Just nu i M3-nätverket
Gå till innehåll

Hur bli av med Tikotin?


BGAA

Rekommendera Poster

Kör Chrome och W7. Har kört  Malwarebytes, Spybots som finns på Laddaner.nu och Chromes inställningar/hantera sökmotorer men inget hjälper. Googlar man så finns många svar på problemet, men programmen dom föreslår leder bara fram till att dom skall ha betalt. En dataoerfaren bekant har problemet i sin dator och jag försöker hjälpa honom via telefon. Hur skall vi enklast göra?

Länk till kommentar
Dela på andra webbplatser

  • 2 veckor senare...
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-12-2014

Ran by Bengtsson (administrator) on BENGTSSON-DATOR on 25-12-2014 11:14:15

Running from C:\Users\Bengtsson\Downloads

Loaded Profile: Bengtsson (Available profiles: Bengtsson)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Svenska (Sverige)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Users\Bengtsson\AppData\Local\FormatMacroMemory\FormatMacroMemory.exe

() C:\Program Files\LPT\srpts.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

() C:\Program Files\LPT\srptsl.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

() C:\Windows\System32\AppInterpreterThumbnail\AppInterpreterThumbnail.exe

() C:\Windows\System32\ContextualPythonSnapshot\ContextualPythonSnapshot.exe

() C:\Windows\System32\CronFreewareRemote\CronFreewareRemote.exe

() C:\Windows\System32\OSRawScreenshot\OSRawScreenshot.exe

() C:\Program Files\LPT\srptm.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Spotify Ltd) C:\Users\Bengtsson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Technology Nexus AB) C:\Program Files\Personal\bin\Personal.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\Bengtsson\AppData\Local\FormatMacroMemory\FAT32MetafileSprite.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [spotify Web Helper] => C:\Users\Bengtsson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-05] (Spotify Ltd)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [browser Infrastructure Helper] => C:\Users\Bengtsson\AppData\Local\Smartbar\Application\Smartbar.exe startup

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\MountPoints2: {0533bde3-d4ae-11e1-ac06-0026226693c8} - E:\AutoRun.exe

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\MountPoints2: {d55343b7-7fea-11e1-9e6f-0026226693c8} - E:\AutoRun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)

BootExecute: autocheck autochk * sdnclean.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [s-1-5-21-2769607722-3260074877-1180610931-1001] => Internet Explorer proxy is enabled.

ProxyServer: [s-1-5-21-2769607722-3260074877-1180610931-1001] => http=127.0.0.1:21113

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com






HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com


URLSearchHook: HKLM - (No Name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -  No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe







BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)


Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default

FF NewTab: about:newtab

FF DefaultSearchEngine: Web Search

FF SelectedSearchEngine: Web Search

FF Homepage: hxxp://tikotin.com

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @se.nexus/Personal -> C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

FF Extension: PriceLess - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\Extensions\hl23@uutgek.com [2014-09-21]

FF Extension: Widevine Media Optimizer - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-07-27]

FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

FF Extension: No Name - C:\Program Files\ver2SpeeditUp\178.xpi [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\{f39361c9-6fb1-4f49-3479-d4cc7c16978f} [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}.xpi [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\sepherdwilbur@aol.com [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AppInterpreterThumbnail; C:\Windows\system32\AppInterpreterThumbnail\AppInterpreterThumbnail.exe [68096 2014-11-26] () [File not signed]

R2 ContextualPythonSnapshot; C:\Windows\system32\ContextualPythonSnapshot\ContextualPythonSnapshot.exe [68096 2014-11-26] () [File not signed]

R2 CronFreewareRemote; C:\Windows\system32\CronFreewareRemote\CronFreewareRemote.exe [60452 2014-09-21] () [File not signed]

R2 FormatMacroMemory.exe; C:\Users\Bengtsson\AppData\Local\FormatMacroMemory\FormatMacroMemory.exe [208384 2014-11-26] () [File not signed]

R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32800 2014-11-19] () <==== ATTENTION

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

R2 OSRawScreenshot; C:\Windows\system32\OSRawScreenshot\OSRawScreenshot.exe [68096 2014-11-26] () [File not signed]

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S2 CopyOSSoftware.exe; C:\Users\Bengtsson\AppData\Local\CopyOSSoftware\CopyOSSoftware.exe [X]

S2 DashboardFreewareInterpreter.exe; C:\Users\Bengtsson\AppData\Local\DashboardFreewareInterpreter\DashboardFreewareInterpreter.exe [X]

S2 InterpreterOSTrash.exe; C:\Users\Bengtsson\AppData\Local\InterpreterOSTrash\InterpreterOSTrash.exe [X]

S2 MaintainerSvc1.05.7044970; "C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

R1 MpKsl83aab702; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C869138-E36B-423D-A254-FCF9FC229216}\MpKsl83aab702.sys [39464 2014-12-24] (Microsoft Corporation)

S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-23] (Todos Data System AB)

S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-25 11:14 - 2014-12-25 11:16 - 00017322 _____ () C:\Users\Bengtsson\Downloads\FRST.txt

