Just nu i M3-nätverket
Gå till innehåll

Malware jag inte får bort, börjar bli desperat!


meankitty

Rekommendera Poster

Hej vänner,

Jag behöver verkligen hjälp. Jag bifogar en bild på mitt problem. Jag har fått ett virus, av Google att döma en Malware, som gör att jag får som ads på alla sidor jag besöker. Får även pop-ups och den gör även om delar till brödtext till länkar. Det är mäkta irriterande, och jag börjar bli desperat.

Den information jag får om den är bland annat att i informationen till länkarna finner jag hänvisningen "dsw.drivertickets.net", även "Keep Now" och "SaveNewaAppz". I de guider jag finner får jag uppgifter om att avinstallera diverse program via min kontrollpanel, men jag finner inga program som passar in på beskrivningen. De program jag inte känt igen har jag googlat för att se över så att de inte är skadliga. Steg två har varit att avaktivera tillägg i Chrome, men det finns inte som tillägg heller. 

Jag har sökt igenom datorn 4 gånger med "Malwarebytes Anti-Malware" och har tagit bort det som hittats, rebootat, men ändå har det funnits kvar. Även prövat programmet Spybot, samt rensat datorn med CCleaner. Jag börjar nu, som sagt, bli desperat. Hur blir jag av med denna pest?!

post-66211-0-02935800-1403139989_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Ledsen för wall of text, men körde scan som var rekommenderad för att få hjälp:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Elin (administrator) on KITTY-COMPUTER on 19-06-2014 01:57:03
Running from C:\Users\Elin\Downloads
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
 
