Just nu i M3-nätverket
Gå till innehåll

Pop-upfönster i Internet Explorer


eirmark

Rekommendera Poster

Försöker hjälpa min bror som senaste månaden fått in en massa oönskad reklam och pop-upfönster. Dessutom har hans systemsåterställning satts ur funktion, så det går inte att gå tillbaka till en tidigare fungerande konfiguration. Jag har försökt hjälpa honom lite med att åtminstone ladda ner DDS så här kommer DDS.txt och attachfilen som bilaga.

 

Om någon snäll kan tänka sig att titta på den?

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Siba at 15:58:19 on 2014-04-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.46.1053.18.2811.860 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\Bench\BService\bservice.exe
C:\Program Files (x86)\Bench\Wd\wd.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Spring Smart\updateSpringSmart.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Spring Smart\bin\FilterApp_C64.exe
C:\Program Files (x86)\Spring Smart\bin\XTLSApp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\program files (x86)\deals plugin extension\deals plugin extension-bg.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Brownie\brstsw64.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.swedbank.se/privat/index.htm
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=easynote_tm82&r=273608106855l04c4z115f46m2c36q
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Deals Plugin Extension: {11111111-1111-1111-1111-110211181106} - C:\Program Files (x86)\Deals Plugin Extension\Deals Plugin Extension.dll
BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll
BHO: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Mobile Partner] C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [APISupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Siba\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
mRun: [bService] C:\Program Files (x86)\Bench\BService\bservice.exe
mRun: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe
mRunOnce: [Deals Plugin-repairJob] wscript.exe "C:\Users\Siba\AppData\Local\Deals Plugin\repair.js" "Deals Plugin-repairJob"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.BackupManager\BackupManager.list
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass-formulärifyllning - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5D093447-3FDB-44ED-9001-6F56B3A87C93} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BBEEDFEF-420B-4CFB-B8A5-1EA76124319B} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5E5E52F-E372-4E63-8882-B4F41BE01134} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{E0327EFA-6047-4717-8876-A344B633580F} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{E19ED036-23A9-4B42-ABE4-488D4A8DA4CB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F38ADD3E-4812-4DE0-8116-CA8555D33A68} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll
x64-TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.204.28.26    fickfgcleonkfojnjddoccbkaliaobcf
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_45.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
FF - Ext: Deals Plugin Extension: extension21806@extension21806.com - %profile%\extensions\extension21806@extension21806.com
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-31 55024]
R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-3-18 61120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-30 202752]
R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 54320]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-1-16 86016]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-30 321064]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-21 38456]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-1-16 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-1-16 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-1-16 415744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2013-1-16 222464]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-2-4 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-2-4 13280]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-30 239136]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-23 50176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-04-06 05:28:02    --------    d-----w-    C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237}
2014-04-05 17:27:33    --------    d-----w-    C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B}
2014-04-05 05:26:53    --------    d-----w-    C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1}
2014-04-04 17:26:24    --------    d-----w-    C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D}
2014-04-04 14:32:10    --------    d-----w-    C:\Users\Siba\AppData\Local\TB
2014-04-04 09:19:13    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C33D76C1-00CA-4DF0-9A9E-B958A1CD6B37}\mpengine.dll
2014-04-04 05:25:22    --------    d-----w-    C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6}
2014-04-03 12:22:24    --------    d-----w-    C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC}
2014-04-02 11:43:50    --------    d-----w-    C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637}
2014-04-01 07:05:32    --------    d-----w-    C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C}
2014-03-31 19:05:02    --------    d-----w-    C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F}
2014-03-31 07:04:10    --------    d-----w-    C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F}
2014-03-30 12:41:08    --------    d-----w-    C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A}
2014-03-29 22:51:10    --------    d-----w-    C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC}
2014-03-29 10:29:13    --------    d-----w-    C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8}
2014-03-28 22:28:31    --------    d-----w-    C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D}
2014-03-28 22:21:32    --------    d-----w-    C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C}
2014-03-28 07:05:26    --------    d-----w-    C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6}
2014-03-27 18:36:00    --------    d-----w-    C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8}
2014-03-26 12:01:51    --------    d-----w-    C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D}
2014-03-25 23:02:39    --------    d-----w-    C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965}
2014-03-25 11:02:08    --------    d-----w-    C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C}
2014-03-24 23:01:36    --------    d-----w-    C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016}
2014-03-24 11:01:06    --------    d-----w-    C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6}
2014-03-23 23:00:24    --------    d-----w-    C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D}
2014-03-23 10:55:33    --------    d-----w-    C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842}
2014-03-22 08:32:20    --------    d-----w-    C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B}
2014-03-21 17:54:51    --------    d-----w-    C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A}
2014-03-21 05:28:57    --------    d-----w-    C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348}
2014-03-20 10:33:19    --------    d-----w-    C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87}
2014-03-19 21:50:00    --------    d-----w-    C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A}
2014-03-19 09:49:22    --------    d-----w-    C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A}
2014-03-18 09:55:47    --------    d-----w-    C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C}
2014-03-18 06:26:03    61120    ----a-w-    C:\Windows\System32\drivers\wStLib64.sys
2014-03-17 21:55:09    --------    d-----w-    C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56}
2014-03-17 08:13:28    --------    d-----w-    C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449}
2014-03-16 20:12:56    --------    d-----w-    C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F}
2014-03-16 08:12:23    --------    d-----w-    C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4}
2014-03-15 20:11:51    --------    d-----w-    C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E}
2014-03-15 08:11:07    --------    d-----w-    C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73}
2014-03-14 17:52:06    --------    d-----w-    C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE}
2014-03-14 05:51:26    --------    d-----w-    C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1}
2014-03-13 08:00:05    --------    d-----w-    C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190}
2014-03-13 05:39:55    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-13 05:39:55    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-13 05:39:48    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-13 05:39:48    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 19:59:34    --------    d-----w-    C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA}
2014-03-12 07:58:57    --------    d-----w-    C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3}
2014-03-11 19:58:24    --------    d-----w-    C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396}
2014-03-11 07:57:52    --------    d-----w-    C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10}
2014-03-10 19:57:12    --------    d-----w-    C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF}
2014-03-10 06:43:39    --------    d-----w-    C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A}
2014-03-09 18:43:04    --------    d-----w-    C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E}
2014-03-09 06:42:26    --------    d-----w-    C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1}
2014-03-08 18:40:24    --------    d-----w-    C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6}
2014-03-08 06:39:45    --------    d-----w-    C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78}
2014-03-07 17:57:12    --------    d-----w-    C:\Users\Siba\AppData\Local\{FC24D2B0-28FF-4943-B045-5FADD7929475}
.
==================== Find3M  ====================
.
2014-03-13 15:25:51    1409    ----a-w-    C:\Windows\QTFont.for
2014-03-11 21:58:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 21:58:23    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
.
============= FINISH: 16:02:12,54 ===============
 

