Just nu i M3-nätverket
Gå till innehåll

Datorn blockerar internetbrowsers


Bossebo1000

Rekommendera Poster

Hej!

 

Tror vi kan ha fått virus. Förutom att datorn varit allmänt seg länge, så vägrar den gå ut på internet med Internet Explorer, samt stänger hela tiden ner Firefox efter någon minut. Internetdosan fungerar felfritt på andra datorer.

 

Har sökt igenom med FRST.exe och bifogar strax filerna i denna tråd.

 

Vore jättetacksam för hjälp med vad det kan bero på.

Länk till kommentar
Dela på andra webbplatser

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Mathilda (administrator) on MATHILDAS-GAMLA on 19-08-2014 21:04:48
Running from C:\Users\Mathilda\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Svenska (Sverige)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Mobile Broadband1\Mobile Broadband.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {02bdf897-43a1-11e2-b4a2-f2523204977a} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {06005916-8e2b-11e2-b716-f656b74b9424} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {2cde38b1-f2b6-11e1-a2ac-f6f59855a76c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {2ee4dd9b-f330-11e1-b920-bfe3238d024c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {3166aa28-cd50-11e0-9e8d-001e101f21c1} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {3b027e7e-6e79-11e3-9b38-f9f996464713} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {4950adea-537f-11df-8058-001644ee8e71} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {57985e7c-f5e6-11e1-8d3b-c7d2bd09df72} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {67463d24-4045-11e0-a2c8-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {70c2b945-c987-11e0-8ca1-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {70c2b96d-c987-11e0-8ca1-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {7798f0b3-4022-11e0-be66-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {7798f0bf-4022-11e0-be66-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {7798f0ca-4022-11e0-be66-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {8a153d38-e6a7-11e1-8828-b64f57303981} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {8a153d44-e6a7-11e1-8828-cf495bbb052e} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {8ddf9fba-f13c-11e1-b40e-84e287eb8940} - G:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {8ddf9fd2-f13c-11e1-b40e-c962bcf90700} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {96970391-cac2-11dd-9eac-001d09600b9c} - F:\InstallTomTomHOME.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {9ce7694a-54f5-11df-8be2-001644ee8e71} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {b8292444-ea95-11e1-82a6-d09c71a0d2cb} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {babb91eb-2a35-11e2-a351-e1d279328a1c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {be9ab665-f403-11e0-8bdc-001d09600b9c} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {be9ab683-f403-11e0-8bdc-001e101f859f} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {c7a0883d-2f0f-11e0-abae-001644ee8e71} - F:\setupSNK.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {d63b97b9-c9d1-11e0-8056-001e101f7f74} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {d669c4c5-6101-11e3-a2c3-b57b2cc16340} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {d669c4c8-6101-11e3-a2c3-b6a895831219} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {de474557-f4c2-11e0-b9bd-001e101f9843} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {ec456b10-e326-11de-a486-001644ee8e71} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {ec456b1e-e326-11de-a486-001644ee8e71} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {f981bdcf-d84f-11e0-8f18-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-2777235781-3413652619-3759137003-1000\...\MountPoints2: {fc1a90cb-e195-11df-a567-806e6f6e6963} - F:\urDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk /p \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} ->  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Lexmark  -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 04 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 05 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 06 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 17 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Tcpip\..\Interfaces\{BCD2B33A-B9BE-4096-999E-D8D7E34DEE23}: [NameServer]195.67.199.18 195.67.199.19

FireFox:
========
FF ProfilePath: C:\Users\Mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\j3zdask4.default
FF Homepage: hxxp://www.gmail.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Mathilda\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\j3zdask4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-09-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-02-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-03-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-09-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2011-02-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010-04-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-07-11]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-07-29]