2014-12-25 11:13 - 2014-12-25 11:14 - 00000000 ____D () C:\FRST

2014-12-25 11:13 - 2014-12-25 11:13 - 01225184 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\frstexe.exe

2014-12-25 11:13 - 2014-12-25 11:13 - 01114112 _____ (Farbar) C:\Users\Bengtsson\Downloads\FRST.exe

2014-12-21 15:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-14 13:34 - 2014-12-14 13:34 - 00184800 _____ () C:\Windows\system32\XMLOperations.xml

2014-12-13 14:55 - 2014-12-13 14:55 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-13 14:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-13 14:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-13 14:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-13 14:45 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-13 14:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-13 14:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-13 14:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-13 14:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-13 14:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-13 14:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-13 14:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-13 14:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-13 14:45 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-13 14:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-13 14:45 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-13 14:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-13 14:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-13 14:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-13 14:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-13 14:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-13 14:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-13 14:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-13 14:45 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-13 14:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-13 14:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-13 14:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-13 14:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-13 14:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-13 14:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-13 14:39 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-13 14:39 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-13 14:39 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-13 14:39 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-13 14:39 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-12 16:05 - 2014-12-24 11:09 - 00000280 _____ () C:\Windows\setupact.log

2014-12-12 16:05 - 2014-12-12 16:05 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-12 16:04 - 2014-12-12 16:04 - 00002016 _____ () C:\Windows\PFRO.log

2014-12-11 17:41 - 2014-12-11 17:41 - 00000000 __SHD () C:\Users\Bengtsson\AppData\Local\EmieBrowserModeList

2014-12-11 14:51 - 2014-12-11 23:04 - 00004259 _____ () C:\Windows\wininit.ini

2014-12-11 12:55 - 2014-12-11 12:55 - 00000000 ____D () C:\Program Files\LPT

2014-12-11 12:53 - 2014-12-11 20:08 - 00000000 ____D () C:\Users\Bengtsson\AppData\Local\LPT

2014-12-11 12:47 - 2014-12-11 12:47 - 01225192 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\blankettogiltigsedelsvepdf (3).exe

2014-12-11 12:40 - 2014-12-11 12:40 - 01225192 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\blankettogiltigsedelsvepdf (2).exe

2014-12-11 12:33 - 2014-12-11 12:34 - 01225192 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\blankettogiltigsedelsvepdf (1).exe

2014-12-11 12:32 - 2014-12-11 12:32 - 01225192 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\blankettogiltigsedelsvepdf.exe

2014-12-11 12:32 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-11 12:32 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-11 12:32 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-11 12:32 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-11 12:32 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-11 12:32 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-11 12:32 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-11 12:32 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-11 12:32 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-11 12:32 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-11 12:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-11 12:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-11 12:31 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-11 12:31 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-11 12:31 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-11 12:31 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-11 12:31 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-07 14:32 - 2014-12-24 10:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-12-07 14:32 - 2014-12-07 14:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-12-07 14:32 - 2014-12-07 14:32 - 00002095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-12-07 14:32 - 2014-12-07 14:32 - 00002083 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-12-07 14:32 - 2014-12-07 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-12-07 14:32 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe

2014-12-07 14:29 - 2014-12-07 14:30 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bengtsson\Downloads\spybot-2.4.exe

2014-12-02 08:54 - 2014-12-07 16:52 - 00000000 ____D () C:\Users\Bengtsson\AppData\Local\FormatMacroMemory

2014-12-02 08:54 - 2014-12-02 08:54 - 00000000 ____D () C:\Windows\system32\OSRawScreenshot

2014-11-29 15:05 - 2014-11-29 15:05 - 00000000 ____D () C:\Windows\system32\AppInterpreterThumbnail

2014-11-27 14:23 - 2014-11-27 14:23 - 00000000 ____D () C:\Windows\system32\ContextualPythonSnapshot

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-25 11:07 - 2013-03-19 02:25 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-25 11:07 - 2011-07-08 14:30 - 01559610 _____ () C:\Windows\WindowsUpdate.log

2014-12-24 20:02 - 2014-09-26 20:05 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-24 11:18 - 2009-07-14 05:34 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-24 11:18 - 2009-07-14 05:34 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-24 11:10 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-14 14:24 - 2013-02-27 05:53 - 00000000 ____D () C:\Windows\rescache

2014-12-14 13:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE

2014-12-13 14:55 - 2014-05-12 17:25 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-13 14:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-12-12 07:22 - 2013-08-14 07:58 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-12 07:17 - 2011-07-08 15:30 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-11 22:26 - 2014-10-28 07:56 - 00000000 ____D () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e

2014-12-11 17:36 - 2014-09-26 20:07 - 00002123 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-11 14:56 - 2012-03-05 21:17 - 00000000 ____D () C:\Users\Bengtsson\AppData\Roaming\Personal

2014-12-11 13:01 - 2013-03-19 02:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-12-11 13:01 - 2011-07-08 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-12-08 09:26 - 2011-12-11 19:20 - 00000000 ____D () C:\Users\Bengtsson\AppData\Roaming\Spotify

 

Some content of TEMP:

====================

C:\Users\Bengtsson\AppData\Local\Temp\Shop2.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-07 18:31

 

==================== End Of Log ============================

Länk till kommentar
Dela på andra webbplatser

Ovanstående inlägg av " beda1991" gjordes med den "Tikotin" infekterade datorn och eftersom Tikotin hela tiden stör med en massa reklam och mycket av texten är franska så är vi osäkra om loggarna blev rätt.