attach.txt

Länk till kommentar
Dela på andra webbplatser

1. Avinstallera i Kontrollpanelen (om det går):

Deals Plugin pga http://www.systemlookup.com/CLSID/77019-Deals_Plugin_Extension_dll.html

Deals Plugin Extension

iLivid/Searchqu http://www.systemlookup.com/CLSID/72565-SearchquDx_dll_searchqudtx_dll.html

Inbox Toolbar http://www.systemlookup.com/CLSID/56457-Inbox_dll.html

 

Mozilla Firefox (3.6.17) mycket gammal version med många kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

2. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

Tack för att du hjälper oss och här kommer svaret från Adwcleaner:

 

 

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 10:06:06
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Siba - SIBA-DATOR
# Running from : C:\Users\Siba\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Siba\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Siba\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js
File Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\user.js
File Found : C:\Windows\System32\Tasks\bench-sys
File Found : C:\Windows\Tasks\bench-sys.job
Folder Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl
Folder Found : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Found C:\Program Files (x86)\1ClickDownload
Folder Found C:\Program Files (x86)\Bandoo
Folder Found C:\Program Files (x86)\Bench
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Siba\AppData\Local\Conduit
Folder Found C:\Users\Siba\AppData\Local\Deals Plugin Extension
Folder Found C:\Users\Siba\AppData\Local\Ilivid Player
Folder Found C:\Users\Siba\AppData\Local\PackageAware
Folder Found C:\Users\Siba\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\Siba\AppData\LocalLow\Bandoo
Folder Found C:\Users\Siba\AppData\LocalLow\Conduit
Folder Found C:\Users\Siba\AppData\LocalLow\searchquband
Folder Found C:\Users\Siba\AppData\LocalLow\SiteRanker
Folder Found C:\Users\Siba\AppData\Roaming\Bandoo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\Software\Bench
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\oneclick
Key Found : HKLM\SOFTWARE\Classes\oneclickmg
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\SiteRanker
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

[ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\prefs.js ]


[ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : search_url

*************************

AdwCleaner[R0].txt - [11803 octets] - [07/04/2014 10:06:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11864 octets] ##########
 

Länk till kommentar
Dela på andra webbplatser

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

2. Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet.

http://download.bleepingcomputer.com/farbar/FRST64.exe

 

Starta FRST.

Läs villkoren för programmet.

Klicka på Yes för att acceptera.

Klicka på Scan-knappen.

När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.

Klistra in innehållet i FRST.txt direkt i ditt svar och bifoga Addition.txt.

