Just nu i M3-nätverket
Gå till innehåll

Behöver hjälp med att tyda logg , inget fungerar som det ska


sheridanz

Rekommendera Poster

Hej

Finns någon som kan hjälpa mej.
Jag försöker hjälpa en kompis med hennes dator och avast säger virus och skadlig kod

Det verkar som virusprog blir stoppat då jag ska lösa problemen för det händer inget.

 

Här är loggen, hoppas jag gjort rätt nu ;)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2016
Ran by Kristina (administrator) on HEMMA (20-09-2016 19:33:10)
Running from C:\Users\Kristina\Downloads
Loaded Profiles: Kristina (Available Profiles: Kristina)
Platform: Windows 10 Home Version 1511 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: "C:\Users\Kristina\AppData\Local\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-08-16] (Realtek semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-10-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-20] (AVAST Software)
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-20] (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:e57b5ad6 /wow /dir:"C:\Program Files\AVAST Software\Avast"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce834fcf-2140-4a52-bfc6-2a1e800e0e0e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131188616072905365&GUID=D2809E83-13A4-4605-9C95-BA46E070299F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131188616072942096&GUID=D2809E83-13A4-4605-9C95-BA46E070299F
HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-530700673-802275041-1869102837-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-530700673-802275041-1869102837-1001 -> {1A117CDD-327D-424F-95CB-8BCF9CAD3B06} URL = hxxps://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-530700673-802275041-1869102837-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://se.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_togoo_16_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dse%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtAyCtCzy0D0CtDyBtD0AtN0D0Tzu0StCyBtCyDtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0DyEtBzy0Czy0CtGyByBtAyCtG0F0CyByEtGtA0AyDyEtG0BzztAyDyEyEyDtAyBtCtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyE0A0F0F0B0AzztGyEtDtCyDtGyEyDyEyCtGzztA0AtDtGyCtD0F0FtDyE0FtC0DyB0A0D2QtN0A0LzuyE%26cr%3D1467038996%26a%3Dwbf_togoo_16_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-20]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.superstart.se/
CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default [2016-09-20]
CHR Extension: (Google Presentationer) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-20]
CHR Extension: (Google Dokument) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-20]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-20]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-20]
CHR Extension: (Google Kalkylark) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-20]
CHR Extension: (Google Dokument Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-20]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-20]
CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-20] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-10-05] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-05] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-20] (AVAST Software)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-16] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2016-01-21] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-08-16] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-08-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-12-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-10-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S1 ghxgxala; \??\C:\WINDOWS\system32\drivers\ghxgxala.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-20 19:33 - 2016-09-20 19:34 - 00012601 _____ C:\Users\Kristina\Downloads\FRST.txt
2016-09-20 19:32 - 2016-09-20 19:33 - 00000000 ____D C:\FRST
2016-09-20 19:32 - 2016-09-20 19:32 - 00000000 ____D C:\Users\Kristina\Downloads\FRST-OlderVersion
2016-09-20 19:27 - 2016-09-20 19:32 - 02402816 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2016-09-20 19:12 - 2016-09-20 19:12 - 00000000 ____D C:\Users\Kristina\AppData\Local\CEF
2016-09-20 19:01 - 2016-09-20 19:01 - 00000000 ___HD C:\OneDriveTemp
2016-09-20 18:58 - 2016-09-20 19:01 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-20 18:58 - 2016-09-20 19:01 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-20 18:57 - 2016-09-20 19:13 - 00001014 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-20 18:57 - 2016-09-20 19:08 - 00004072 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-20 18:57 - 2016-09-20 19:08 - 00003840 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-20 18:57 - 2016-09-20 19:08 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-20 18:57 - 2016-09-20 18:57 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-20 18:57 - 2016-09-20 18:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-20 18:56 - 2016-09-20 18:56 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\AVAST Software
2016-09-20 18:55 - 2016-09-20 18:55 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-20 18:55 - 2016-09-20 18:55 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-09-20 18:55 - 2016-09-20 18:55 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-09-20 18:55 - 2016-09-20 18:55 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-09-20 18:55 - 2016-09-20 18:54 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-20 18:55 - 2016-09-20 18:54 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-09-20 18:54 - 2016-09-20 18:54 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-20 18:54 - 2016-09-20 18:54 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-09-20 18:54 - 2016-09-20 18:54 - 00000102 _____ C:\Users\Kristina\AppData\Roaming\WB.CFG