Länk till kommentar
Dela på andra webbplatser

Inklistringen av FRST.txt gick bra men jag saknar Addition.txt så om du antingen kan bifoga den (klicka på "Använd fullständig editor") eller klistra in den i ett inlägg så vore det bra. Om det är svårt att surfa med den infekterade datorn kan du föra över Addition.txt till den fungerande dator med hjälp av t ex USB-minne.

Länk till kommentar
Dela på andra webbplatser

Tack Cecilia. Jag hade gjort som du föreslog - lagrat så mkt som möjligt på stickan, men tyvärr lyckades jag inte få med Addition.txt . Jag skall be "beda1991" leta upp det och lägga in det.

Länk till kommentar
Dela på andra webbplatser

aAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014

Ran by Bengtsson at 2014-12-28 12:34:14

Running from C:\Users\Bengtsson\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader X (10.1.0) - Svenska (HKLM\...\{AC76BA86-7AD7-1053-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Apple-programstöd (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

BankID säkerhetsprogram (HKLM\...\{5701636A-30ED-4AA8-A7E3-13743755AF95}) (Version: 4.19.0 - Technology Nexus)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Handelsbankens kortläsare (HKLM\...\{35C938B6-F72A-4D92-B8B5-A1F0F9B1DC76}) (Version: 1.00.0000 - Todos Data System AB)

iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)

LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Shopping Helper Smartbar (HKLM\...\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION

Shopping Helper Smartbar Engine (HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\{59e94752-a9da-4c1c-8ed7-e51a088f6050}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION

Spotify (HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

27-12-2014 17:27:06 Schemalagd kontrollpunkt

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2014-10-29 17:59 - 2014-10-29 18:19 - 00000402 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

54.235.90.58 jkmdneioiggpdolicemlcchhiepfhebm

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0C1E89B6-2010-434C-B650-9FD58E1CA7D5} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-4 No Task File <==== ATTENTION

Task: {10263914-2979-40AA-9AE4-8BEABB788C05} - System32\Tasks\{770B826D-1782-443A-A029-6EDD231E45C7} => Chrome.exe 

Task: {245ADC20-2279-4429-9223-99715530DC54} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-5_user No Task File <==== ATTENTION

Task: {28A7C5B3-45A3-44CA-8190-89572BA35C4A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {3B386859-CA5E-4FE5-8D46-D658D81C2043} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)

Task: {430A376F-A101-4C8C-9105-D14619373BA5} - System32\Tasks\fsupdate => C:\PROGRA~1\Flowsurf\fsupd.exe <==== ATTENTION

Task: {445C4E8D-7435-4594-AD25-043384D45A5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)

Task: {5170C7BC-853F-4554-B1A1-810BDCE4EFE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6BCE1E8B-FF0B-4E16-8E3F-3ECB0F195105} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-6 No Task File <==== ATTENTION

Task: {6FC90D2E-F28D-4627-B4A6-3C96AB6254BB} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-7 No Task File <==== ATTENTION

Task: {7255F4D2-F38C-4BE3-B389-1AD7CD94D733} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {7CD91EF2-9251-4809-8288-602A07B11C95} - \bench-sys No Task File <==== ATTENTION

Task: {862CCCAF-44B8-452B-B50A-675A1527A289} - \bench-S-1-5-21-2769607722-3260074877-1180610931-1001 No Task File <==== ATTENTION

Task: {8A1477DF-ECE1-4F19-9103-CC83DD51EBD4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: {8AC7199B-6FD3-48FE-8D1F-3560E6076ABC} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-1 No Task File <==== ATTENTION

Task: {ACC6DCE1-958C-4550-AE97-17A5A949E682} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-26] (Google Inc.)

Task: {B3CC2167-ECB7-44F0-B3C3-8BC21326A72D} - System32\Tasks\{94242188-C10E-4778-9A3D-1E7F0E99DE90} => Chrome.exe 

Task: {BEDB2AD4-2821-4913-B4F2-543E4D174765} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-2 No Task File <==== ATTENTION

Task: {C3B7DDB5-F64B-4378-B790-1A66B27D2B0C} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-5 No Task File <==== ATTENTION

Task: {C5513ED0-F4C7-4267-8A03-BB89315D720C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {D3FE1650-ED92-4796-B90D-B0D3DB5D46BA} - \AmiUpdXp No Task File <==== ATTENTION

Task: {D591EBF5-E70F-440F-80E2-9C8508B04B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-26] (Google Inc.)