Länk till kommentar
Dela på andra webbplatser

Då kommer först AdwCleaner[s0].txt här :

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 16:37:56
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Siba - SIBA-DATOR
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Bandoo
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Siba\AppData\Local\Conduit
Folder Deleted : C:\Users\Siba\AppData\Local\Deals Plugin Extension
Folder Deleted : C:\Users\Siba\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Siba\AppData\Local\PackageAware
Folder Deleted : C:\Users\Siba\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Siba\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Siba\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Siba\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Siba\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Siba\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl
Folder Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Siba\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Siba\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\user.js
File Deleted : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\user.js
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\bench-sys.job
File Deleted : C:\Windows\System32\Tasks\bench-sys

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SiteRanker
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

[ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\.BackupManager\prefs.js ]


[ File : C:\Users\Siba\AppData\Roaming\Mozilla\Firefox\Profiles\avaji64z.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

*************************

AdwCleaner[R0].txt - [12045 octets] - [07/04/2014 10:06:06]
AdwCleaner[R1].txt - [12087 octets] - [07/04/2014 16:36:42]
AdwCleaner[s0].txt - [11698 octets] - [07/04/2014 16:37:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11759 octets] ##########
 

 

och här kommer FRST.txt:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Siba (administrator) on SIBA-DATOR on 07-04-2014 17:01:00
Running from C:\Users\Siba\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2009-12-16] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1541472 2010-03-11] (Suyin)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [77824 2011-02-02] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-17] (Google Inc.)
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [Mobile Partner] - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [514048 2013-01-16] ()
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [ChicaPasswordManager] - "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {08d8929e-6960-11e2-8db9-70f1a114c2d7} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {4c9b4039-33dd-11e2-b38a-70f1a114c2d7} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {85eae2ff-bf7a-11e1-8842-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {85eae315-bf7a-11e1-8842-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {abdecd57-b134-11e0-8a1c-70f1a114c2d7} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {abdecdae-b134-11e0-8a1c-70f1a114c2d7} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361d48-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361d60-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {b2361dac-5ff1-11e2-b0be-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {dce33496-bf72-11e1-8527-88ae1d10436a} - E:\AutoRun.exe
HKU\S-1-5-21-3698847549-2103893759-2447223158-1000\...\MountPoints2: {e53c8f9b-e934-11e1-a0f8-70f1a114c2d7} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swedbank.se/privat/index.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=easynote_tm82&r=273608106855l04c4z115f46m2c36q
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBEEDFEF-420B-4CFB-B8A5-1EA76124319B}: [NameServer]80.251.201.177 80.251.201.178
Tcpip\..\Interfaces\{D5E5E52F-E372-4E63-8882-B4F41BE01134}: [NameServer]80.251.201.177 80.251.201.178
Tcpip\..\Interfaces\{E0327EFA-6047-4717-8876-A344B633580F}: [NameServer]80.251.201.177 80.251.201.178

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\.BackupManager
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\.BackupManager [2010-12-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: r
CHR DefaultSearchProvider: Web Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03]
CHR Extension: (Google Search) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03]
CHR Extension: (No Name) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl [2012-10-10]
CHR Extension: (Google Wallet) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (No Name) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-09-03]
CHR Extension: (Gmail) - C:\Users\Siba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Siba\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-09-03]
CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03]