2016-09-20 18:53 - 2016-09-20 18:57 - 00000000 ____D C:\Program Files\AVAST Software
2016-09-20 18:52 - 2016-09-20 18:57 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-20 18:52 - 2016-09-20 18:52 - 06334848 _____ (AVAST Software) C:\Users\Kristina\Downloads\avast_free_antivirus_setup_online.exe
2016-09-20 18:49 - 2016-09-20 18:52 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{40277EE3-BB8B-465F-B093-C31454961555}
2016-09-20 18:30 - 2016-09-20 18:30 - 00003240 _____ C:\WINDOWS\System32\Tasks\{0FC3EE4B-CCE1-4DAF-A40F-CAD35D34374C}
2016-09-20 18:25 - 2016-09-20 18:25 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-09-20 18:19 - 2016-09-20 18:19 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-20 18:17 - 2016-09-20 18:17 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Skype
2016-09-11 11:10 - 2016-09-20 19:00 - 00000000 ____D C:\Users\Kristina\AppData\Local\Google
2016-09-11 11:00 - 2016-09-20 19:25 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-11 11:00 - 2016-09-20 18:38 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-11 11:00 - 2016-09-20 18:25 - 00004006 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-11 11:00 - 2016-09-11 11:32 - 00003854 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-11 09:20 - 2016-09-11 11:32 - 00000000 ____D C:\Users\Kristina\AppData\Local\Adobe
2016-09-11 09:04 - 2016-09-11 09:05 - 00000000 ____D C:\ProgramData\Uniblue
2016-09-11 08:57 - 2016-09-20 19:27 - 00000296 _____ C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job
2016-09-11 08:57 - 2016-09-20 19:00 - 00000310 _____ C:\WINDOWS\Tasks\PC-Mechanic Startup.job
2016-09-11 08:57 - 2016-09-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2016-09-11 08:57 - 2016-09-20 18:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2016-09-11 08:57 - 2016-09-11 10:16 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Uniblue
2016-09-11 08:57 - 2016-09-11 08:57 - 00003342 _____ C:\WINDOWS\System32\Tasks\PC-Mechanic Maintenance
2016-09-11 08:57 - 2016-09-11 08:57 - 00002716 _____ C:\WINDOWS\System32\Tasks\PC-Mechanic Startup
2016-09-11 08:55 - 2016-09-20 18:25 - 00002479 _____ C:\Users\Kristina\Desktop\Chromium.lnk
2016-09-11 08:55 - 2016-09-11 08:55 - 00002360 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-11 08:54 - 2016-09-11 08:58 - 00000000 ____D C:\Users\Kristina\AppData\Local\Chromium
2016-09-11 08:54 - 2016-09-11 08:56 - 01184656 _____ (Uniblue Systems Limited ) C:\Users\Kristina\Downloads\pcmechanicpm_15523713_.exe
2016-09-11 08:54 - 2016-09-11 08:56 - 00000000 ____D C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}
2016-09-11 08:53 - 2016-09-20 19:18 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}
2016-09-11 08:53 - 2016-09-20 18:53 - 00000996 _____ C:\WINDOWS\Tasks\Yahoo! Powered lonal.job
2016-09-11 08:53 - 2016-09-20 18:53 - 00000000 ____D C:\ProgramData\{30E2F581-BAA0-7F47-3C66-E105A6246ACB}
2016-09-11 08:53 - 2016-09-20 18:48 - 00000000 ____D C:\Program Files\ByteFence
2016-09-11 08:53 - 2016-09-20 18:21 - 00000000 ____D C:\Program Files (x86)\Corner Sunshine
2016-09-11 08:53 - 2016-09-11 08:55 - 00000000 ____D C:\Users\Kristina\AppData\Local\{59A06FFC-7D08-0344-1090-26AC34F8DA34}
2016-09-11 08:53 - 2016-09-11 08:53 - 74530506 _____ C:\Users\Kristina\Downloads\ChromeSetup [1].exe
2016-09-11 08:53 - 2016-09-11 08:53 - 00004092 _____ C:\WINDOWS\System32\Tasks\LaunchPreSignup
2016-09-11 08:53 - 2016-09-11 08:53 - 00004080 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered lonal
2016-09-11 08:53 - 2016-09-11 08:53 - 00002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-09-11 08:53 - 2016-09-11 08:53 - 00000254 __RSH C:\ProgramData\ntuser.pol
2016-09-11 08:51 - 2016-09-11 08:52 - 00974208 _____ ( ) C:\Users\Kristina\Downloads\ChromeSetup.exe
2016-08-29 11:24 - 2016-08-29 11:24 - 00032768 _____ C:\Users\Kristina\Downloads\123.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-20 19:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-20 19:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-20 19:20 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-20 19:01 - 2015-03-24 13:50 - 00000000 __RDO C:\Users\Kristina\OneDrive
2016-09-20 19:00 - 2015-03-24 13:41 - 00000000 __SHD C:\Users\Kristina\IntelGraphicsProfiles
2016-09-20 18:59 - 2016-01-21 21:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-20 18:58 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-20 18:55 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-20 18:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-20 18:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-20 18:22 - 2015-10-30 20:12 - 00747608 _____ C:\WINDOWS\system32\perfh01D.dat
2016-09-20 18:22 - 2015-10-30 20:12 - 00151176 _____ C:\WINDOWS\system32\perfc01D.dat
2016-09-20 18:22 - 2015-10-05 20:17 - 01768152 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-20 18:19 - 2015-10-05 20:24 - 00002383 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-20 18:07 - 2015-10-05 19:08 - 00000000 ___HD C:\$SysReset
2016-09-20 18:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-11 10:45 - 2016-01-21 20:55 - 00000000 ____D C:\Users\Kristina
2016-09-11 10:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration
2016-09-11 10:33 - 2015-10-05 20:14 - 00000000 ____D C:\Users\Kristina\AppData\Local\Packages
2016-09-11 08:53 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-09-11 08:53 - 2015-10-05 20:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-29 11:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2016-09-20 18:54 - 2016-09-20 18:54 - 0000102 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG
2016-01-21 20:51 - 2016-01-21 20:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-06 15:43
 
==================== End of FRST.txt ============================Addition.txt
Länk till kommentar
Dela på andra webbplatser

Hej!