Chrome:
=======
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mathilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-01]
CHR Extension: (Google Wallet) - C:\Users\Mathilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-11-01]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2011-11-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)
S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S4 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-04-14] ( )
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-16] (Dell Inc.) [File not signed]
S2 Browser Defender Update Service; "C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe" [X]
S3 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [X]
S3 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140718.001\BHDrvx86.sys [1101616 2014-07-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
S3 Dot4 HPH09; C:\Windows\System32\DRIVERS\hphid409.sys [50800 2006-01-13] (HP)
S3 Dot4Print HPH09; C:\Windows\System32\DRIVERS\hphipr09.sys [16112 2006-01-13] (HP)
S3 Dot4Storage HPH09; C:\Windows\System32\Drivers\hphs2k09.sys [50211 2006-01-13] (Hewlett-Packard)
S3 Dot4Usb HPH09; C:\Windows\System32\drivers\hphius09.sys [18864 2006-01-13] (HP)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-11] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140728.001\IDSvix86.sys [395992 2014-07-11] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-25] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140728.016\NAVENG.SYS [93272 2014-07-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140728.016\NAVEX15.SYS [1612376 2014-07-25] (Symantec Corporation)
R2 PCTAppEvent; C:\Windows\system32\drivers\PCTAppEvent.sys [160448 2010-12-10] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [239168 2010-12-10] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
S3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [89192 2010-11-24] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi.sys [249616 2010-11-17] (PC Tools)
S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [56536 2011-01-18] (PC Tools)
R3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [56536 2011-01-18] (PC Tools)
S3 pctplfw; C:\Windows\System32\drivers\pctplfw.sys [124992 2010-11-25] (PC Tools)
S3 pctplsg; C:\Windows\System32\drivers\pctplsg.sys [70536 2010-11-25] (PC Tools)
S3 SRTSP; C:\Windows\system32\drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 dnwuhmgr; \??\C:\Windows\system32\drivers\dnwuhmgr.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:04 - 2014-08-19 21:06 - 00027566 _____ () C:\Users\Mathilda\Desktop\FRST.txt
2014-08-19 21:04 - 2014-08-19 21:04 - 01093632 _____ (Farbar) C:\Users\Mathilda\Desktop\FRST.exe
2014-08-19 21:04 - 2014-08-19 21:04 - 00000000 ____D () C:\FRST
2014-08-17 22:00 - 2014-08-17 22:00 - 00000000 ____D () C:\Users\Mathilda\AppData\Local\Macromedia
2014-08-16 11:29 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 11:29 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 11:29 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 11:29 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 11:29 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 11:29 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 11:29 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 11:27 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 11:27 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 11:27 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 11:27 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 11:27 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 11:27 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 11:27 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-16 11:27 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 11:27 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 11:27 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 11:27 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 11:27 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 11:27 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 11:27 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 11:27 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 11:27 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 11:27 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 11:27 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-16 11:27 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-16 11:27 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-16 11:27 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 11:27 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:03 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 09:03 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 09:03 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 09:03 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:06 - 2014-08-19 21:04 - 00027566 _____ () C:\Users\Mathilda\Desktop\FRST.txt
2014-08-19 21:05 - 2010-08-17 20:41 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{BDF6F98D-4548-489A-8998-A0CF3CD152C8}.job
2014-08-19 21:04 - 2014-08-19 21:04 - 01093632 _____ (Farbar) C:\Users\Mathilda\Desktop\FRST.exe
2014-08-19 21:04 - 2014-08-19 21:04 - 00000000 ____D () C:\FRST
2014-08-19 21:02 - 2013-05-31 22:56 - 00001735 _____ () C:\Users\Public\Desktop\Mobile Broadband.lnk
2014-08-19 21:02 - 2008-08-01 00:39 - 02039037 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 21:01 - 2011-10-18 20:40 - 00000262 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-08-19 21:00 - 2006-11-21 07:03 - 00644450 _____ () C:\Windows\system32\perfh01D.dat
2014-08-19 21:00 - 2006-11-21 07:03 - 00139466 _____ () C:\Windows\system32\perfc01D.dat
2014-08-19 21:00 - 2006-11-02 12:33 - 01533348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 20:54 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:54 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 20:42 - 2009-11-28 01:36 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 20:10 - 2013-05-16 20:42 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 19:56 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-08-19 17:42 - 2009-11-28 01:36 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 08:25 - 2012-03-27 13:34 - 00000443 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-19 08:24 - 2012-04-06 13:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-19 08:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 21:38 - 2006-11-02 15:01 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-18 21:27 - 2008-08-06 22:31 - 00021504 _____ () C:\Users\Mathilda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 13:05 - 2012-10-20 13:00 - 00000000 ____D () C:\Users\Mathilda\AppData\Local\CrashDumps
2014-08-17 22:00 - 2014-08-17 22:00 - 00000000 ____D () C:\Users\Mathilda\AppData\Local\Macromedia
2014-08-17 11:56 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 11:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-08-16 12:03 - 2010-08-17 20:36 - 00000000 ____D () C:\Users\Bosse
2014-08-16 12:03 - 2006-11-02 12:22 - 58982400 _____ () C:\Windows\system32\config\software_previous
2014-08-16 12:03 - 2006-11-02 12:22 - 125042688 _____ () C:\Windows\system32\config\system_previous
2014-08-16 12:02 - 2008-08-06 22:24 - 00000000 ____D () C:\Users\Mathilda
2014-08-16 12:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-08-16 12:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-08-16 11:59 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2014-08-16 11:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-08-16 10:53 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-08-16 10:53 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-08-15 19:25 - 2008-08-01 01:19 - 00462856 _____ () C:\Windows\PFRO.log
2014-08-15 09:39 - 2012-08-30 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Broadband
2014-08-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-08-15 09:21 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 09:16 - 2011-06-18 22:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 09:13 - 2013-07-18 06:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 09:07 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-11 11:08 - 2014-07-11 19:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-08-11 11:08 - 2012-12-26 13:32 - 00000000 ____D () C:\Users\Mathilda\AppData\Roaming\playitall
2014-08-11 11:08 - 2009-11-25 21:55 - 00000000 ____D () C:\ProgramData\Real
2014-08-11 11:08 - 2009-03-01 19:19 - 00000000 ____D () C:\Users\Mathilda\AppData\Roaming\dvdcss
2014-08-11 11:08 - 2008-08-10 21:30 - 00000000 ____D () C:\Users\Mathilda\AppData\Roaming\vlc
2014-08-09 10:01 - 2014-07-11 19:49 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-25 10:56 - 2010-05-08 20:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:52 - 2010-05-08 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:07 - 2014-08-16 11:27 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:58 - 2014-08-16 11:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 19:57 - 2014-08-16 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 19:52 - 2014-08-16 11:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 19:51 - 2014-08-16 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 19:51 - 2014-08-16 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 19:50 - 2014-08-16 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 19:50 - 2014-08-16 11:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 19:49 - 2014-08-16 11:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 19:49 - 2014-08-16 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 19:49 - 2014-08-16 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 19:49 - 2014-08-16 11:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 19:49 - 2014-08-16 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 19:48 - 2014-08-16 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:48 - 2014-08-16 11:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 19:48 - 2014-08-16 11:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 19:48 - 2014-08-16 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 19:48 - 2014-08-16 11:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-16 11:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 19:48 - 2014-08-16 11:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 19:47 - 2014-08-16 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-21 23:32 - 2012-11-11 16:23 - 00001326 _____ () C:\Users\Mathilda\Desktop\Cyklar - genväg.lnk
2014-07-21 18:57 - 2014-03-24 00:34 - 00000000 ____D () C:\Users\Mathilda\Desktop\CYKLAR INSAMLING MARS