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2012-08-18] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-01-16] ()
R2 MSSQL$VISMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 17:01 - 2014-04-07 17:01 - 00023484 _____ () C:\Users\Siba\Desktop\FRST.txt
2014-04-07 17:00 - 2014-04-07 17:01 - 00000000 ____D () C:\FRST
2014-04-07 16:55 - 2014-04-07 16:55 - 00011904 _____ () C:\Users\Siba\Desktop\AdwCleaner[s0].txt
2014-04-07 16:23 - 2014-04-07 16:22 - 02157056 _____ (Farbar) C:\Users\Siba\Desktop\FRST64.exe
2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing
2014-04-07 10:12 - 2014-04-07 10:12 - 00012045 _____ () C:\Users\Siba\Desktop\AdwCleaner[R0].txt
2014-04-07 10:03 - 2014-04-07 10:03 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B77A7A43-8185-4306-A13C-764BEEB4F694}
2014-04-07 09:39 - 2014-04-07 09:39 - 00001304 _____ () C:\Users\Siba\Desktop\Notepad.lnk
2014-04-07 09:19 - 2014-04-07 16:38 - 00000000 ____D () C:\AdwCleaner
2014-04-06 21:56 - 2014-04-06 21:56 - 00000000 ____D () C:\Users\Siba\AppData\Local\{26A57F1C-BEF0-4343-BE22-E29F0DC9EAD5}
2014-04-06 07:28 - 2014-04-06 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237}
2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B}
2014-04-05 07:26 - 2014-04-05 07:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1}
2014-04-04 19:26 - 2014-04-04 19:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D}
2014-04-04 16:32 - 2014-04-04 16:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\TB
2014-04-04 07:25 - 2014-04-04 07:25 - 00000000 ____D () C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6}
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC}
2014-04-02 13:43 - 2014-04-02 13:44 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637}
2014-04-01 09:05 - 2014-04-01 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C}
2014-03-31 21:05 - 2014-03-31 21:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F}
2014-03-31 09:04 - 2014-03-31 09:04 - 00000000 ____D () C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F}
2014-03-30 14:41 - 2014-03-30 14:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A}
2014-03-30 00:51 - 2014-03-30 00:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC}
2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8}
2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D}
2014-03-29 00:21 - 2014-03-29 00:21 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C}
2014-03-28 09:05 - 2014-03-28 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6}
2014-03-27 20:36 - 2014-03-27 20:36 - 00000000 ____D () C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8}
2014-03-26 14:01 - 2014-03-26 14:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D}
2014-03-26 01:02 - 2014-03-26 01:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965}
2014-03-25 13:02 - 2014-03-25 13:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C}
2014-03-25 01:01 - 2014-03-25 01:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016}
2014-03-24 13:01 - 2014-03-24 13:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6}
2014-03-24 01:00 - 2014-03-24 01:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D}
2014-03-23 12:55 - 2014-03-23 12:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842}
2014-03-22 10:32 - 2014-03-22 10:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B}
2014-03-21 19:54 - 2014-03-21 19:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A}
2014-03-21 07:28 - 2014-03-21 07:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348}
2014-03-20 13:09 - 2014-03-18 22:50 - 277461864 _____ () C:\Users\Siba\Desktop\Mexikansk afton på Odd 007.MOV
2014-03-20 12:33 - 2014-03-20 12:33 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87}
2014-03-19 23:50 - 2014-03-19 23:50 - 00000000 ____D () C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A}
2014-03-19 11:49 - 2014-03-19 11:49 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A}
2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C}
2014-03-18 08:26 - 2014-03-18 08:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-17 23:55 - 2014-03-17 23:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56}
2014-03-17 10:13 - 2014-03-17 10:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449}
2014-03-16 22:12 - 2014-03-16 22:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F}
2014-03-16 10:12 - 2014-03-16 10:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4}
2014-03-15 22:11 - 2014-03-15 22:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E}
2014-03-15 10:11 - 2014-03-15 10:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73}
2014-03-14 19:52 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE}
2014-03-14 07:51 - 2014-03-14 07:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1}
2014-03-13 10:00 - 2014-03-13 10:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190}
2014-03-13 07:40 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 07:40 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 07:40 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 07:40 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 07:40 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 07:40 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 07:40 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 07:40 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 07:40 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 07:40 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 07:40 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 07:40 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 07:40 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 07:40 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 07:40 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 07:40 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 07:40 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 07:40 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 07:40 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 07:40 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 07:40 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 07:40 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 07:40 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 07:40 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 07:40 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 07:40 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 07:40 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 07:40 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 07:40 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 07:40 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 07:40 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 07:40 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 07:40 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 07:40 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 07:40 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 07:40 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 07:40 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 07:40 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 07:40 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 07:40 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 07:40 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 07:40 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 07:40 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 07:40 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 07:39 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 07:39 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 07:39 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 07:39 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 21:59 - 2014-03-12 21:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA}
2014-03-12 09:58 - 2014-03-12 09:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3}
2014-03-11 21:58 - 2014-03-11 21:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396}
2014-03-11 09:57 - 2014-03-11 09:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10}
2014-03-10 21:57 - 2014-03-10 21:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF}
2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A}
2014-03-09 20:43 - 2014-03-09 20:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E}
2014-03-09 08:42 - 2014-03-09 08:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1}
2014-03-08 20:40 - 2014-03-08 20:40 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6}
2014-03-08 08:39 - 2014-03-08 08:39 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78}