 
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\CancelAutoPlay.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Elin\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spotify Ltd) C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Elin\AppData\Roaming\uTorrent\uTorrent.exe
(ZTE) C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\mcserver.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\dbus-daemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\db_daemon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Curse, Inc) C:\Users\Elin\AppData\Roaming\Curse Client\Bin\Curse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Curse) C:\Users\Elin\AppData\Local\Apps\2.0\NJCVXO31.YZ6\GC6JZGLG.P3Z\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-06-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-05-13] (MSI)
HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [406944 2013-05-13] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [CancelAutoPlay.exe] => C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\CancelAutoPlay.exe [68096 2012-03-30] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1567624 2013-05-31] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [blueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [Trust Gaming Mouse] => C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-02-26] ( (Atheros Communications))
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [spotify] => C:\Users\Elin\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [spotify Web Helper] => C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [uTorrent] => C:\Users\Elin\AppData\Roaming\uTorrent\uTorrent.exe [1267536 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\MountPoints2: {6ae37ba9-a000-11e3-be95-70188b82aa0a} - "E:\windows\Data\AutoRun.exe" 
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\MountPoints2: {f695eed4-d467-11e3-bedc-6c626d358d25} - "E:\Startme.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performancer\Performancer_x64.dll [4302848 2014-06-05] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~3\perfor~1\perfor~1.dll => C:\ProgramData\Performancer\Performancer.dll [4129280 2014-06-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Elin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Elin\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Elin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
SearchScopes: HKLM-x32 - DefaultScope {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
SearchScopes: HKLM-x32 - {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
SearchScopes: HKCU - DefaultScope {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
BHO: ApaptoU - {5AD50878-D281-A890-480F-A1651DC3FA20} - C:\ProgramData\ApaptoU\IJNUV0XUI.x64.dll No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 18 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @bankid.com/BankID Security Application,version=5.1.3.2 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - D:\Ny mapp\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\Ny mapp\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (little owl) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane [2014-01-29]
CHR Extension: (Google Dokument) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Adblock Plus) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]
CHR Extension: (Sök på Google) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (AdBlock) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-01]
CHR Extension: (FBLayoutsForFree Facebook Layouts) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (History) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2014-06-15]
CHR Extension: (Gmail) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-26] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 dfc86759; C:\ProgramData\Performancer\PerformancerSvc.dll [186192 2014-06-05] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [98672 2013-06-25] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-13] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe [123320 2012-08-13] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe [126392 2012-08-13] (Symantec Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3758800 2013-03-15] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-26] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-29] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-12-20] (HandSet Incorporated)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-01-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-01-29] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2014-02-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [407112 2013-06-25] (Realsil Semiconductor Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-29] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 trustms; C:\Windows\system32\drivers\trustms.sys [12416 2010-11-15] ()
S3 zgdcat; C:\Windows\system32\DRIVERS\zgdcat.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\system32\DRIVERS\zgdcdiag.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\system32\DRIVERS\zgdcmdm.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\system32\DRIVERS\zgdcnet.sys [169496 2011-12-20] (ZTE Incorporated)
S3 zgdcnmea; C:\Windows\system32\DRIVERS\zgdcnmea.sys [130200 2011-12-20] (ZTE Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 01:57 - 2014-06-19 01:57 - 00028684 _____ () C:\Users\Elin\Downloads\FRST.txt
2014-06-19 01:57 - 2014-06-19 01:57 - 00000000 ____D () C:\FRST
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64.exe
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00005096 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-19 01:36 - 2014-06-19 01:36 - 00000568 _____ () C:\Windows\PFRO.log
2014-06-19 01:14 - 2014-06-19 01:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-19 01:13 - 2014-06-19 01:13 - 16409960 _____ (Safer Networking Limited ) C:\Users\Elin\Downloads\spybotsd162.exe
2014-06-19 01:12 - 2014-06-19 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-19 01:12 - 2014-06-19 01:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 01:11 - 2014-06-19 01:11 - 04748896 _____ (Piriform Ltd) C:\Users\Elin\Downloads\ccsetup414.exe
2014-06-12 11:00 - 2014-04-29 09:14 - 00000318 _____ () C:\Users\Elin\Desktop\Curse Client.appref-ms
2014-06-05 19:51 - 2014-06-05 19:51 - 00014807 _____ () C:\Users\Elin\Downloads\[yoro] Love Live! S2 - 09 [099C395F].mkv.torrent
2014-06-05 12:48 - 2014-06-05 12:48 - 00017871 _____ () C:\Users\Elin\Downloads\9D0A7B52D0E7FE51345D9591DD110653001B9A8D[swesub.tv].torrent
2014-06-05 12:38 - 2014-06-17 02:02 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-05 12:38 - 2014-06-15 19:51 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
2014-06-05 12:18 - 2014-06-05 12:18 - 00000000 ____D () C:\ProgramData\Performancer
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 01:57 - 2014-06-19 01:57 - 00028684 _____ () C:\Users\Elin\Downloads\FRST.txt
2014-06-19 01:57 - 2014-06-19 01:57 - 00000000 ____D () C:\FRST
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64.exe
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
2014-06-19 01:55 - 2014-01-31 22:50 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\uTorrent
2014-06-19 01:46 - 2014-01-31 22:56 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\Skype
2014-06-19 01:43 - 2013-02-22 13:14 - 00722714 _____ () C:\Windows\system32\perfh01D.dat
2014-06-19 01:43 - 2013-02-22 13:14 - 00149578 _____ () C:\Windows\system32\perfc01D.dat
2014-06-19 01:43 - 2012-07-26 08:28 - 01713108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 01:42 - 2014-02-01 11:02 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\Spotify
2014-06-19 01:39 - 2014-06-19 01:39 - 00005096 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-19 01:39 - 2014-05-17 23:08 - 00000000 ____D () C:\Users\Elin\AppData\Local\Adobe
2014-06-19 01:37 - 2014-01-29 17:32 - 00000000 ____D () C:\Users\Elin\AppData\Local\Deployment
2014-06-19 01:37 - 2013-06-26 19:26 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-06-19 01:36 - 2014-06-19 01:36 - 00000568 _____ () C:\Windows\PFRO.log
2014-06-19 01:36 - 2014-01-29 17:33 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 01:36 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 01:36 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-19 01:24 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-19 01:13 - 2014-06-19 01:13 - 16409960 _____ (Safer Networking Limited ) C:\Users\Elin\Downloads\spybotsd162.exe
2014-06-19 01:12 - 2014-06-19 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-19 01:12 - 2014-06-19 01:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 01:12 - 2014-01-29 18:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-19 01:12 - 2014-01-29 17:53 - 00000000 ____D () C:\Users\Elin\AppData\Local\CrashDumps
2014-06-19 01:12 - 2013-02-22 07:59 - 00000000 ____D () C:\Windows\Panther
2014-06-19 01:11 - 2014-06-19 01:11 - 04748896 _____ (Piriform Ltd) C:\Users\Elin\Downloads\ccsetup414.exe
2014-06-19 01:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-19 00:58 - 2014-01-29 17:33 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 21:52 - 2014-03-20 18:55 - 00000000 ____D () C:\Users\Elin\AppData\Local\PMB Files
2014-06-17 21:55 - 2014-01-29 23:00 - 00239616 ___SH () C:\Users\Elin\Downloads\Thumbs.db
2014-06-17 21:08 - 2014-02-01 00:31 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\vlc
2014-06-17 13:50 - 2014-02-01 11:03 - 00000000 ____D () C:\Users\Elin\AppData\Local\Spotify
2014-06-17 13:50 - 2014-01-31 22:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-17 13:50 - 2014-01-31 22:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-17 02:02 - 2014-06-05 12:38 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-15 19:51 - 2014-06-05 12:38 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
2014-06-13 10:22 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-05 22:14 - 2014-03-20 18:55 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-05 17:48 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 12:48 - 2014-06-05 12:48 - 00017871 _____ () C:\Users\Elin\Downloads\9D0A7B52D0E7FE51345D9591DD110653001B9A8D[swesub.tv].torrent
2014-06-05 12:18 - 2014-06-05 12:18 - 00000000 ____D () C:\ProgramData\Performancer
2014-05-25 22:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-11 14:38
 