Task: {D8F54C4A-1434-4A47-B0C3-D1424F33BF4F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {E730E2C8-318A-42FE-A41C-B91AC25C243A} - \b7bb6de0-cc1c-4a2f-ba65-c99a5ddaf03d-11 No Task File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-02 08:54 - 2014-11-26 15:46 - 00208384 ____N () C:\Users\Bengtsson\AppData\Local\FormatMacroMemory\FormatMacroMemory.exe

2014-11-19 15:20 - 2014-11-19 15:20 - 00032800 _____ () C:\Program Files\LPT\srpts.exe

2014-11-19 15:20 - 2014-11-19 15:20 - 00042528 _____ () C:\Program Files\LPT\srptc.dll

2014-11-19 15:19 - 2014-11-19 15:19 - 00018976 _____ () C:\Program Files\LPT\Smartbar.Common.dll

2014-12-07 14:32 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-12-07 14:32 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2014-12-07 14:32 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1053.dll

2014-12-07 14:32 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

2014-12-07 14:32 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-11-19 15:20 - 2014-11-19 15:20 - 00034848 _____ () C:\Program Files\LPT\srptsl.exe

2014-11-19 15:20 - 2014-11-19 15:20 - 00070688 _____ () C:\Program Files\LPT\srut.dll

2014-12-02 08:54 - 2014-11-26 15:46 - 00427008 ____N () C:\Users\Bengtsson\AppData\Local\FormatMacroMemory\FAT32MetafileSprite.exe

2014-11-29 15:05 - 2014-11-26 15:47 - 00068096 ____N () C:\Windows\system32\AppInterpreterThumbnail\AppInterpreterThumbnail.exe

2014-11-27 14:23 - 2014-11-26 15:47 - 00068096 ____N () C:\Windows\system32\ContextualPythonSnapshot\ContextualPythonSnapshot.exe

2014-09-21 16:31 - 2014-09-21 16:31 - 00060452 _____ () C:\Windows\system32\CronFreewareRemote\CronFreewareRemote.exe

2014-12-02 08:54 - 2014-11-26 15:47 - 00068096 ____N () C:\Windows\system32\OSRawScreenshot\OSRawScreenshot.exe

2014-12-11 17:36 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 17:36 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 17:36 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-11 17:36 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

2014-12-11 17:36 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-11-19 15:20 - 2014-11-19 15:20 - 00023072 _____ () C:\Program Files\LPT\srptm.exe

2014-11-19 15:20 - 2014-11-19 15:20 - 00081952 _____ () C:\Program Files\LPT\srpt.dll

2014-11-19 15:20 - 2014-11-19 15:20 - 00067616 _____ () C:\Program Files\LPT\sppsm.dll

2014-11-19 15:19 - 2014-11-19 15:19 - 00158240 _____ () C:\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll

2014-11-19 15:19 - 2014-11-19 15:19 - 00027168 _____ () C:\Program Files\LPT\Smartbar.Personalization.Common.dll

2014-11-19 15:19 - 2014-11-19 15:19 - 00165920 _____ () C:\Program Files\LPT\Smartbar.Infrastructure.Utilities.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Bengtsson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatchApp.lnk => C:\Windows\pss\StormWatchApp.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BabylonToolbar => "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I

MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Bengtsson\AppData\Local\Smartbar\Application\Smartbar.exe startup

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Spotify => "C:\Users\Bengtsson\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bengtsson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: TBHostSupport => "C:\Windows\system32\Rundll32.exe" "C:\Users\Bengtsson\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin

 

========================= Accounts: ==========================

 

Administratör (S-1-5-21-2769607722-3260074877-1180610931-500 - Administrator - Disabled)

Bengtsson (S-1-5-21-2769607722-3260074877-1180610931-1001 - Administrator - Enabled) => C:\Users\Bengtsson

Gäst (S-1-5-21-2769607722-3260074877-1180610931-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2769607722-3260074877-1180610931-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32304407

 

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32304407

 

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32303377

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32303377

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32302332

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32302332

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32301084

 

 

System errors:

=============

Error: (12/27/2014 05:25:44 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa på grund av en begränsning som angetts av användaren.

 

Error: (12/25/2014 01:16:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Tjänsten FormatMacroMemory.exe stannade under start.

 

Error: (12/25/2014 01:15:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten MaintainerSvc1.05.7044970 kunde inte startas på grund av följande fel: 

%%2

 

Error: (12/25/2014 01:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten InterpreterOSTrash.exe kunde inte startas på grund av följande fel: 

%%2

 

Error: (12/25/2014 01:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten DashboardFreewareInterpreter.exe kunde inte startas på grund av följande fel: 

%%2

 

Error: (12/25/2014 01:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten CopyOSSoftware.exe kunde inte startas på grund av följande fel: 

%%2

 

Error: (12/25/2014 01:14:23 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Den senaste avstängningen av datorn vid 13:11:32 den ‎2014-‎12-‎25 skedde oväntat.

 

Error: (12/25/2014 11:07:36 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

 

Error: (12/24/2014 00:41:20 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa på grund av en begränsning som angetts av användaren.

 

Error: (12/24/2014 00:21:04 PM) (Source: volsnap) (EventID: 36) (User: )

Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa på grund av en begränsning som angetts av användaren.