==================== One Month Modified Files and Folders =======

2014-04-07 17:01 - 2014-04-07 17:01 - 00023484 _____ () C:\Users\Siba\Desktop\FRST.txt
2014-04-07 17:01 - 2014-04-07 17:00 - 00000000 ____D () C:\FRST
2014-04-07 17:00 - 2010-12-03 17:10 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\Skype
2014-04-07 16:58 - 2012-04-03 11:26 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 16:55 - 2014-04-07 16:55 - 00011904 _____ () C:\Users\Siba\Desktop\AdwCleaner[s0].txt
2014-04-07 16:48 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 16:48 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 16:44 - 2010-06-21 00:56 - 01951159 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 16:42 - 2010-12-06 16:27 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 16:40 - 2014-04-07 10:44 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-04-07 16:40 - 2013-02-28 19:26 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-04-07 16:40 - 2010-12-06 16:27 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 16:40 - 2010-12-03 16:39 - 00000000 ____D () C:\Users\Siba\Tracing
2014-04-07 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 16:39 - 2009-07-14 06:51 - 00232110 _____ () C:\Windows\setupact.log
2014-04-07 16:38 - 2014-04-07 09:19 - 00000000 ____D () C:\AdwCleaner
2014-04-07 16:22 - 2014-04-07 16:23 - 02157056 _____ (Farbar) C:\Users\Siba\Desktop\FRST64.exe
2014-04-07 14:20 - 2011-04-29 16:36 - 00000321 _____ () C:\Windows\Brownie.ini
2014-04-07 13:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-04-07 13:19 - 2013-08-15 18:11 - 00003928 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{616AC308-FC55-4A31-B74C-112D4CC5B179}
2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing
2014-04-07 10:12 - 2014-04-07 10:12 - 00012045 _____ () C:\Users\Siba\Desktop\AdwCleaner[R0].txt
2014-04-07 10:03 - 2014-04-07 10:03 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B77A7A43-8185-4306-A13C-764BEEB4F694}
2014-04-07 10:00 - 2010-04-30 16:49 - 00383912 _____ () C:\Windows\PFRO.log
2014-04-07 09:39 - 2014-04-07 09:39 - 00001304 _____ () C:\Users\Siba\Desktop\Notepad.lnk
2014-04-07 09:23 - 2013-02-28 19:26 - 00001409 _____ () C:\Windows\QTFont.for
2014-04-07 09:15 - 2010-12-03 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 09:12 - 2014-02-10 22:03 - 00000254 __RSH () C:\ProgramData\ntuser.pol
2014-04-07 07:12 - 2009-07-14 04:34 - 00000936 _____ () C:\Windows\win.ini
2014-04-06 21:56 - 2014-04-06 21:56 - 00000000 ____D () C:\Users\Siba\AppData\Local\{26A57F1C-BEF0-4343-BE22-E29F0DC9EAD5}
2014-04-06 07:28 - 2014-04-06 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7C810FEA-A879-45F6-B2E5-0BEE141D3237}
2014-04-05 20:01 - 2010-12-03 21:29 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\vlc
2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\Users\Siba\AppData\Local\{80C8230E-1512-4C96-A65D-E1DD75E15E1B}
2014-04-05 18:44 - 2011-02-22 15:01 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\dvdcss
2014-04-05 07:27 - 2014-04-05 07:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C42AA0B5-4130-48B1-9199-94A60CE2D6E1}
2014-04-04 19:26 - 2014-04-04 19:26 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CB1FA653-8B76-4739-B301-E63B53E0904D}
2014-04-04 16:32 - 2014-04-04 16:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\TB
2014-04-04 07:25 - 2014-04-04 07:25 - 00000000 ____D () C:\Users\Siba\AppData\Local\{4B98744F-AB5A-413F-B59E-BC0FD0AEBEF6}
2014-04-03 14:22 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\Siba\AppData\Local\{367B4189-8F34-454A-9791-978ED6AF8CBC}
2014-04-02 19:46 - 2010-06-21 01:47 - 00713596 _____ () C:\Windows\system32\perfh01D.dat
2014-04-02 19:46 - 2010-06-21 01:47 - 00161298 _____ () C:\Windows\system32\perfc01D.dat
2014-04-02 19:46 - 2009-07-14 07:13 - 01719382 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 15:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 13:44 - 2014-04-02 13:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7683B26D-AB59-44A1-8EF9-FFE9153DD637}
2014-04-01 09:05 - 2014-04-01 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CFB7990D-2716-4F33-A926-76EAE9450B8C}
2014-03-31 21:05 - 2014-03-31 21:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7ACFCE11-03AF-4F45-A6B9-C72B261EE70F}
2014-03-31 09:04 - 2014-03-31 09:04 - 00000000 ____D () C:\Users\Siba\AppData\Local\{99726094-1298-4335-86EB-FA44C30A144F}
2014-03-30 14:41 - 2014-03-30 14:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\{058A51F9-66CA-4605-AF3A-318D3B1ECB2A}
2014-03-30 00:51 - 2014-03-30 00:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{43779529-A7CD-4355-881E-359AB3B1D6FC}
2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\Users\Siba\AppData\Local\{594CCCC9-E4D6-47A4-A528-2A2DCBE2F7A8}
2014-03-29 00:28 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E41EF53C-5C27-4F5C-8B2C-FA123033696D}
2014-03-29 00:21 - 2014-03-29 00:21 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9380C198-F4A2-4D65-BED2-FC57AD183B4C}
2014-03-28 15:06 - 2010-09-26 19:41 - 00000000 ____D () C:\Users\Siba\AppData\Local\Google
2014-03-28 09:05 - 2014-03-28 09:05 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DA3794B0-33A6-41B9-AED0-175A6CE26CC6}
2014-03-27 20:36 - 2014-03-27 20:36 - 00000000 ____D () C:\Users\Siba\AppData\Local\{247A78A1-2A73-426B-9F66-FEFBC25925D8}
2014-03-26 14:02 - 2014-03-26 14:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{608A521F-D6C3-4BEE-A787-0084CCD4445D}
2014-03-26 10:37 - 2010-12-06 16:27 - 00003986 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 10:37 - 2010-12-06 16:27 - 00003734 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 01:02 - 2014-03-26 01:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{02E43831-9AD1-4CF6-934D-A642465E6965}