 

Det verkar finnas en del reklamprogram och andra olämpliga program i datorn. Det ser ut som att de kom in därför Chrome hämtades på ett olämpligt ställe.

 

 

1. Avinstallera PC Mechanic.

 

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s1].txt

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

Jag kan inte avinstallera Pc Mechanic.  Detta kommer upp.....bifogad

 

Googlade och det finns på youtube hur man kan avinstallera detta men hittar inte PC M bland tjänster så det fungrade inte heller.

 

Kan jag köra prog från länken du gav mej ändå?  

 

post-138875-0-03080600-1474440925_thumb.png

 

post-138875-0-33108200-1474440934_thumb.png

 

 

Länk till kommentar
Dela på andra webbplatser

# AdwCleaner v6.020 - Logfile created 21/09/2016 at 09:56:02

# Updated on 14/09/2016 by ToolsLib

# Database : 2016-09-14.2 [Local]

# Operating System : Windows 10 Home  (X64)

# Username : Kristina - HEMMA

# Running from : C:\Users\Kristina\Downloads\adwcleaner_6.020.exe

# Mode: Scan


 

 

 

***** [ Services ] *****

 

No malicious services found.

 

 

***** [ Folders ] *****

 

Folder Found:  C:\Users\Kristina\AppData\Roaming\RPEng

Folder Found:  C:\Users\Kristina\AppData\Roaming\Uniblue

Folder Found:  C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence

Folder Found:  C:\Program Files\ByteFence

Folder Found:  C:\ProgramData\Uniblue

Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wajainten

Folder Found:  C:\Program Files (x86)\Uniblue

Folder Found:  C:\Program Files (x86)\Corner Sunshine

Folder Found:  C:\Users\Kristina\AppData\Local\Temp\Uniblue

 

 

***** [ Files ] *****

 

File Found:  C:\Users\Kristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC-Mechanic.lnk

File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

 

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

 

***** [ WMI ] *****

 

No malicious keys found.

 

 

***** [ Shortcuts ] *****

 

No infected shortcut found.

 

 

***** [ Scheduled Tasks ] *****

 

Task Found:  PC-Mechanic Maintenance

Task Found:  PC-Mechanic Startup

Task Found:  LaunchPreSignup

 

 

***** [ Registry ] *****

 

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

Key Found:  HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

Key Found:  HKLM\SOFTWARE\Classes\driverscanner

Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK

Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1

Key Found:  HKLM\SOFTWARE\Classes\pc-mechanic

Key Found:  [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

Key Found:  [x64] HKLM\SOFTWARE\Classes\driverscanner

Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK

Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\pc-mechanic

Key Found:  HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\PRODUCTSETUP

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\yahooprovidedsearch

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Tuguu

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\csastats

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\ICSW1.22

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Corner Sunshine

Key Found:  HKCU\Software\PRODUCTSETUP

Key Found:  HKCU\Software\yahooprovidedsearch

Key Found:  HKCU\Software\Tuguu

Key Found:  HKCU\Software\csastats

Key Found:  HKCU\Software\ICSW1.22

Key Found:  HKCU\Software\Corner Sunshine

Key Found:  HKLM\SOFTWARE\Uniblue

Key Found:  HKLM\SOFTWARE\Uniblue\DriverScanner

Key Found:  HKLM\SOFTWARE\Corner Sunshine

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1

Key Found:  [x64] HKCU\Software\PRODUCTSETUP

Key Found:  [x64] HKCU\Software\yahooprovidedsearch

Key Found:  [x64] HKCU\Software\Tuguu

Key Found:  [x64] HKCU\Software\csastats

Key Found:  [x64] HKCU\Software\ICSW1.22

Key Found:  [x64] HKCU\Software\Corner Sunshine

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1A117CDD-327D-424F-95CB-8BCF9CAD3B06}

Key Found:  HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}

Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A117CDD-327D-424F-95CB-8BCF9CAD3B06}

Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A117CDD-327D-424F-95CB-8BCF9CAD3B06}

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}

Key Found:  HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E

 

 

***** [ Web browsers ] *****

 

No malicious Firefox based browser items found.

Chrome pref Found:  [C:\Users\Kristina\AppData\Local\Chromium\User Data\Default\Web data] - search provided by yahoo

Chrome pref Found:  [C:\Users\Kristina\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://se.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mgn_togoo_16_36&param1=1&param2=f%3D7%26b

 

*************************

 

C:\AdwCleaner\AdwCleaner[s0].txt - [5241 Bytes] - [21/09/2016 09:56:02]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5314 Bytes] ##########
Länk till kommentar
Dela på andra webbplatser

Fint att så mycket hittades!

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[C1].txt

 

 

2. Skanna datorn online genom att följa instruktionen på sidan http://support.eset.com/kb2921/ .
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats (viktigt för falsklarm förekommer).
Bocka för:
Scan Archives
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

 

 

3. Starta FRST.

Bocka för Addition.txt.

Låt FRST skanna datorn och bifoga sen de två nya loggfilerna.