==================== End Of Log ============================

 

Addition.txt

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Inget att vara ledsen för, det är precis så där mycket text som jag behöver se.

 

1. Här har du två Chrome-tillägg som har tillkommit i juni:

CHR Extension: (FBLayoutsForFree Facebook Layouts) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce [2014-06-05]

CHR Extension: (History) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2014-06-15]

Särskilt "FBLayoutsForFree Facebook Layouts" är misstänkt eftersom datumet för det är samma för en del olämpliga/skadliga filer.

 

2. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

Glömde spara den på skrivbordet, gör det något?

# AdwCleaner v3.212 - Report created 19/06/2014 at 08:24:42
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Elin - KITTY-COMPUTER
# Running from : C:\Users\Elin\Downloads\adwcleaner_3.212.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : dfc86759
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\ProgramData\Performancer
Folder Found : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\perfor~1\perfor~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxp://start.mysearchdial.com/?f=1&a=ir_14_20_ch&cd=2XzuyEtN2Y1L1QzuyBtDtCzzzz0BzztB0A0AtDzytAyE0F0BtN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0CtB0D0ByEtByEtGyC0D0D0EtGyD0EyBtBtGyCtD0E0CtGyCyCtDyCtD0A0AtBtCtCyCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0AzytA0CtA0E0DtGzz0A0BtBtGtB0F0E0AtGzzyEzz0AtGtD0B0C0E0EyEyD0B0DyByDtB2Q&cr=2050830474&ir=
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : iagcajndpnfncplednpbnkahadegklfa
Found [Extension] : lepbgbjeigddjmiejeaoblhjfombjfce
 
*************************
 
AdwCleaner[R0].txt - [3487 octets] - [19/06/2014 08:24:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3547 octets] ##########
Länk till kommentar
Dela på andra webbplatser

1. Så länge det bara gällde att skanna så går det bra men nu får du antingen ladda ner på nytt och spara på skrivbordet eller flytta AdwCleaner från mappen "Hämtade filer" till skrivbordet.

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

2. Kör FRST igen och klistra in den nya FRST.txt, så får vi se vad som finns kvar.

 

3. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1. # AdwCleaner v3.212 - Report created 19/06/2014 at 21:17:12

# Updated 05/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Elin - KITTY-COMPUTER
# Running from : C:\Users\Elin\Desktop\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : dfc86759
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Performancer
Folder Deleted : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce
File Deleted : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\perfor~1\perfor~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : iagcajndpnfncplednpbnkahadegklfa
Deleted [Extension] : lepbgbjeigddjmiejeaoblhjfombjfce
 