Files to move or delete:
====================
C:\Users\Mathilda\lame_enc.dll


Some content of TEMP:
====================
C:\Users\Bosse\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Mathilda\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Mathilda\AppData\Local\Temp\MSNDB91.exe
C:\Users\Mathilda\AppData\Local\Temp\ose00000.exe
C:\Users\Mathilda\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-19 20:33

==================== End Of Log ============================

 

 

 

 

 

Addition.txt

Länk till kommentar
Dela på andra webbplatser

Tog bort Addition-filen och klistrade in den som en bifogad fil i inlägget ovan, enligt instruktionerna i tråden "till dig med virus eller andra skadliga program i datorn".

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Jag kan inte se något skadligt i loggarna i alla fall, men allt syns inte i loggar.

 

1. Säkerhetsproblem:

Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Java™ 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)

Mozilla Firefox (3.0.19) (HKLM\...\Mozilla Firefox (3.0.19)) (Version: 3.0.19 (sv-SE) - Mozilla)
Ovanstående är mycket gamla versioner med många kända säkerhetshål som gör det lätt att infektera datorn från en webbsida. Avinstallera eller uppgradera dem. De flesta behöver inte ha Java installerat alls men om man nu måste ha Java är det mycket viktigt att alltid ha den senaste versionen.

 

Anledningen till att Firefox kraschar kan just vara att den är så gammal att den inte kan hantera moderna webbsidor.