Länk till kommentar
Dela på andra webbplatser

# AdwCleaner v6.020 - Logfile created 21/09/2016 at 15:44:24

# Updated on 14/09/2016 by ToolsLib

# Database : 2016-09-14.2 [Local]

# Operating System : Windows 10 Home  (X64)

# Username : Kristina - HEMMA

# Running from : C:\Users\Kristina\Desktop\adwcleaner_6.020.exe

# Mode: Clean


 

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

[-] Folder deleted: C:\Users\Kristina\AppData\Roaming\RPEng

[-] Folder deleted: C:\Users\Kristina\AppData\Roaming\Uniblue

[-] Folder deleted: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence

[-] Folder deleted: C:\Program Files\ByteFence

[-] Folder deleted: C:\ProgramData\Uniblue

[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[-] Folder deleted: C:\Program Files (x86)\Uniblue

[-] Folder deleted: C:\Users\Kristina\AppData\Local\Temp\Uniblue

 

 

***** [ Files ] *****

 

[-] File deleted: C:\Users\Kristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC-Mechanic.lnk

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Key deleted: HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

[-] Key deleted: HKLM\SOFTWARE\Classes\driverscanner

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1

[-] Key deleted: HKLM\SOFTWARE\Classes\pc-mechanic

[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\driverscanner

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}

[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

[-] Key deleted: HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\yahooprovidedsearch

[-] Key deleted: HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Tuguu

[#] Key deleted on reboot: HKCU\Software\yahooprovidedsearch

[#] Key deleted on reboot: HKCU\Software\Tuguu

[-] Key deleted: HKLM\SOFTWARE\Uniblue

[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue\DriverScanner

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1

[#] Key deleted on reboot: [x64] HKCU\Software\yahooprovidedsearch

[#] Key deleted on reboot: [x64] HKCU\Software\Tuguu

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Kristina\AppData\Local\Chromium\User Data\Default\Web data] [search Provider] Deleted: search provided by yahoo

[-] [C:\Users\Kristina\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://se.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mgn_togoo_16_36&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dse%26pa%3DManganese%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtAyCtCzy0D0CtDyBtD0AtN0D0Tzu0StCyBtCyDtN1L2XzutAtFtCyBtFtCtDtFzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtB0FzztB0CyE0CtGyEtBtDtBtGtD0C0CyEtGtDyEtD0FtGyEyB0EyDyCyEzz0E0F0FyB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyE0A0F0F0B0AzztGyEtDtCyDtGyEyDyEyCtGzztA0AtDtGyCtD0F0FtDyE0FtC0DyB0A0D2QtN0A0LzuyE%26cr%3D2106198234%26a%3Dmgn_togoo_16_36%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C0].txt - [3978 Bytes] - [21/09/2016 15:44:24]

C:\AdwCleaner\AdwCleaner[s0].txt - [5445 Bytes] - [21/09/2016 09:56:02]

C:\AdwCleaner\AdwCleaner[s1].txt - [3658 Bytes] - [21/09/2016 15:41:54]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4197 Bytes] ##########
Länk till kommentar
Dela på andra webbplatser

Nej nu blir jag tokig. Eset scan stoppas hela tiden precis i slutet.

Det blir svart bakgrund såkommer det upp att något program i win har stoppat.

Dessutom så  har något startat virusprogrammet fast jag inaktiverade det...

 

Hur går jag vidre nu ?

 

post-138875-0-53939100-1474473767_thumb.png

Länk till kommentar
Dela på andra webbplatser

Neej......trodde den skulle bli helt klar nu men det stoppades ändå fast virusprog är avinstallerat.

Det går inte, kan det vara Win defender? 

Länk till kommentar
Dela på andra webbplatser

Här är logfilerna. Jag går och lägger mej men återkommer imorgon.