 

 

Microsoft Office Sessions:

=========================

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32304407

 

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32304407

 

Error: (12/25/2014 11:09:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32303377

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32303377

 

Error: (12/25/2014 11:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32302332

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32302332

 

Error: (12/25/2014 11:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/25/2014 11:09:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32301084

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-29 17:55:57.632

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\BENGTS~1\AppData\Local\Temp\USS18BD.tmp because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-29 17:55:57.600

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\BENGTS~1\AppData\Local\Temp\USS18BD.tmp because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz

Percentage of memory in use: 40%

Total physical RAM: 3001.98 MB

Available physical RAM: 1773.39 MB

Total Pagefile: 6002.24 MB

Available Pagefile: 4475 MB

Total Virtual: 2047.88 MB

Available Virtual: 1907.04 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:93.16 GB) (Free:19.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93.2 GB) (Disk ID: E746E746)

Partition 1: (Active) - (Size=93.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Länk till kommentar
Dela på andra webbplatser

1. Avinstallera följande från Kontrollpanelen (om det fungerar):

LPT System Updater Service pga http://www.systemlookup.com/CLSID/77401-mscoree_dll_MS_File_codebase_APPDATA_Smartbar_Application_SmartbarInternetExplorerBHO_dll.html

Shopping Helper Smartbar, som ovan

Shopping Helper Smartbar Engine, som ovan

Adobe Flash Player 15 ActiveX, gammal version med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida

Adobe Flash Player 15 Plugin, som ovan

 

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

  • 2 veckor senare...
# AdwCleaner v4.106 - Report created 06/01/2015 at 17:19:00

# Updated 21/12/2014 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Bengtsson - BENGTSSON-DATOR

# Running from : C:\Users\Bengtsson\Downloads\adwcleaner_4.106.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : LPTSystemUpdater

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Found : C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Found : C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\invalidprefs.js

Folder Found : C:\Program Files\Bench

Folder Found : C:\Program Files\globalUpdate

Folder Found : C:\Program Files\LPT

Folder Found : C:\Program Files\predm

Folder Found : C:\Users\Administratör\AppData\Local\Chromatic Browser

Folder Found : C:\Users\Administratör\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\Administratör\AppData\Local\torch

Folder Found : C:\Users\Bengtsson\AppData\Local\CheckCode

Folder Found : C:\Users\Bengtsson\AppData\Local\Chromatic Browser

Folder Found : C:\Users\Bengtsson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bbglkiiiofelplniblholffbhhjmdhhi

Folder Found : C:\Users\Bengtsson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\Bengtsson\AppData\Local\globalUpdate

Folder Found : C:\Users\Bengtsson\AppData\Local\LPT

Folder Found : C:\Users\Bengtsson\AppData\Local\NativeMessaging

Folder Found : C:\Users\Bengtsson\AppData\Local\StormWatch

Folder Found : C:\Users\Bengtsson\AppData\Local\torch

Folder Found : C:\Users\Bengtsson\AppData\Local\WhiteListing

Folder Found : C:\Users\Bengtsson\AppData\LocalLow\Conduit

Folder Found : C:\Users\Bengtsson\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\Extensions\hl23@uutgek.com

Folder Found : C:\Users\Bengtsson\AppData\Roaming\Systweak

Folder Found : C:\Users\Gäst\AppData\Local\Chromatic Browser

Folder Found : C:\Users\Gäst\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\Gäst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\Gäst\AppData\Local\torch

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch

 

***** [ Scheduled Tasks ] *****

 

Task Found : AmiUpdXp

Task Found : bench-sys

Task Found : fsupdate

Task Found : globalUpdateUpdateTaskMachineCore

Task Found : LaunchSignup

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\BabylonChromeExtension

Key Found : HKCU\Software\GlobalUpdate

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\MyBestOffersToday

Key Found : HKCU\Software\Proxy

Key Found : HKCU\Software\Smartbar

Key Found : HKCU\Software\SmartBar

Key Found : HKCU\Software\smartbarlog

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\StormWatch

Key Found : HKCU\Software\systweak

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\AdvertisingSupport

Key Found : HKLM\SOFTWARE\Bench

Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Found : HKLM\SOFTWARE\GlobalUpdate

Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar

Key Found : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\Optimizer Pro

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}

Key Found : HKLM\SOFTWARE\Proxy

Key Found : HKLM\SOFTWARE\RST

Key Found : HKLM\SOFTWARE\SI-App

Key Found : HKLM\SOFTWARE\systweak

Key Found : HKLM\SOFTWARE\Tutorials

Key Found : HKLM\SOFTWARE\Upt

Key Found : HKLM\SOFTWARE\WinUpd

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGSjgHjAmZhbLr1ZXmSS4POWsf5JFW6xmEbfhHvPDoovmd0N5AnL9ya63ceZupUHw,,

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://tikotin.com

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_XV5BZXozw1J5EyxoRmth31gfJ6uuas9FFJACQDRk-3B6UsEzYeJ4KGfKT4hkU36--HrtPh0SIYlmTv8kuXvpqCw6YGejNX_Q9exKqeuyOF3HdwC60FEzuZePZHiJ7CEQnYa-Za3ucOzH7k9AmwW9_Dg1Q,,&q={searchTerms}

 

-\\ Mozilla Firefox v

 

[9madh9xp.default] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");

[9madh9xp.default] - Line Found : user_pref("browser.search.selectedEngine", "Web Search");