*************************
 
AdwCleaner[R0].txt - [3651 octets] - [19/06/2014 08:24:42]
AdwCleaner[R1].txt - [3709 octets] - [19/06/2014 21:16:49]
AdwCleaner[s0].txt - [3096 octets] - [19/06/2014 21:17:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3156 octets] ##########


 
2.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Elin (administrator) on KITTY-COMPUTER on 19-06-2014 21:22:04
Running from C:\Users\Elin\Downloads
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
 
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\CancelAutoPlay.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Elin\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spotify Ltd) C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Elin\AppData\Roaming\uTorrent\uTorrent.exe
(ZTE) C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\mcserver.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\dbus-daemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\db_daemon.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Curse, Inc) C:\Users\Elin\AppData\Roaming\Curse Client\Bin\Curse.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
() C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-06-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-05-13] (MSI)
HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [406944 2013-05-13] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [CancelAutoPlay.exe] => C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\CancelAutoPlay.exe [68096 2012-03-30] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1567624 2013-05-31] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [blueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [Trust Gaming Mouse] => C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe [2245632 2011-01-17] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-02-26] ( (Atheros Communications))
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [spotify] => C:\Users\Elin\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [spotify Web Helper] => C:\Users\Elin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\Run: [uTorrent] => C:\Users\Elin\AppData\Roaming\uTorrent\uTorrent.exe [1267536 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\MountPoints2: {6ae37ba9-a000-11e3-be95-70188b82aa0a} - "E:\windows\Data\AutoRun.exe" 
HKU\S-1-5-21-4225199852-143531344-3112908861-1002\...\MountPoints2: {f695eed4-d467-11e3-bedc-6c626d358d25} - "E:\Startme.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\ZTE MF820D Modem Mobilebroadband\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Elin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Elin\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Elin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
BHO: ApaptoU - {5AD50878-D281-A890-480F-A1651DC3FA20} - C:\ProgramData\ApaptoU\IJNUV0XUI.x64.dll No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @bankid.com/BankID Security Application,version=5.1.3.2 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - D:\Ny mapp\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\Ny mapp\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (little owl) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane [2014-01-29]
CHR Extension: (Google Dokument) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Adblock Plus) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]
CHR Extension: (Sök på Google) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (AdBlock) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-01]
CHR Extension: (FBLayoutsForFree Facebook Layouts) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (History) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2014-06-15]
CHR Extension: (Gmail) - C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-26] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [98672 2013-06-25] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-13] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe [123320 2012-08-13] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe [126392 2012-08-13] (Symantec Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3758800 2013-03-15] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-26] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-29] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-12-20] (HandSet Incorporated)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-01-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-01-29] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2014-02-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [407112 2013-06-25] (Realsil Semiconductor Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-29] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 trustms; C:\Windows\system32\drivers\trustms.sys [12416 2010-11-15] ()
S3 zgdcat; C:\Windows\system32\DRIVERS\zgdcat.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\system32\DRIVERS\zgdcdiag.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\system32\DRIVERS\zgdcmdm.sys [130200 2011-12-20] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\system32\DRIVERS\zgdcnet.sys [169496 2011-12-20] (ZTE Incorporated)
S3 zgdcnmea; C:\Windows\system32\DRIVERS\zgdcnmea.sys [130200 2011-12-20] (ZTE Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 21:20 - 2014-06-19 21:20 - 00005096 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-19 08:24 - 2014-06-19 21:17 - 00000000 ____D () C:\AdwCleaner