2014-03-25 22:57 - 2010-12-05 21:32 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\uTorrent
2014-03-25 15:12 - 2012-09-19 16:12 - 00000000 ____D () C:\Users\Siba\Downloads\Into.The.White.2012.Swesub.DVDrip.Xvid.AC3-Haggebulle
2014-03-25 13:02 - 2014-03-25 13:02 - 00000000 ____D () C:\Users\Siba\AppData\Local\{D562366B-4A40-4087-97EF-19FB8EEEFB3C}
2014-03-25 01:01 - 2014-03-25 01:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C823BFCA-5430-4E5E-839B-95BDC4529016}
2014-03-24 13:01 - 2014-03-24 13:01 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3379839D-BF76-4770-8368-2D8C3997DDE6}
2014-03-24 01:00 - 2014-03-24 01:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FEBE8501-6B80-4B53-86D5-66DF9279BA4D}
2014-03-23 16:04 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 12:55 - 2014-03-23 12:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{F9E3E375-0774-4EDD-9BBA-7A7B0D9BA842}
2014-03-22 10:32 - 2014-03-22 10:32 - 00000000 ____D () C:\Users\Siba\AppData\Local\{BECD6F39-24A4-48F2-9F0E-F8D1B370045B}
2014-03-21 19:55 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3D75A2C3-53D9-4B7C-98D0-F1557CDC558A}
2014-03-21 07:29 - 2014-03-21 07:28 - 00000000 ____D () C:\Users\Siba\AppData\Local\{DEA4FD81-5F4B-4343-A264-B1F0EC7F8348}
2014-03-20 12:33 - 2014-03-20 12:33 - 00000000 ____D () C:\Users\Siba\AppData\Local\{B814A57D-07B2-4B17-8A3A-3F624CF39C87}
2014-03-19 23:50 - 2014-03-19 23:50 - 00000000 ____D () C:\Users\Siba\AppData\Local\{74A2B95B-43F7-450D-9AC5-F3DA3B83500A}
2014-03-19 16:20 - 2010-12-27 13:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\Windows Live
2014-03-19 11:49 - 2014-03-19 11:49 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3AF8729F-00E2-49A0-BECF-9A681DD7CD3A}
2014-03-18 22:50 - 2014-03-20 13:09 - 277461864 _____ () C:\Users\Siba\Desktop\Mexikansk afton på Odd 007.MOV
2014-03-18 16:13 - 2013-07-18 08:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 16:10 - 2010-12-27 13:40 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 11:55 - 2014-03-18 11:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{586F9F9A-7ECD-4E3A-8D81-6F4CFB3C913C}
2014-03-18 08:26 - 2014-03-18 08:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-17 23:55 - 2014-03-17 23:55 - 00000000 ____D () C:\Users\Siba\AppData\Local\{7931A30A-E2D2-4B36-B6C7-A9BB5F1EFE56}
2014-03-17 10:13 - 2014-03-17 10:13 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E854F2A4-F0E1-45F4-8A21-21618BAC2449}
2014-03-16 22:13 - 2014-03-16 22:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A03793CF-63D5-4CF9-A015-C2B15754A94F}
2014-03-16 10:12 - 2014-03-16 10:12 - 00000000 ____D () C:\Users\Siba\AppData\Local\{47DCB76D-1B67-4549-9377-76580E1D97C4}
2014-03-15 22:12 - 2014-03-15 22:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{FFFFCA90-E3F8-4F8C-99AB-D422A195FF1E}
2014-03-15 10:11 - 2014-03-15 10:11 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A07C8EF3-61D2-48D4-804C-A13D77EEDF73}
2014-03-14 19:52 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\Siba\AppData\Local\{6B398168-9EE2-4208-9D18-E029EC76F2AE}
2014-03-14 07:51 - 2014-03-14 07:51 - 00000000 ____D () C:\Users\Siba\AppData\Local\{1DACC020-F213-4317-89FE-B09BE3B98FD1}
2014-03-14 07:48 - 2009-07-14 06:45 - 00423384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 07:46 - 2013-03-14 01:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:46 - 2010-04-30 16:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 02:02 - 2010-04-30 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 17:46 - 2010-12-03 17:47 - 00000000 ____D () C:\Program Files (x86)\Gmail Notifier
2014-03-13 17:27 - 2010-12-03 17:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 17:25 - 2010-12-03 16:47 - 00000000 ____D () C:\Users\Siba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop
2014-03-13 17:25 - 2010-12-03 16:47 - 00000000 ____D () C:\Users\Siba\AppData\Local\CrossLoop
2014-03-13 17:14 - 2011-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-03-13 17:14 - 2011-02-02 12:12 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-13 17:14 - 2010-06-21 01:00 - 00032722 _____ () C:\Windows\DPINST.LOG
2014-03-13 10:00 - 2014-03-13 10:00 - 00000000 ____D () C:\Users\Siba\AppData\Local\{91B8C9C9-B85E-451B-B440-3194702D7190}
2014-03-12 21:59 - 2014-03-12 21:59 - 00000000 ____D () C:\Users\Siba\AppData\Local\{A34D6203-418A-4B59-9C0B-8D83CE1868BA}
2014-03-12 09:59 - 2014-03-12 09:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{845C3765-FAA9-46DB-82DE-CA78596160E3}
2014-03-11 23:58 - 2012-04-03 11:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 23:58 - 2012-04-03 11:26 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 23:58 - 2011-06-08 14:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:58 - 2014-03-11 21:58 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CE374816-07B6-4666-B3A3-2BDDA5BDE396}
2014-03-11 09:58 - 2014-03-11 09:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{940CD062-74D2-4C77-92CC-BBB5116A7F10}
2014-03-10 21:57 - 2014-03-10 21:57 - 00000000 ____D () C:\Users\Siba\AppData\Local\{3357E248-6E2A-4291-86E3-D298484614DF}
2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{9A428C7F-2C15-4562-AF6E-83D1A3D4AB0A}
2014-03-09 20:43 - 2014-03-09 20:43 - 00000000 ____D () C:\Users\Siba\AppData\Local\{41B9C45B-C4FB-4F01-9286-72EE4514589E}
2014-03-09 08:42 - 2014-03-09 08:42 - 00000000 ____D () C:\Users\Siba\AppData\Local\{E6C0677D-4ABC-4D04-B154-D2846B33AAA1}
2014-03-08 20:40 - 2014-03-08 20:40 - 00000000 ____D () C:\Users\Siba\AppData\Local\{C8F2AC0A-09A1-4755-843F-614C24D5A6C6}
2014-03-08 08:39 - 2014-03-08 08:39 - 00000000 ____D () C:\Users\Siba\AppData\Local\{CBF51D31-0A90-40CE-A584-0B60D9685A78}