Stort tack för din ovärderliga hjälp 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Kristina (administrator) on HEMMA (21-09-2016 23:51:32)
Running from C:\Users\Kristina\Downloads\FRST-OlderVersion
Loaded Profiles: Kristina (Available Profiles: Kristina)
Platform: Windows 10 Home Version 1511 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: "C:\Users\Kristina\AppData\Local\Chromium\Application\chrome.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-08-16] (Realtek semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-10-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-21] (AVAST Software)
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-530700673-802275041-1869102837-1001\...\RunOnce: [uninstall C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-21] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce834fcf-2140-4a52-bfc6-2a1e800e0e0e}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131188616072905365&GUID=D2809E83-13A4-4605-9C95-BA46E070299F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131188616072942096&GUID=D2809E83-13A4-4605-9C95-BA46E070299F
HKU\S-1-5-21-530700673-802275041-1869102837-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-530700673-802275041-1869102837-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-21]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.superstart.se/
CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Presentationer) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-20]
CHR Extension: (Google Dokument) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-20]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-20]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-20]
CHR Extension: (Google Kalkylark) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-20]
CHR Extension: (Google Dokument Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-20]
CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-21] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-10-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-05] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-21] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-16] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2016-01-21] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-08-16] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-08-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-12-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-10-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S1 ghxgxala; \??\C:\WINDOWS\system32\drivers\ghxgxala.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 23:26 - 2016-09-21 23:26 - 00004002 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1474493189
2016-09-21 23:26 - 2016-09-21 23:26 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-21 23:26 - 2016-09-21 23:25 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-21 23:24 - 2016-09-21 23:24 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\AVAST Software
2016-09-21 23:23 - 2016-09-21 23:23 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-21 23:23 - 2016-09-21 23:23 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-09-21 23:23 - 2016-09-21 23:23 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-09-21 23:23 - 2016-09-21 23:23 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-09-21 23:23 - 2016-09-21 23:22 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-21 23:23 - 2016-09-21 23:22 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-09-21 23:22 - 2016-09-21 23:22 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-21 23:22 - 2016-09-21 23:22 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-09-21 23:21 - 2016-09-21 23:25 - 00000000 ____D C:\Program Files\AVAST Software
2016-09-21 20:34 - 2016-09-21 20:34 - 00000000 ___HD C:\OneDriveTemp
2016-09-21 16:01 - 2016-09-21 16:01 - 00000000 ____D C:\Users\Kristina\AppData\Local\ESET
2016-09-21 15:59 - 2016-09-21 16:01 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
2016-09-21 10:34 - 2016-09-21 23:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-21 10:33 - 2016-09-21 10:33 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-21 10:33 - 2016-09-21 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-21 10:33 - 2016-09-21 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-21 10:33 - 2016-09-21 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-21 10:33 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-21 10:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-21 10:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-21 10:32 - 2016-09-21 10:33 - 22851472 _____ (Malwarebytes ) C:\Users\Kristina\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-21 09:52 - 2016-09-21 23:47 - 00000000 ____D C:\AdwCleaner
2016-09-21 08:35 - 2016-09-21 09:52 - 03861056 _____ C:\Users\Kristina\Desktop\adwcleaner_6.020.exe
2016-09-20 19:35 - 2016-09-20 19:36 - 00022087 _____ C:\Users\Kristina\Downloads\Addition.txt
2016-09-20 19:33 - 2016-09-20 19:36 - 00023332 _____ C:\Users\Kristina\Downloads\FRST.txt
2016-09-20 19:32 - 2016-09-21 23:51 - 00000000 ____D C:\Users\Kristina\Downloads\FRST-OlderVersion
2016-09-20 19:32 - 2016-09-21 23:51 - 00000000 ____D C:\FRST
2016-09-20 19:27 - 2016-09-20 19:32 - 02402816 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2016-09-20 19:12 - 2016-09-20 19:12 - 00000000 ____D C:\Users\Kristina\AppData\Local\CEF
2016-09-20 18:58 - 2016-09-20 19:01 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-20 18:58 - 2016-09-20 19:01 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-20 18:57 - 2016-09-21 23:13 - 00001014 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-20 18:57 - 2016-09-20 19:08 - 00004072 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-20 18:57 - 2016-09-20 19:08 - 00003840 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-20 18:57 - 2016-09-20 19:08 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-20 18:57 - 2016-09-20 18:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-20 18:54 - 2016-09-20 18:54 - 00000102 _____ C:\Users\Kristina\AppData\Roaming\WB.CFG
2016-09-20 18:52 - 2016-09-21 23:25 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-20 18:52 - 2016-09-20 18:52 - 06334848 _____ (AVAST Software) C:\Users\Kristina\Downloads\avast_free_antivirus_setup_online.exe
2016-09-20 18:49 - 2016-09-21 21:50 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{40277EE3-BB8B-465F-B093-C31454961555}
2016-09-20 18:30 - 2016-09-20 18:30 - 00003240 _____ C:\WINDOWS\System32\Tasks\{0FC3EE4B-CCE1-4DAF-A40F-CAD35D34374C}
2016-09-20 18:19 - 2016-09-20 18:19 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-20 18:17 - 2016-09-20 18:17 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Skype
2016-09-11 11:10 - 2016-09-21 08:36 - 00000000 ____D C:\Users\Kristina\AppData\Local\Google
2016-09-11 11:00 - 2016-09-21 23:25 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-11 11:00 - 2016-09-20 18:38 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-11 11:00 - 2016-09-20 18:25 - 00004006 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-11 11:00 - 2016-09-11 11:32 - 00003854 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-11 09:20 - 2016-09-11 11:32 - 00000000 ____D C:\Users\Kristina\AppData\Local\Adobe
2016-09-11 08:55 - 2016-09-11 08:55 - 00002360 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-11 08:54 - 2016-09-11 08:58 - 00000000 ____D C:\Users\Kristina\AppData\Local\Chromium
2016-09-11 08:54 - 2016-09-11 08:56 - 00000000 ____D C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}
2016-09-11 08:53 - 2016-09-20 19:18 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}
2016-09-11 08:53 - 2016-09-20 18:53 - 00000000 ____D C:\ProgramData\{30E2F581-BAA0-7F47-3C66-E105A6246ACB}
2016-09-11 08:53 - 2016-09-11 08:53 - 74530506 _____ C:\Users\Kristina\Downloads\ChromeSetup [1].exe
2016-09-11 08:53 - 2016-09-11 08:53 - 00000254 __RSH C:\ProgramData\ntuser.pol
2016-08-29 11:24 - 2016-08-29 11:24 - 00032768 _____ C:\Users\Kristina\Downloads\123.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 23:50 - 2015-03-24 13:50 - 00000000 __RDO C:\Users\Kristina\OneDrive
2016-09-21 23:49 - 2015-03-24 13:41 - 00000000 __SHD C:\Users\Kristina\IntelGraphicsProfiles
2016-09-21 23:48 - 2016-01-21 21:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-21 23:47 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-21 23:23 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-21 22:41 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-21 22:41 - 2015-10-15 11:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-21 22:38 - 2015-10-15 11:33 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-21 20:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-21 15:50 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-21 10:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Resources