2014-06-19 08:24 - 2014-06-19 08:24 - 01333465 _____ () C:\Users\Elin\Desktop\adwcleaner_3.212.exe
2014-06-19 08:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-19 01:57 - 2014-06-19 21:22 - 00026793 _____ () C:\Users\Elin\Downloads\FRST.txt
2014-06-19 01:57 - 2014-06-19 21:22 - 00000000 ____D () C:\FRST
2014-06-19 01:57 - 2014-06-19 01:57 - 00037648 _____ () C:\Users\Elin\Downloads\Addition.txt
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64.exe
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
2014-06-19 01:36 - 2014-06-19 21:17 - 00000882 _____ () C:\Windows\PFRO.log
2014-06-19 01:14 - 2014-06-19 01:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-19 01:13 - 2014-06-19 01:13 - 16409960 _____ (Safer Networking Limited ) C:\Users\Elin\Downloads\spybotsd162.exe
2014-06-19 01:12 - 2014-06-19 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-19 01:12 - 2014-06-19 01:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 01:11 - 2014-06-19 01:11 - 04748896 _____ (Piriform Ltd) C:\Users\Elin\Downloads\ccsetup414.exe
2014-06-12 11:00 - 2014-04-29 09:14 - 00000318 _____ () C:\Users\Elin\Desktop\Curse Client.appref-ms
2014-06-05 12:38 - 2014-06-17 02:02 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-05 12:38 - 2014-06-15 19:51 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 21:22 - 2014-06-19 01:57 - 00026793 _____ () C:\Users\Elin\Downloads\FRST.txt
2014-06-19 21:22 - 2014-06-19 01:57 - 00000000 ____D () C:\FRST
2014-06-19 21:22 - 2014-01-31 22:56 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\Skype
2014-06-19 21:20 - 2014-06-19 21:20 - 00005096 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-19 21:20 - 2014-01-31 22:50 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\uTorrent
2014-06-19 21:18 - 2014-02-01 11:02 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\Spotify
2014-06-19 21:17 - 2014-06-19 08:24 - 00000000 ____D () C:\AdwCleaner
2014-06-19 21:17 - 2014-06-19 01:36 - 00000882 _____ () C:\Windows\PFRO.log
2014-06-19 21:17 - 2014-01-29 17:33 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 21:17 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 11:02 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-19 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-19 10:58 - 2014-01-29 17:33 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 08:26 - 2013-02-22 13:14 - 00722714 _____ () C:\Windows\system32\perfh01D.dat
2014-06-19 08:26 - 2013-02-22 13:14 - 00149578 _____ () C:\Windows\system32\perfc01D.dat
2014-06-19 08:26 - 2012-07-26 08:28 - 01713108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 08:24 - 2014-06-19 08:24 - 01333465 _____ () C:\Users\Elin\Desktop\adwcleaner_3.212.exe
2014-06-19 02:04 - 2014-01-29 23:00 - 00239616 ___SH () C:\Users\Elin\Downloads\Thumbs.db
2014-06-19 02:00 - 2014-05-17 23:08 - 00000000 ____D () C:\Users\Elin\AppData\Local\Adobe
2014-06-19 01:57 - 2014-06-19 01:57 - 00037648 _____ () C:\Users\Elin\Downloads\Addition.txt
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64.exe
2014-06-19 01:56 - 2014-06-19 01:56 - 02082304 _____ (Farbar) C:\Users\Elin\Downloads\FRST64 (1).exe
2014-06-19 01:37 - 2014-01-29 17:32 - 00000000 ____D () C:\Users\Elin\AppData\Local\Deployment
2014-06-19 01:37 - 2013-06-26 19:26 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-06-19 01:24 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-19 01:14 - 2014-06-19 01:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-19 01:13 - 2014-06-19 01:13 - 16409960 _____ (Safer Networking Limited ) C:\Users\Elin\Downloads\spybotsd162.exe
2014-06-19 01:12 - 2014-06-19 01:12 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-19 01:12 - 2014-06-19 01:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 01:12 - 2014-01-29 18:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-19 01:12 - 2014-01-29 17:53 - 00000000 ____D () C:\Users\Elin\AppData\Local\CrashDumps
2014-06-19 01:12 - 2013-02-22 07:59 - 00000000 ____D () C:\Windows\Panther
2014-06-19 01:11 - 2014-06-19 01:11 - 04748896 _____ (Piriform Ltd) C:\Users\Elin\Downloads\ccsetup414.exe
2014-06-18 21:52 - 2014-03-20 18:55 - 00000000 ____D () C:\Users\Elin\AppData\Local\PMB Files
2014-06-17 21:08 - 2014-02-01 00:31 - 00000000 ____D () C:\Users\Elin\AppData\Roaming\vlc
2014-06-17 13:50 - 2014-02-01 11:03 - 00000000 ____D () C:\Users\Elin\AppData\Local\Spotify
2014-06-17 13:50 - 2014-01-31 22:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-17 13:50 - 2014-01-31 22:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-17 02:02 - 2014-06-05 12:38 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-15 19:51 - 2014-06-05 12:38 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
2014-06-13 10:22 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-05 22:14 - 2014-03-20 18:55 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-05 17:48 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-25 22:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
 
Some content of TEMP:
====================
C:\Users\Elin\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-19 08:43
 
==================== End Of Log ============================


3. 
 