[9madh9xp.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://tikotin.com");

[9madh9xp.default] - Line Found : user_pref("extensions.M1tUoK_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]

[9madh9xp.default] - Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.autoRvrt", "false");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.dfltLng", "sv");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.excTlbr", false);

[9madh9xp.default] - Line Found : user_pref("extensions.delta.ffxUnstlRst", true);

[9madh9xp.default] - Line Found : user_pref("extensions.delta.id", "e8afddee0000000000000aeee6afedcc");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.instlDay", "15829");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.instlRef", "");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.newTab", false);

[9madh9xp.default] - Line Found : user_pref("extensions.delta.prdct", "delta");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.prtnrId", "delta");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.rvrt", "false");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.smplGrp", "none");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.tlbrId", "base");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.vrsn", "1.8.16.16");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.vrsnTs", "1.8.16.1614:48:21");

[9madh9xp.default] - Line Found : user_pref("extensions.delta.vrsni", "1.8.16.16");

 

-\\ Google Chrome v39.0.2171.95

 

 

-\\ Comodo Dragon v

 

 

*************************

 

AdwCleaner[R0].txt - [14075 octets] - [06/01/2015 17:19:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14136 octets] ##########
Länk till kommentar
Dela på andra webbplatser

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Skanna med FRST igen och klistra in den nya FRST.txt så får vi se om det är något mer som ska bort.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

  • 3 veckor senare...
# AdwCleaner v4.106 - Report created 24/01/2015 at 18:21:50

# Updated 21/12/2014 by Xplode

# Database : 2015-01-24.4 [Live]

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Bengtsson - BENGTSSON-DATOR

# Running from : C:\Users\Bengtsson\Downloads\adwcleaner_4.106.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\edealpop

File Deleted : C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [eDealPop]

Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}

Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}

Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}

Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}

Key Deleted : HKLM\SOFTWARE\Pirrit

Key Deleted : HKLM\SOFTWARE\Upt

Key Deleted : HKLM\SOFTWARE\WinUpd

Key Deleted : HKLM\SOFTWARE\RST

Key Deleted : HKLM\SOFTWARE\SPPDCOM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDeals_is1

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v

 

 

-\\ Google Chrome v39.0.2171.99

 

 

-\\ Comodo Dragon v

 

 

*************************

 

AdwCleaner[R0].txt - [14217 octets] - [06/01/2015 17:19:00]

AdwCleaner[R1].txt - [1244 octets] - [06/01/2015 17:34:55]

AdwCleaner[R2].txt - [1962 octets] - [24/01/2015 18:16:58]

AdwCleaner[s0].txt - [13350 octets] - [06/01/2015 17:22:56]

AdwCleaner[s1].txt - [1911 octets] - [24/01/2015 18:21:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1971 octets] ##########Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01

Ran by Bengtsson (administrator) on BENGTSSON-DATOR on 24-01-2015 18:33:04

Running from C:\Users\Bengtsson\Downloads

Loaded Profiles: Bengtsson (Available profiles: Bengtsson)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Spotify Ltd) C:\Users\Bengtsson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Technology Nexus AB) C:\Program Files\Personal\bin\Personal.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

() C:\Windows\System32\addonfile_86\addonfile_86.exe

() C:\Windows\System32\CronFreewareRemote\CronFreewareRemote.exe

() C:\Users\Bengtsson\AppData\Local\apicryptext_86\apicryptext_86.exe

() C:\Users\Bengtsson\AppData\Local\apicryptext_86\officetooltipDrv.exe

() C:\Program Files\eDealPop\eDealPop.exe

() C:\Windows\System32\nativeregister_64\nativeregister_64.exe

() C:\Windows\System32\odbcshellBckp\odbcshellBckp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM\...\Run: [eDealPop] => C:\Program Files\eDealPop\eDealPop.exe [6144 2014-12-03] ()

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [spotify Web Helper] => C:\Users\Bengtsson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-05] (Spotify Ltd)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\MountPoints2: {0533bde3-d4ae-11e1-ac06-0026226693c8} - E:\AutoRun.exe

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\...\MountPoints2: {d55343b7-7fea-11e1-9e6f-0026226693c8} - E:\AutoRun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)

BootExecute: autocheck autochk * sdnclean.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [s-1-5-21-2769607722-3260074877-1180610931-1001] => Internet Explorer proxy is enabled.

ProxyServer: [s-1-5-21-2769607722-3260074877-1180610931-1001] => http=127.0.0.1:12256

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com




HKU\S-1-5-21-2769607722-3260074877-1180610931-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

URLSearchHook: HKLM - (No Name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -  No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default

FF NewTab: about:newtab

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @se.nexus/Personal -> C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

FF Extension: Widevine Media Optimizer - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-07-27]

FF Extension: No Name - C:\Program Files\ver2SpeeditUp\178.xpi [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\{f39361c9-6fb1-4f49-3479-d4cc7c16978f} [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}.xpi [Not Found]

FF Extension: No Name - C:\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\extensions\sepherdwilbur@aol.com [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Bengtsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 addonfile_86; C:\Windows\system32\addonfile_86\addonfile_86.exe [83456 2015-01-16] () [File not signed]