2016-09-21 09:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-20 18:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-20 18:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-20 18:22 - 2015-10-30 20:12 - 00747608 _____ C:\WINDOWS\system32\perfh01D.dat
2016-09-20 18:22 - 2015-10-30 20:12 - 00151176 _____ C:\WINDOWS\system32\perfc01D.dat
2016-09-20 18:22 - 2015-10-05 20:17 - 01768152 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-20 18:19 - 2015-10-05 20:24 - 00002383 _____ C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-20 18:07 - 2015-10-05 19:08 - 00000000 ___HD C:\$SysReset
2016-09-11 10:45 - 2016-01-21 20:55 - 00000000 ____D C:\Users\Kristina
2016-09-11 10:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration
2016-09-11 10:33 - 2015-10-05 20:14 - 00000000 ____D C:\Users\Kristina\AppData\Local\Packages
2016-09-11 08:53 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-09-11 08:53 - 2015-10-05 20:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-07 03:00 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:00 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-29 11:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2016-09-20 18:54 - 2016-09-20 18:54 - 0000102 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG
2016-01-21 20:51 - 2016-01-21 20:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\libeay32.dll
C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll
C:\Users\Kristina\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-21 09:09
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Kristina (21-09-2016 23:53:37)
Running from C:\Users\Kristina\Downloads\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-01-21 19:11:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administratör (S-1-5-21-530700673-802275041-1869102837-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-530700673-802275041-1869102837-503 - Limited - Disabled)
Gäst (S-1-5-21-530700673-802275041-1869102837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-530700673-802275041-1869102837-1003 - Limited - Enabled)
Kristina (S-1-5-21-530700673-802275041-1869102837-1001 - Administrator - Enabled) => C:\Users\Kristina
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BankID säkerhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.2.1.1 - Finansiell ID-Teknik BID AB)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-530700673-802275041-1869102837-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-530700673-802275041-1869102837-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BE41FE7-26F0-4245-A078-8662144615E1} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-20] (Microsoft Corporation)
Task: {1900A2ED-DED5-4AA6-99DC-959CA83394E9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-21] (AVAST Software)
Task: {245D897D-BAD3-4BA2-BDFA-30DA88CAE8E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-21] (Microsoft Corporation)
Task: {3AB389C3-AEF7-403F-825A-2066343A41F1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-20] (Adobe Systems Incorporated)
Task: {412186F1-9E53-4CBE-B098-AE709C401F61} - System32\Tasks\{0FC3EE4B-CCE1-4DAF-A40F-CAD35D34374C} => pcalua.exe -a C:\WINDOWS\bdc67a9ae43eebef961d4d26dc72a52e.exe
Task: {4AC45687-F692-40B7-8DA5-B6E17F6C469B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-20] (Adobe Systems Incorporated)
Task: {A020A3BA-1909-4F5E-ADB5-3CAD31643999} - System32\Tasks\SafeZone scheduled Autoupdate 1474493189 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {A70084BB-CD53-4589-B257-F9707B678774} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.)
Task: {EB8B2CAD-F637-4126-A971-A7F7B0ADD8F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-15 17:33 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-15 17:33 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-20 18:17 - 2016-09-20 18:17 - 01864384 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-04-20 13:08 - 2016-04-20 13:09 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 20:36 - 2016-01-21 20:36 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-15 17:35 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-15 17:33 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-15 17:33 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-15 17:33 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-15 17:33 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-21 23:22 - 2016-09-21 23:22 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-21 23:26 - 2016-09-21 23:26 - 03114776 _____ () C:\Program Files\AVAST Software\Avast\defs\16092104\algo.dll
2016-09-21 23:22 - 2016-09-21 23:22 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-20 13:08 - 2016-04-20 13:09 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 13:08 - 2016-04-20 13:09 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-20 18:17 - 2016-09-20 18:17 - 01383616 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-20 18:17 - 2016-09-20 18:17 - 00118976 _____ () C:\Users\Kristina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-21 23:22 - 2016-09-21 23:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-05 20:36 - 2016-09-20 18:48 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-530700673-802275041-1869102837-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\Desktop\4k-lake-wallpaper-34.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: PNRPAutoReg => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7D9CF79F-2D77-40EF-BC58-14415C83C78C}] => (Allow) C:\Users\Kristina\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{3C39B460-2B5C-490E-93F0-13187636310A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-08-2016 11:15:22 Schemalagd kontrollpunkt
06-09-2016 16:00:33 Schemalagd kontrollpunkt
11-09-2016 08:56:35 Uniblue PC Mechanic installation
11-09-2016 09:01:15 WinZip Registry Optimizer Restore Point (09/11/16)
11-09-2016 10:29:06 Återställningsåtgärd
20-09-2016 18:04:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2016 11:24:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Den beroende sammansättningen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/21/2016 07:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
, felet uppstod i modulen med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
Undantagskod: 0xc0000005
Felförskjutning: 0x000361d1
Process-ID: 0x13dc
Programmets starttid: 0x01d21426c478658d
Sökväg till program: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Sökväg till modul: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Rapport-ID: df2e35ff-8925-4787-aaa5-d89023f251fa
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (09/21/2016 05:56:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
, felet uppstod i modulen med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
Undantagskod: 0xc0000005
Felförskjutning: 0x001a3524
Process-ID: 0xee8
Programmets starttid: 0x01d2141989677603
Sökväg till program: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Sökväg till modul: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Rapport-ID: bb473be3-71e4-4306-8cdc-5aa9b83dd826
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (09/21/2016 05:03:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
, felet uppstod i modulen med namn: esetonlinescanner_enu.exe, version 2.0.12.0, tidsstämpel 0x57ac3e59
Undantagskod: 0xc0000005
Felförskjutning: 0x001a3524
Process-ID: 0x12a4
Programmets starttid: 0x01d21410a273e920
Sökväg till program: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Sökväg till modul: C:\Users\Kristina\Downloads\esetonlinescanner_enu.exe
Rapport-ID: beaaf7f3-a388-43e3-a779-891e59fc010b
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (09/21/2016 08:06:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEMMA)
Description: Aktiveringen av appen Microsoft.Windows.Photos_8wekyb3d8bbwe!App misslyckades med felet: -2144927141 Mer information finns i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/20/2016 08:29:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEMMA)
Description: Aktiveringen av appen Microsoft.Windows.Photos_8wekyb3d8bbwe!App misslyckades med felet: -2144927141 Mer information finns i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/20/2016 07:31:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEMMA)
Description: Aktiveringen av appen Microsoft.WindowsMaps_8wekyb3d8bbwe!App misslyckades med felet: -2144927148 Mer information finns i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/20/2016 06:55:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Den beroende sammansättningen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/20/2016 06:04:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Åtkomst nekad.
.
 