C:\AdwCleaner\Quarantine\C\ProgramData\Performancer\Performancer.dll.vir a variant of Win32/SProtector.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Performancer\PerformancerSvc.dll.vir a variant of Win32/SProtector.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Performancer\Performancer_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\Users\Elin\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Länk till kommentar
Dela på andra webbplatser

1. Leta upp tillägget "FBLayoutsForFree Facebook Layouts" i Chrome och ta bort det: https://support.google.com/chrome/answer/113907?hl=sv

 

2. Starta Anteckningar.

Kopiera alla rader i rutan:

SearchScopes: HKLM - DefaultScope {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM - {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ApaptoU - {5AD50878-D281-A890-480F-A1651DC3FA20} - C:\ProgramData\ApaptoU\IJNUV0XUI.x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce
2014-06-05 12:38 - 2014-06-17 02:02 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-05 12:38 - 2014-06-15 19:51 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Starta om datorn.

 

3. Hur fungerar datorn nu?

Några fler frågor innan jag skriver hur du ska avinstallera AdwCleaner och FRST?

Länk till kommentar
Dela på andra webbplatser

  • 2 veckor senare...

1. Leta upp tillägget "FBLayoutsForFree Facebook Layouts" i Chrome och ta bort det: https://support.google.com/chrome/answer/113907?hl=sv

 

2. Starta Anteckningar.

Kopiera alla rader i rutan:

SearchScopes: HKLM - DefaultScope {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM - {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ApaptoU - {5AD50878-D281-A890-480F-A1651DC3FA20} - C:\ProgramData\ApaptoU\IJNUV0XUI.x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce
2014-06-05 12:38 - 2014-06-17 02:02 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-05 12:38 - 2014-06-15 19:51 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Starta om datorn.

 

3. Hur fungerar datorn nu?

Några fler frågor innan jag skriver hur du ska avinstallera AdwCleaner och FRST?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2014
Ran by Elin at 2014-07-01 14:27:14 Run:1
Running from C:\Users\Elin\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir='>http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM - {009AC84F-DB95-46D0-8DBB-D4CD9A14F33A} URL = http://start.mysearc...=2050830474&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ApaptoU - {5AD50878-D281-A890-480F-A1651DC3FA20} - C:\ProgramData\ApaptoU\IJNUV0XUI.x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce
2014-06-05 12:38 - 2014-06-17 02:02 - 00000000 ____D () C:\ProgramData\ApaptoU
2014-06-05 12:38 - 2014-06-15 19:51 - 00000000 ____D () C:\ProgramData\ec17b136dc784279
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{009AC84F-DB95-46D0-8DBB-D4CD9A14F33A}' => Key deleted successfully.
'HKCR\CLSID\{009AC84F-DB95-46D0-8DBB-D4CD9A14F33A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AD50878-D281-A890-480F-A1651DC3FA20}' => Key deleted successfully.
'HKCR\CLSID\{5AD50878-D281-A890-480F-A1651DC3FA20}' => Key deleted successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
"C:\Users\Elin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepbgbjeigddjmiejeaoblhjfombjfce" => File/Directory not found.
C:\ProgramData\ApaptoU => Moved successfully.
C:\ProgramData\ec17b136dc784279 => Moved successfully.
 
==== End of Fixlog ====

 

 

3. Problem kvarstår.

Länk till kommentar
Dela på andra webbplatser

Har du hitta felet? Om du inte har det så vet jag vad som är felet. Har hjälp många barn med det här. Kan hjälpa dig via teamviewer och via skype om det önskas.

 

Om det är det här så ta jag bort det på 2 minuter.

Länk till kommentar
Dela på andra webbplatser

Har du hitta felet? Om du inte har det så vet jag vad som är felet. Har hjälp många barn med det här. Kan hjälpa dig via teamviewer och via skype om det önskas.

 

Om det är det här så ta jag bort det på 2 minuter.