Some content of TEMP:
====================
C:\Users\Siba\AppData\Local\Temp\.exe
C:\Users\Siba\AppData\Local\Temp\2238.exe
C:\Users\Siba\AppData\Local\Temp\4.0.0.9-EasyShrx.Dll
C:\Users\Siba\AppData\Local\Temp\8.2.30.1-EasyShrx.Dll
C:\Users\Siba\AppData\Local\Temp\8.3.20.1-EasyShrx.Dll
C:\Users\Siba\AppData\Local\Temp\9B45.exe
C:\Users\Siba\AppData\Local\Temp\9D38.exe
C:\Users\Siba\AppData\Local\Temp\BackupSetup.exe
C:\Users\Siba\AppData\Local\Temp\BandooV6.exe
C:\Users\Siba\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Siba\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Siba\AppData\Local\Temp\IadHide5.dll
C:\Users\Siba\AppData\Local\Temp\installhelper.dll
C:\Users\Siba\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Siba\AppData\Local\Temp\lastpass_1.75.0.exe
C:\Users\Siba\AppData\Local\Temp\lastpass_1.80.0.exe
C:\Users\Siba\AppData\Local\Temp\lastpass_1.90.0.exe
C:\Users\Siba\AppData\Local\Temp\lastpass_2.0.0.exe
C:\Users\Siba\AppData\Local\Temp\lastpass_2.0.2.exe
C:\Users\Siba\AppData\Local\Temp\Quarantine.exe
C:\Users\Siba\AppData\Local\Temp\rcpsetup_26034.exe
C:\Users\Siba\AppData\Local\Temp\ResetDevice.exe
C:\Users\Siba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Siba\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Siba\AppData\Local\Temp\tbuTor.dll
C:\Users\Siba\AppData\Local\Temp\tmp8819.exe
C:\Users\Siba\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Siba\AppData\Local\Temp\VistaLib64_1.dll
C:\Users\Siba\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Siba\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:41

==================== End Of Log ============================

 

 

Addition.txt

Länk till kommentar
Dela på andra webbplatser

1. Starta Anteckningar.

Kopiera alla rader i rutan:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29]
CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03]
2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

2. Hur ska du ha det med antivirusprogram i datorn?

 

3. Gå igenom tilläggen i Chrome och ta bort sådana som inte används.

https://support.google.com/chrome/answer/113907?hl=sv

T ex dessa tre finns fortfarande kvar där fast filerna är borttagna:

CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

 

4. Där verkar finnas gamla programversioner med säkerhetshål i datorn. Låt Secunias Software Inspector kolla upp datorn och fixa de problem som den rapporterar. Den engelska sidan http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ beskriver hur man installerar och använder programmet.

