Johan\AppData\Local\Temp\SHSetup.exe

C:\Users\Johan\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Johan\AppData\Local\Temp\SP56221.exe

C:\Users\Johan\AppData\Local\Temp\SP57232.exe

C:\Users\Johan\AppData\Local\Temp\SP57698.exe

C:\Users\Johan\AppData\Local\Temp\SP57965.exe

C:\Users\Johan\AppData\Local\Temp\SP58131.exe

C:\Users\Johan\AppData\Local\Temp\sp58915.exe

C:\Users\Johan\AppData\Local\Temp\SP60051.exe

C:\Users\Johan\AppData\Local\Temp\sp64126.exe

C:\Users\Johan\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Johan\AppData\Local\Temp\SRLDetectionLibrary8189537181616505470.dll

C:\Users\Johan\AppData\Local\Temp\Uninstall.exe

C:\Users\Johan\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Johan\AppData\Local\Temp\utt6635.tmp.exe

C:\Users\Johan\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Johan\AppData\Local\Temp\vlc-2.0.6-win32.exe

C:\Users\Johan\AppData\Local\Temp\vlc-2.1.1-win32.exe

C:\Users\Johan\AppData\Local\Temp\vlc-2.1.3-win32.exe

C:\Users\Johan\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 08:55

 

==================== End Of Log ============================

[Cecilia]

Kan du klistra in eller bifoga Addition.txt också?

 

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt
 

[Digital_orf]

Sådär då! Sorry att jag inte fick med Addition.txt men tydligen inte.

 

# AdwCleaner v3.310 - Report created 29/09/2014 at 17:15:49

# Updated 12/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Johan - JOHAN-DATOR

# Running from : C:\Users\Johan\Desktop\adwcleaner_3.310.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage

File Found : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage-journal

File Found : C:\Users\Johan\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Users\Johan\AppData\Local\eSupport.com

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AVG Nation toolbar

Key Found : HKCU\Software\eSupport.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\AVG Nation toolbar

Key Found : [x64] HKCU\Software\eSupport.com

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\AVG Nation toolbar

Key Found : HKLM\SOFTWARE\AVG Secure Search

Key Found : HKLM\SOFTWARE\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v32.0.3 (x86 sv-SE)

 

[ File : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\n4x0l1s5.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M0CC61C8B-4948-4019-9FF6-C9148982B681&SearchSource=58&CUI=&UM=6&UP=SPF72E06AA-EEC3-4294-949C-AAA9B96F48A3&q={searchTerms}&SSPV=

Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [4274 octets] - [29/09/2014 17:15:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4334 octets] ##########

 

Addition.txt

[Cecilia]

1. Avinstallera:

Java™ 6 Update 43
Java™ SE Development Kit 6 Update 43

Eftersom det är gamla versioner med många kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

2. Om du har någon sorts synkning i Chrome behöver du stänga av det så att Trovi-inställningen inte kommer tillbaks den vägen.

 

3. Om du inte ser något i loggen från AdwCleaner som du vill ha kvar:

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

4. Kör FRST igen och klistra in den nya FRST.txt (ingen Addition.txt denna gång).

 

5. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[Digital_orf]

Logg från ESET

 

C:\Documents and Settings\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCCHRE59\8Bd2[1].exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Documents and Settings\Johan\AppData\Local\Temp\10433.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Documents and Settings\Johan\AppData\Local\Temp\23853.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Documents and Settings\Johan\AppData\Local\Temp\60757.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Documents and Settings\Johan\AppData\Roaming\Adobe64\winucs.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Documents and Settings\Johan\Downloads\cdbxp_setup_4.5.3.4746.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Johan\Downloads\DAEMONToolsPro510-0333.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Johan\Downloads\DTLite4452-0287.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Johan\Downloads\DTLite4454-0315.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Johan\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Documents and Settings\Johan\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Documents and Settings\Johan\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Documents and Settings\Johan\Downloads\InstallFreeRARExtractFrog.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Johan\Downloads\WiseConvert.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Documents and Settings\Johan\Downloads\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us\flstudio_10.0.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Johan\Google Drive\Skolarbete\Programmering av parallelldatorer (1)\Pthreads\SoftonicDownloader_for_digital-mars-c-c-compiler.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application

C:\Program Files\Simcity\SimCity\SimCity.exe a variant of MSIL/Injector.BEE trojan

C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCCHRE59\8Bd2[1].exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Users\Johan\AppData\Local\Temp\10433.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Users\Johan\AppData\Local\Temp\23853.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Users\Johan\AppData\Local\Temp\60757.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Users\Johan\AppData\Roaming\Adobe64\winucs.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