Lagt till dig på Skype.

Länk till kommentar
Dela på andra webbplatser

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2014
Ran by Elin at 2014-07-01 14:27:14 Run:1
Running from C:\Users\Elin\Desktop
Boot Mode: Normal

 

3. Problem kvarstår.

 

Eftersom det har gått så lång tid får du ta bort den AdwCleaner du har och hämta en ny från samma länk som tidigare. Kör den och klistra in resultatet. Kör även FRST och klistra in loggen från den.

 

När det gäller fjärrhjälp instämmer jag i det som Microsoft skriver i sina forumregler:

 

  • Var mycket försiktig med att acceptera direkthjälp från en annan användare. Om en användare erbjuder sig att använda Fjärrhjälp för att hjälpa dig, bör du vara medveten om att personen ifråga då får åtkomst till din dator och att datorn kan hackas.
  • Om du erbjuder dig att frivilligt hjälpa en annan användare via Fjärrhjälp måste du vara mycket försiktig så att du inte på något sätt skadar användarens dator eller får åtkomst till information som inte öppet gjorts tillgänglig för dig. Missbruk av Fjärrhjälp tolereras inte och leder till att du avstängs från communityn.

http://answers.microsoft.com/sv-se/page/faq#faqCodeConduct5

Länk till kommentar
Dela på andra webbplatser

Eftersom det har gått så lång tid får du ta bort den AdwCleaner du har och hämta en ny från samma länk som tidigare. Kör den och klistra in resultatet. Kör även FRST och klistra in loggen från den.

 

När det gäller fjärrhjälp instämmer jag i det som Microsoft skriver i sina forumregler:

http://answers.microsoft.com/sv-se/page/faq#faqCodeConduct5

Går även bra att skärm dela med. AdwCleaner kommer nog inte funka.

Länk till kommentar
Dela på andra webbplatser

Hej,

Det är nu löst! Det var ett tillägg som hade smugit sig in under namnet "history" i Google Chrome, vilket gjorde att jag inte misstänkte detta. Detta löstes tack vare skärmdelning med "kikotte". :-)

Tack för all hjälp och den tid ni lagt ned på att hjälpa mig! 

Länk till kommentar
Dela på andra webbplatser

cybertears

Eftersom det har gått så lång tid får du ta bort den AdwCleaner du har och hämta en ny från samma länk som tidigare. Kör den och klistra in resultatet. Kör även FRST och klistra in loggen från den.

 

När det gäller fjärrhjälp instämmer jag i det som Microsoft skriver i sina forumregler:

http://answers.microsoft.com/sv-se/page/faq#faqCodeConduct5

Kan hålla med Cecilia där, jag hade aldrig velat ge en okänd person tillgång till min dator direkt, jag tycker att Cecilia gör ett toppen jobb bara man följer stegen och gör som man blir ombedd om att göra så löser det sig.

Länk till kommentar
Dela på andra webbplatser

Hej,

 

Det är nu löst! Det var ett tillägg som hade smugit sig in under namnet "history" i Google Chrome, vilket gjorde att jag inte misstänkte detta. Detta löstes tack vare skärmdelning med "kikotte". :-)

 

Tack för all hjälp och den tid ni lagt ned på att hjälpa mig! 

Hej!

 

Ja, det tillägget skrev jag om i inlägg 3.

 

Bara trevligt att kunna hjälpa till och det var onekligen mycket som AdwCleaner och FRST har fått bort från din dator.

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Ja, det tillägget skrev jag om i inlägg 3.

 

Bara trevligt att kunna hjälpa till och det var onekligen mycket som AdwCleaner och FRST har fått bort från din dat

Det kan jag tänka mig, har inget virusskydd just nu. Har du något att rekommendera? 

Länk till kommentar
Dela på andra webbplatser

cybertears

Det kan jag tänka mig, har inget virusskydd just nu. Har du något att rekommendera? 

Kolla på AV-Test, klicka på fliken protection för att se vilket antivirus som ligger på topp :) 

Länk till kommentar
Dela på andra webbplatser

Just det, du behöver ju veta hur du ska avinstallera specialprogrammen också (de uppdateras ofta så ingen idé att behålla dem).

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...