 

5. Kör Diskrensningsprogrammet för att ta bort tillfälliga filer:

Högerklicka på C: och välj Egenskaper.

Klicka på knappen Diskrensning som finns på fliken Allmänt.

 

6. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1. OK, det tog lite tid för brorsan var borta i går på eftermiddagen, och allt tar lite extra tid när det måste gå via ytterligare en person (mig)  :)

 

Här kommer fixlist.log:

 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29]
CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03]
2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing

 

2. Han brukar använda onlinescanning och saknar antivirusprogram

 

3. Vi hittade inte hur man tar bort plugins i chrome, så vi avinstallerade den sökmotorn och lade in den på nytt.

 

4. Utfört.

 

5. Diskrensning körd.

 

 

6....och här är resultatet av eset:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport.dll.vir    a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport.old.vir    a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir    a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir    a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Siba\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir    a variant of Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Siba\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Siba\AppData\Local\Temp\BandooV6.exe    multiple threats
C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe    Win32/Packed.ScrambleWrapper.A potentially unwanted application
C:\Users\Siba\AppData\Local\Temp\tbuTor.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll    Win32/TopMedia.A potentially unwanted application
C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33    a variant of Java/Exploit.CVE-2013-2460.B trojan
F:\Downloads\setup.exe    Win32/AdWare.Linkular.AJ application
F:\Downloads\unlocker1.9.0(2).exe    Win32/Adware.ADON potentially unwanted application
F:\Downloads\unlocker1.9.0.exe    Win32/Adware.ADON potentially unwanted application
 

Länk till kommentar
Dela på andra webbplatser

Inget att be om ursäkt för :)

 

Du har klistrat in fixlist.txt och inte fixlog.txt.

Länk till kommentar
Dela på andra webbplatser

Oj då!

Många filer att hålla reda på. Här kommer Fixloggen:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Siba at 2014-04-09 12:30:59 Run:1
Running from C:\Users\Siba\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29]
CHR HKLM-x32\...\Chrome\Extension: [dijoojjdmkbmmmbobkingeecghfeciaj] - C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx [2012-09-03]
2014-04-07 10:44 - 2014-04-07 16:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-04-07 10:44 - 2014-04-07 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dijoojjdmkbmmmbobkingeecghfeciaj => Key deleted successfully.
"C:\Program Files (x86)\Spring Smart\dijoojjdmkbmmmbobkingeecghfeciaj.crx" => File/Directory not found.
C:\Windows\Tasks\bench-Updater removing.job => Moved successfully.
C:\Windows\System32\Tasks\bench-Updater removing => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Länk till kommentar
Dela på andra webbplatser

Dessa tre instalaltionsfiler har du själv sparat och Esets skanner reagerade på dem därför att de kommer att vilja installera onödiga tillägg när de körs:

F:\Downloads\setup.exe    Win32/AdWare.Linkular.AJ application
F:\Downloads\unlocker1.9.0(2).exe    Win32/Adware.ADON potentially unwanted application
F:\Downloads\unlocker1.9.0.exe    Win32/Adware.ADON potentially unwanted application

 

Starta Anteckningar.
Kopiera alla rader i rutan:

C:\Users\Siba\AppData\Local\TB
C:\Users\Siba\AppData\Local\Temp\BandooV6.exe
C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Siba\AppData\Local\Temp\tbuTor.dll
C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll
C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

 

Hur fungerar datorn nu?

Länk till kommentar
Dela på andra webbplatser

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Siba at 2014-04-09 20:25:58 Run:2
Running from C:\Users\Siba\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Siba\AppData\Local\TB
C:\Users\Siba\AppData\Local\Temp\BandooV6.exe
C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Siba\AppData\Local\Temp\tbuTor.dll
C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll
C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33
*****************

C:\Users\Siba\AppData\Local\TB => Moved successfully.
C:\Users\Siba\AppData\Local\Temp\BandooV6.exe => Moved successfully.
C:\Users\Siba\AppData\Local\Temp\DealsPluginROW.exe => Moved successfully.
C:\Users\Siba\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\Siba\AppData\Local\Temp\PromoEngineInstaller\chutil.dll => Moved successfully.
C:\Users\Siba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\76e8cc05-45860c33 => Moved successfully.

==== End of Fixlog ====

 

 

 

Nu verkar datorn fungera som den skall!

Tack för all din hjälp!

Länk till kommentar
Dela på andra webbplatser

Utmärkt!

Bara trevligt att kunna hjälpa till :)

 

Nu återstår bara avinstallera specialprogrammen:

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...