Error: (09/11/2016 10:49:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Öppningsproceduren BITS i DLL-filen C:\Windows\System32\bitsperf.dll kunde inte utföras. Prestandadata för den här tjänsten kommer inte att vara tillgängliga. Felkoden anges av datasektionens första fyra byte (DWORD).
 
 
System errors:
=============
Error: (09/21/2016 11:48:05 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Den inbäddade styrenheten (EC) svarade inte inom den tidsgräns som angetts. Detta kan bero på att det finns fel i styrenhetens maskinvara eller i den inbyggda programvaran, eller att BIOS använder styrenheten felaktigt. Du bör be datortillverkaren om en BIOS-uppgradering. I vissa fall kan det här felet orsaka att datorn inte fungerar som den ska.
 
Error: (09/21/2016 11:47:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten User Data Storage_54c95 skulle ansluta.
 
Error: (09/21/2016 11:47:37 PM) (Source: DCOM) (EventID: 10010) (User: HEMMA)
Description: Servern {F9717507-6651-4EDB-BFF7-AE615179BCCF} registrerades inte med DCOM inom erforderlig timeout.
 
Error: (09/21/2016 11:47:37 PM) (Source: DCOM) (EventID: 10010) (User: HEMMA)
Description: Servern {F9717507-6651-4EDB-BFF7-AE615179BCCF} registrerades inte med DCOM inom erforderlig timeout.
 
Error: (09/21/2016 11:47:37 PM) (Source: DCOM) (EventID: 10010) (User: HEMMA)
Description: Servern {F9717507-6651-4EDB-BFF7-AE615179BCCF} registrerades inte med DCOM inom erforderlig timeout.
 
Error: (09/21/2016 11:47:37 PM) (Source: DCOM) (EventID: 10010) (User: HEMMA)
Description: Servern {F9717507-6651-4EDB-BFF7-AE615179BCCF} registrerades inte med DCOM inom erforderlig timeout.
 
Error: (09/21/2016 11:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten User Data Access_54c95 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.
 
Error: (09/21/2016 11:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten User Data Storage_54c95 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.
 
Error: (09/21/2016 11:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Contact Data_54c95 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.
 
Error: (09/21/2016 11:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Synkroniseringsvärd_54c95 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-21 10:59:39.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-20 18:07:21.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-17 03:36:55.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-16 14:53:56.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 03:38:45.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 18:19:09.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-25 16:02:12.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 03:35:32.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 03:33:53.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 22:07:19.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.21 MB
Available physical RAM: 1898.96 MB
Total Virtual: 4683.21 MB
Available Virtual: 2688.42 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:890.34 GB) (Free:848.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4DC2C9A2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
Länk till kommentar
Dela på andra webbplatser

Kolla om det finns någon loggfil (textfil) i mappen C:\Användare\Kristina\AppData\Local\ESET. I så fall kan den innehålla information om vad Esets skanner hittade så bifoga den till ditt svar.