C:\Users\Johan\Downloads\cdbxp_setup_4.5.3.4746.exe Win32/OpenCandy potentially unsafe application

C:\Users\Johan\Downloads\DAEMONToolsPro510-0333.exe Win32/OpenCandy potentially unsafe application

C:\Users\Johan\Downloads\DTLite4452-0287.exe Win32/OpenCandy potentially unsafe application

C:\Users\Johan\Downloads\DTLite4454-0315.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Johan\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Users\Johan\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Users\Johan\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Users\Johan\Downloads\InstallFreeRARExtractFrog.exe Win32/OpenCandy potentially unsafe application

C:\Users\Johan\Downloads\WiseConvert.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Users\Johan\Downloads\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us\flstudio_10.0.exe Win32/OpenCandy potentially unsafe application

C:\Users\Johan\Google Drive\Skolarbete\Programmering av parallelldatorer (1)\Pthreads\SoftonicDownloader_for_digital-mars-c-c-compiler.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application

 

AdwCleanerS0.txt

FRST.txt

[Cecilia]

1. Du har bara fått med ett par rader i slutet av FRST.txt. Försök en gång till.

 

 

2.

C:\Program Files\Simcity\SimCity\SimCity.exe a variant of MSIL/Injector.BEE trojan

Är det ett crackat program?

Ingen aning om vad det kan ställa till med i datorn.

 

 

3.

C:\Users\Johan\AppData\Roaming\Adobe64\winucs.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application

Ett program som ägnar sig åt att skapa/gräva/mina bitcoins brukar göra datorn mycket långsam.

Låt oss ta reda på mer om den mappen.

 

Spara SystemLook på Skrivbordet från: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Dubbelklicka på SystemLook-filen för att köra den.

Kopiera alla rader i rutan

:dir
C:\Users\Johan\AppData\Roaming\Adobe64
:file
C:\Users\Johan\AppData\Roaming\Adobe64\winucs.exe

och klistra in i det stora textfältet i SýstemLook.
Tryck på knappen Look för att starta sökningen.
När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

[Digital_orf]

Sådär, tog bort hela Simcity-mappen, måste varit något gammalt krafs. 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 15:17 on 30/09/2014 by Johan

Administrator - Elevation successful

 

========== dir ==========

 

C:\Users\Johan\AppData\Roaming\Adobe64 - Parameters: "(none)"

 

---Files---

api-example.c --a---- 7357 bytes [16:58 03/04/2013] [05:46 02/04/2013]

api-example.php --a---- 2174 bytes [16:58 03/04/2013] [05:46 02/04/2013]

API.class --a---- 3431 bytes [16:58 03/04/2013] [05:46 02/04/2013]

API.java --a---- 3306 bytes [16:58 03/04/2013] [05:46 02/04/2013]

diablo130302.cl --a---- 44727 bytes [16:58 03/04/2013] [05:46 02/04/2013]

diakgcn121016.cl --a---- 30802 bytes [16:58 03/04/2013] [05:46 02/04/2013]

example.conf --a---- 763 bytes [16:58 03/04/2013] [05:46 02/04/2013]

invis.vbs --a---- 78 bytes [16:58 03/04/2013] [14:28 02/07/2012]

libcurl.dll --a---- 602624 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libeay32.dll --a---- 1664000 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libidn-11.dll --a---- 192512 bytes [16:58 03/04/2013] [05:46 02/04/2013]

librtmp.dll --a---- 133632 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libssh2.dll --a---- 170496 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libusb-1.0.dll --a---- 110094 bytes [16:58 03/04/2013] [05:46 02/04/2013]

miner.php --a---- 64577 bytes [16:58 03/04/2013] [05:46 02/04/2013]

phatk121016.cl --a---- 13062 bytes [16:58 03/04/2013] [05:46 02/04/2013]

poclbm130302.cl --a---- 43810 bytes [16:58 03/04/2013] [05:46 02/04/2013]

scrypt130302.cl --a---- 23811 bytes [16:58 03/04/2013] [05:46 02/04/2013]

ssleay32.dll --a---- 352768 bytes [16:58 03/04/2013] [05:46 02/04/2013]

winucs.exe --a---- 215552 bytes [16:58 03/04/2013] [05:46 02/04/2013]

zlib1.dll --a---- 84992 bytes [16:58 03/04/2013] [05:46 02/04/2013]

 

---Folders---

None found.

 

========== file ==========

 

C:\Users\Johan\AppData\Roaming\Adobe64\winucs.exe - File found and opened.

MD5: D8CC9C5F09474C084B10F8477174F812

Created at 16:58 on 03/04/2013

Modified at 05:46 on 02/04/2013

Size: 215552 bytes

Attributes: --a----

No version information available.