 

2. Browser Defender 3.0 (HKLM\...\Browser Defender_is1) (Version: 3.0.0.300 - Threat Expert Ltd.)
Den produkten upphörde för över ett år sen, den ger dåligt skydd idag och kan tänkas krocka med Norton så avinstallera den.

 

3. KeyProwler Pro (Version: 4.0.3 - APAN Software) Hidden
Det är en keylogger: http://www.keyprowler.com/

Är den installerad med vilje?

 

4. Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
Gammal version. Uppgradera till version 2 och sök igenom datorn.

 

5. Skanna datorn online på http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats
Bocka för Scan Archives

Klicka på Advanced Settings
Bocka för:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Tack för svaren. Jag har kommit en bit med att ta hand om problemen du påpekade. Har dock inte laddat ner nya versioner än av de gamla programmen med säkerhetsfel, då jag vill ta bort keyloggerprogrammet först och browsern ju ändå stänger ner gång på gång efter en minut. Tagit bort all java. Använder en annan dator just nu.

 

Keyprowler är inte medvetet installerat. Hittar varken det eller Browser Defende, så kan inte ta bort dem. Hur gör jag?

Länk till kommentar
Dela på andra webbplatser

Hej!

 

Ingen orsak :)

 

Det här borde göra att KeyProwler blir synlig i Kontrollpanelens lista över program som kan avinstalleras:

 

Starta Anteckningar.

Kopiera alla rader i rutan:

KeyProwler Pro (Version: 4.0.3 - APAN Software) Hidden
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Har skapat Fixlog nu och ska strax lägga upp en från datorn i fråga. Innan jag tar bort KeyProwler undrar jag om det finns något sätt att se vem som lagt in det eller var informationen skickats?

 

Hur hittar jag o tar bort Browser Defender?

Länk till kommentar
Dela på andra webbplatser

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
Ran by Mathilda at 2014-08-21 21:56:14 Run:1
Running from C:\Users\Mathilda\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
KeyProwler Pro (Version: 4.0.3 - APAN Software) Hidden
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0071C79-4B13-4F51-9D6F-6DD271F2ED86}\\SystemComponent => value deleted successfully.

==== End of Fixlog ====

Länk till kommentar
Dela på andra webbplatser

Har skapat Fixlog nu och ska strax lägga upp en från datorn i fråga. Innan jag tar bort KeyProwler undrar jag om det finns något sätt att se vem som lagt in det eller var informationen skickats?

 

Hur hittar jag o tar bort Browser Defender?

Det är inte sannolikt att det går att se vem som installerat ett program. När det gäller loggad information kolla i deras FAQ: http://www.keyprowler.com/faq

 

Om det inte står "Browser Defender" i Kontrollpanelens lista över program som går att avinstallera kanske det står något med Threat Expert eller PC Tools, eftersom de två företagen har med det programmet att göra.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01

Ran by Mathilda at 2014-08-21 21:56:14 Run:1

Running from C:\Users\Mathilda\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

KeyProwler Pro (Version: 4.0.3 - APAN Software) Hidden

*****************

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0071C79-4B13-4F51-9D6F-6DD271F2ED86}\\SystemComponent => value deleted successfully.

 

==== End of Fixlog ====

Har KeyProwler dykt upp nu i Kontrollpanelens lista över program som går att avinstallera?
Länk till kommentar
Dela på andra webbplatser

Okej, ska kolla efter Threat Expert och PC Tools. Japp KeyProwler går att avinstallera nu. Ska göra det.

 

Har uppdaterat Malwarebytes Anti-Malware nu och den verkar ha hittat en del den med. KeyProwler med mera. Ska jag ladda upp resultatet?

Länk till kommentar
Dela på andra webbplatser

Tog bort KeyProwler. Har även uppdaterat antivirusprogrammet. Det verkade ha fått fnatt, kanske var det det som blockerade internetbrowserna. Har dessutom laddat ner en ny browser.

 

Allt verkar okej nu. Tog bara bort de saker som Malwarebytes Anti-Malware varnade för. Bland annat varnade den för just KeyProwler.

 

Är det bara att radera programmet FRST nu?

Länk till kommentar
Dela på andra webbplatser

FRST tar man bort på bästa sätt så här:

 

Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar som är kvar.
 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...