 

 

Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
S1 ghxgxala; \??\C:\WINDOWS\system32\drivers\ghxgxala.sys [X]
Folder: C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}
Folder: C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}
File: C:\WINDOWS\bdc67a9ae43eebef961d4d26dc72a52e.exe
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Länk till kommentar
Dela på andra webbplatser

Hittar ingen loggfil inne på C:\Kristina för det finns ingen AppData\local\ESET

 

Här kommer FRST loggfil du bad om

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2016
Ran by Kristina (22-09-2016 10:25:30) Run:1
Running from C:\Users\Kristina\Desktop
Loaded Profiles: Kristina (Available Profiles: Kristina)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S1 ghxgxala; \??\C:\WINDOWS\system32\drivers\ghxgxala.sys [X]
Folder: C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}
Folder: C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}
File: C:\WINDOWS\bdc67a9ae43eebef961d4d26dc72a52e.exe
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
ghxgxala => service removed successfully
 
========================= Folder: C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A} ========================
 
2016-09-11 08:54 - 2016-09-11 08:54 - 0195776 _____ () C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}\deti
2016-09-11 08:54 - 2016-09-11 08:54 - 0000075 _____ () C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}\info.dat
2016-09-11 08:54 - 2016-09-11 08:54 - 0008032 _____ () C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}\install.log
2016-09-11 08:54 - 2016-09-11 08:54 - 0681097 _____ (SQLite Development Team) C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}\Sqlite3.dll
2016-09-11 08:54 - 2016-09-11 08:54 - 0001774 _____ () C:\Users\Kristina\AppData\Local\{B3DE8582-9776-E93A-FAEE-CCD2DE86304A}\uninst.dat
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC} ========================
 
2013-04-21 00:50 - 2013-04-21 00:50 - 0000073 _____ () C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}\config.dat
2016-09-11 08:53 - 2016-09-20 18:54 - 0000794 _____ () C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}\info.dat
2013-05-06 01:44 - 2013-05-06 01:44 - 0000025 _____ () C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}\STTL.DAT
2013-04-10 13:06 - 2013-04-10 13:06 - 0000004 _____ () C:\Users\Kristina\AppData\Roaming\{59FD6F46-7CAF-0230-1799-25E2CB4BD8DC}\TTL.DAT
 
====== End of Folder: ======
 
 
========================= File: C:\WINDOWS\bdc67a9ae43eebef961d4d26dc72a52e.exe ========================
 
"C:\WINDOWS\bdc67a9ae43eebef961d4d26dc72a52e.exe" => not found.
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:26:14 ====
Länk till kommentar
Dela på andra webbplatser

Appdata är en dold mapp så du får slå på visning av sådana filer och mappar först: Ställ in Utforskaren så att du kan se alla filer:
Visa - Alternativ - Ändra mapp- och sökalternativ - Visning
Välj Visa dolda filer och mappar
Avbocka Dölj filnamnstillägg för kända filtyper
 

Länk till kommentar
Dela på andra webbplatser

Jag tycker den känns okej nu.....Inga konstiga meddelanden som dyker upp och virusprogrammet är tyst och fint;)    Har använt datorn ett tag nu och det känns helt okej.   Det som ställde till problem är nog borta 

Länk till kommentar
Dela på andra webbplatser

Låter ju utmärkt det!

Då är det dags att avinstallera FRST och AdwCleaner.

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.
 

Länk till kommentar
Dela på andra webbplatser

Då är allt borta.  Det ända som jag upplever nu när jag startade om datorn är att det inte händer något då jag vill öppna saker i Aktivitetsfältet. Klickar jag på flaggan så öppnas den inte men det går att högerklicka.  Samma med allt annat förutom Chrome

 

Är det vanligt fel i win 8.  Jag kommer inte riktigt överens med den,själv har jag 10 å där har jag aldrig problem.

 

Förövrigt så vill jag tacka dej för som vanligt skickligt lotsande i en för mej många gånger okänd värld.  Du är ett Guldkorn.  

 

Stort Tack   :thumbsup:  :thumbsup:

Länk till kommentar
Dela på andra webbplatser

Eh glöm bort detta med win 8 , tror jag fått något fel i skallen oxå  men felet kvarstår alltså att det inte går att klicka på annat än Chrome ikonen.  Högerklicka fungerar men inte att sedan välja sök tex

Länk till kommentar
Dela på andra webbplatser

Bara trevligt att kunna hjälpa till :)

Men tråkigt när det orsakar problem.

 

Det är något som inträffar då och då i Windows 10.

 

Ibland beror det på att någon Windows-uppdatering krånglar så det kan vara bra att starta om datorn några gånger och det kan göras från menyn som visas när man högerklickar på Start-knappen.

 

Ibland har det blivit något fel i användarprofilen och det kan man kolla genom att skapa ett nytt konto (högerklick på Start - Kontrollpanelen - Användarkonton), logga in på det och testa.

 

Vet du när detta fel uppstod?

Länk till kommentar
Dela på andra webbplatser

Det blev då jag tagit bort programmen som jag installerade . Precis på slutet

 

Har startat om men ingen bättring men fortsätter väl några gånger till ;)

Länk till kommentar
Dela på andra webbplatser

Om det inte hjälper med det kan du pröva med en systemåterställning till den senaste återställningspunkten.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.



×
×
  • Skapa nytt...