 

-= EOF =-

FRST.txt

[Cecilia]

Inget att ha kvar i den mappen.

 

Starta Anteckningar.

Kopiera alla rader i rutan:

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
C:\User\Johan\AppData\Roaming\Adobe64 
EmptyTemp:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart. Datorn kommer att startas om automatiskt.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Hur fungerar datorn och Chrome nu?

[Digital_orf]

Datorn är nu betydligt snabbare. Men Trovi startas fortfarande tillsammans med Chrome

 

SystemLook 30.07.11 by jpshortstuff

Log created at 15:17 on 30/09/2014 by Johan

Administrator - Elevation successful

 

========== dir ==========

 

C:\Users\Johan\AppData\Roaming\Adobe64 - Parameters: "(none)"

 

---Files---

api-example.c --a---- 7357 bytes [16:58 03/04/2013] [05:46 02/04/2013]

api-example.php --a---- 2174 bytes [16:58 03/04/2013] [05:46 02/04/2013]

API.class --a---- 3431 bytes [16:58 03/04/2013] [05:46 02/04/2013]

API.java --a---- 3306 bytes [16:58 03/04/2013] [05:46 02/04/2013]

diablo130302.cl --a---- 44727 bytes [16:58 03/04/2013] [05:46 02/04/2013]

diakgcn121016.cl --a---- 30802 bytes [16:58 03/04/2013] [05:46 02/04/2013]

example.conf --a---- 763 bytes [16:58 03/04/2013] [05:46 02/04/2013]

invis.vbs --a---- 78 bytes [16:58 03/04/2013] [14:28 02/07/2012]

libcurl.dll --a---- 602624 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libeay32.dll --a---- 1664000 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libidn-11.dll --a---- 192512 bytes [16:58 03/04/2013] [05:46 02/04/2013]

librtmp.dll --a---- 133632 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libssh2.dll --a---- 170496 bytes [16:58 03/04/2013] [05:46 02/04/2013]

libusb-1.0.dll --a---- 110094 bytes [16:58 03/04/2013] [05:46 02/04/2013]

miner.php --a---- 64577 bytes [16:58 03/04/2013] [05:46 02/04/2013]

phatk121016.cl --a---- 13062 bytes [16:58 03/04/2013] [05:46 02/04/2013]

poclbm130302.cl --a---- 43810 bytes [16:58 03/04/2013] [05:46 02/04/2013]

scrypt130302.cl --a---- 23811 bytes [16:58 03/04/2013] [05:46 02/04/2013]

ssleay32.dll --a---- 352768 bytes [16:58 03/04/2013] [05:46 02/04/2013]

winucs.exe --a---- 215552 bytes [16:58 03/04/2013] [05:46 02/04/2013]

zlib1.dll --a---- 84992 bytes [16:58 03/04/2013] [05:46 02/04/2013]

 

---Folders---

None found.

 

========== file ==========

 

C:\Users\Johan\AppData\Roaming\Adobe64\winucs.exe - File found and opened.

MD5: D8CC9C5F09474C084B10F8477174F812

Created at 16:58 on 03/04/2013

Modified at 05:46 on 02/04/2013

Size: 215552 bytes

Attributes: --a----

No version information available.

 

-= EOF =-

[Cecilia]

Bra att datorn nu fungerar snabbare.

 

Du följde nog fel inlägg när du klistrade in den gamla filen från SystemLook i stället för Fixlog.txt.

 

Har du synkronisering i Chrome?

För då kan Trovi-inställningen laddas ner från servern till din Chrome när du startar den efter rensningen.

[Digital_orf]

Jag har inte kvar den gamla logg-filen tyvärr...

 

I synkroniseringsinställningar kan jag bocka ur appar och tillägg, jag antar att Trovi är något av dem?

Jag trodde jag hade kollat efter synkroniseringsinställningar innan men tydligen inte, fan va dumt av mig.

[Cecilia]

AdwCleaner hittade Trovi som "Search Provider", jag antar att det är samma sak som sökmotor: https://support.google.com/chrome/answer/95653?hl=sv

Men det är ju möjligt att mer har synkroniserats ner nu.

 

Har du några fler frågor innan jag skriver hur FRST mm ska avinstalleras?

[Digital_orf]

Jaha okej ja nej jag stängde av synkroniseringen men trovi är fortfarande kvar, dock går datorn betydligt snabbare och stabilare.

 

Så FRST är redo att avinstalleras.

[Cecilia]

Vi gör ett till försök med Trovi tycker jag.

 

Skanna med FRST och klistra in eller bifoga den nya FRST.txt så att jag kan se hur den sitter fast i Chrome nu.