R2 apicryptext_86.exe; C:\Users\Bengtsson\AppData\Local\apicryptext_86\apicryptext_86.exe [209408 2015-01-24] () [File not signed]

R2 CronFreewareRemote; C:\Windows\system32\CronFreewareRemote\CronFreewareRemote.exe [60452 2014-09-21] () [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

R2 nativeregister_64; C:\Windows\system32\nativeregister_64\nativeregister_64.exe [83456 2015-01-16] () [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

R2 odbcshellBckp; C:\Windows\system32\odbcshellBckp\odbcshellBckp.exe [83456 2015-01-16] () [File not signed]

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 CopyOSSoftware.exe; C:\Users\Bengtsson\AppData\Local\CopyOSSoftware\CopyOSSoftware.exe [X]

S2 DashboardFreewareInterpreter.exe; C:\Users\Bengtsson\AppData\Local\DashboardFreewareInterpreter\DashboardFreewareInterpreter.exe [X]

S2 defaultprogramSched.exe; C:\Users\Bengtsson\AppData\Local\defaultprogramSched\defaultprogramSched.exe [X]

S2 InterpreterOSTrash.exe; C:\Users\Bengtsson\AppData\Local\InterpreterOSTrash\InterpreterOSTrash.exe [X]

S2 MaintainerSvc1.05.7044970; "C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-23] (Todos Data System AB)

S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-24 18:32 - 2015-01-24 18:32 - 00000000 ____D () C:\Users\Bengtsson\Downloads\FRST-OlderVersion

2015-01-24 18:27 - 2015-01-24 18:27 - 00000000 ____D () C:\Users\Bengtsson\AppData\Local\apicryptext_86

2015-01-24 18:27 - 2015-01-24 18:27 - 00000000 ____D () C:\Program Files\eDealPop

2015-01-24 18:14 - 2015-01-24 18:14 - 01373475 _____ () C:\Users\Bengtsson\Downloads\adwcleaner_3.310.exe

2015-01-17 08:56 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-01-17 08:56 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-17 08:56 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-17 08:55 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-17 08:55 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-17 08:55 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-17 08:47 - 2015-01-17 08:47 - 00000000 ____D () C:\Windows\system32\odbcshellBckp

2015-01-17 08:47 - 2015-01-17 08:47 - 00000000 ____D () C:\Windows\system32\nativeregister_64

2015-01-17 08:47 - 2015-01-17 08:47 - 00000000 ____D () C:\Windows\system32\addonfile_86

2015-01-06 17:17 - 2015-01-24 18:21 - 00000000 ____D () C:\AdwCleaner

2015-01-06 17:16 - 2015-01-06 17:16 - 02173952 _____ () C:\Users\Bengtsson\Downloads\adwcleaner_4.106.exe

2015-01-06 16:54 - 2015-01-06 16:54 - 00001186 _____ () C:\Users\Bengtsson\Desktop\Revo Uninstaller.lnk

2015-01-06 16:54 - 2015-01-06 16:54 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-01-06 16:53 - 2015-01-06 16:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bengtsson\Downloads\revosetup.exe

2015-01-06 16:50 - 2015-01-06 16:50 - 01982955 _____ (PortableApps.com) C:\Users\Bengtsson\Downloads\IObitUninstallerPortable_2.4.6.paf.exe

2015-01-06 16:47 - 2015-01-06 16:47 - 01225176 _____ (Zugara Investments Limited ) C:\Users\Bengtsson\Downloads\revosetupexe.exe

2014-12-28 12:34 - 2014-12-28 12:47 - 00022009 _____ () C:\Users\Bengtsson\Downloads\Addition.txt

2014-12-28 12:32 - 2015-01-24 18:33 - 00013924 _____ () C:\Users\Bengtsson\Downloads\FRST.txt

2014-12-25 11:34 - 2014-12-25 11:34 - 00012366 _____ () C:\Users\Bengtsson\Desktop\virus.odt

2014-12-25 11:13 - 2015-01-24 18:33 - 00000000 ____D () C:\FRST

2014-12-25 11:13 - 2015-01-24 18:32 - 01120768 _____ (Farbar) C:\Users\Bengtsson\Downloads\FRST.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-24 18:32 - 2009-07-14 05:34 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-24 18:32 - 2009-07-14 05:34 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-24 18:29 - 2011-07-08 14:30 - 01649061 _____ () C:\Windows\WindowsUpdate.log

2015-01-24 18:23 - 2014-12-12 16:05 - 00000784 _____ () C:\Windows\setupact.log

2015-01-24 18:23 - 2014-09-26 20:05 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-24 18:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-24 18:22 - 2014-12-12 16:04 - 00003474 _____ () C:\Windows\PFRO.log

2015-01-17 14:34 - 2013-08-14 07:58 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-17 14:34 - 2011-07-08 15:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-17 14:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-17 12:14 - 2011-07-08 14:39 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-17 12:14 - 2009-07-14 09:15 - 01526908 _____ () C:\Windows\system32\perfh01D.dat

2015-01-17 12:14 - 2009-07-14 09:15 - 00444152 _____ () C:\Windows\system32\perfc01D.dat

2015-01-17 12:08 - 2012-03-05 21:17 - 00000000 ____D () C:\Users\Bengtsson\AppData\Roaming\Personal

2015-01-17 09:04 - 2014-12-02 08:54 - 00000000 ____D () C:\Windows\system32\OSRawScreenshot

2015-01-17 09:04 - 2014-11-29 15:05 - 00000000 ____D () C:\Windows\system32\AppInterpreterThumbnail

2015-01-17 09:04 - 2014-11-27 14:23 - 00000000 ____D () C:\Windows\system32\ContextualPythonSnapshot

2015-01-17 08:47 - 2014-09-26 20:07 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-06 17:23 - 2014-09-26 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-12-31 12:13 - 2011-07-08 14:58 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

==================== Files in the root of some directories =======

 

2011-10-01 20:56 - 2011-10-01 20:56 - 0000031 _____ () C:\Program Files\plugins-04041e-3e8.dat

2011-07-08 15:50 - 2011-07-08 15:50 - 0006969 _____ () C:\Users\Bengtsson\AppData\Local\HWVendorDetection.log

2014-02-10 21:15 - 2014-02-10 21:15 - 0000000 _____ () C:\Users\Bengtsson\AppData\Local\{2BC6E343-E840-4473-9B34-687BEBDED437}

 

Some content of TEMP:

====================

C:\Users\Bengtsson\AppData\Local\Temp\Quarantine.exe

C:\Users\Bengtsson\AppData\Local\Temp\Shop2.exe

C:\Users\Bengtsson\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-24 09:38

 

==================== End Of Log ============================
Länk till kommentar
Dela på andra webbplatser

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$R30SNVI.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$R7EV4G2.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$R7G355Y.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$R7MKEMV.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$R80N47G.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$RD7TMNO.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$RESQRQS.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$RIDYWQU.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$RIJG4VE.exe Win32/VMDetect.E potentially unwanted application

C:\$Recycle.Bin\S-1-5-21-2769607722-3260074877-1180610931-1001\$RJX6T6B.exe Win32/VMDetect.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\lrrot.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\smia.exe.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\smia64.exe.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpt.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\srptc.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\srut.dll.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\Resources\ntdis_32.dll.vir a variant of Win32/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Administratör\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Administratör\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Administratör\AppData\Local\torch\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\lrrot.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\smia.exe.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\smia64.exe.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\sppsm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\spusm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\srbs.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\srpt.dll.vir a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\srptc.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\srut.dll.vir a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\Resources\ntdis_32.dll.vir a variant of Win32/Toolbar.Linkury.I potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\LPT\Resources\ntdis_64.dll.vir a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\NativeMessaging\CT2786678\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\NativeMessaging\CT2786678\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\NativeMessaging\CT2786678\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\NativeMessaging\CT2786678\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\NativeMessaging\CT2786678\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Local\torch\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Bengtsson\AppData\Roaming\Mozilla\Firefox\Profiles\9madh9xp.default\Extensions\hl23@uutgek.com\content\bg.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Gäst\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Gäst\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Gäst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\Gäst\AppData\Local\torch\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js.vir JS/Kryptik.ATB trojan

C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.bak Win32/BrowseFox.V potentially unwanted application

C:\Users\Administratör\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js JS/Kryptik.ATB trojan

C:\Users\All Users\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.bak Win32/BrowseFox.V potentially unwanted application

C:\Users\Bengtsson\AppData\Local\apicryptext_86\apicryptext_86.exe a variant of Win32/Adware.Pirrit.Q application

C:\Users\Bengtsson\AppData\Local\apicryptext_86\officetooltipDrv.exe Win32/Adware.Pirrit.R application

C:\Users\Bengtsson\AppData\Local\apicryptext_86\SrDt.exe Win32/NetToolDetect.C potentially unwanted application

C:\Users\Bengtsson\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js JS/Kryptik.ATB trojan

C:\Users\Bengtsson\AppData\Local\Temp\Shop2.exe a variant of Win32/TrojanDropper.MsiDrop.B trojan

C:\Users\Bengtsson\Downloads\revosetupexe.exe Win32/VMDetect.E potentially unwanted application

C:\Users\Gäst\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js JS/Kryptik.ATB trojan

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fheiaiiiakheocdndgkifopfagmiboda\5.2\WxMQ.js JS/Kryptik.ATB trojan

C:\Windows\Installer\13912a74.msi Win32/Toolbar.Linkury.D potentially unwanted application

C:\Windows\Installer\13912a79.msi a variant of Win32/Toolbar.Linkury.I potentially unwanted application

C:\Windows\System32\CronFreewareRemote\CronFreewareRemote.exe a variant of Win32/Adware.Pirrit.I application

C:\Windows\Temp\UptUpdater.exe multiple threats

Operating memory Win32/Adware.Pirrit.R application
Länk till kommentar
Dela på andra webbplatser

1. Datorn är nu mer infektera än den var 6 januari. Var snäll och använd inte datorn till annat än rensning för annars blir det en evighetsloop om vi hela tiden ska börja om.

 

2. Esets skanner hittade många olämpliga filer i en papperskorg så töm den.

 

3. Ta bort den AdwCleaner du har.

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...