Skadliga filer hittade efter online scanning

[pyretjens2002]

Hej,

 

Ville be om lite hjälp och råd med att gå vidare med hur att avlägsna skadliga program/filer. De har troligen kommit in genom att jag har provat lite olika freewares och glömt att klicka bort alla extraprogram som kommer med. Tex Ask.com mfl

 

Här kommer några loggar som jag kanske kan ge några ledtrådar. Förutom dessa så har jag även kört AdwCleaner. Den lyckas att ta bort allt förutom en "Schemalagd uppdatering av Ask".

 

Här kommer från Online Skanningen:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir a variant of Win32/Techsnab.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir a variant of Win32/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir a variant of Win32/Thinknice.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir a variant of Win32/ELEX.AV potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir Win32/ELEX.BF potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir a variant of Win32/ELEX.BD potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.4_0\js\inject.js.vir JS/Trackware.Agent.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\berntsson\AppData\Roaming\GetPrivate\gp_upd.exe.vir a variant of Win32/Techsnab.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\fritzson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html.vir Win32/DealPly.J potentially unwanted application

C:\Users\administrator\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\administrator\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe Win32/Bundled.Toolbar.Ask.H potentially unsafe application

C:\Users\berntsson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F273WKBA\SPSetup[1].exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Users\berntsson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9P7IUHZ\de[1].exe Win32/ELEX.BF potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\GPUpd549E7C3E3.exe a variant of Win32/LiMo.C potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\GPUpd54A52FFA2.exe Win32/ELEX.BG potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\SPSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\AA8DA194C98E44449ABE7776C85FA43F\tmp\STab_v4.0.exe Win32/Thinknice.B potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\AA8DA194C98E44449ABE7776C85FA43F\tmp\wpm_v20.0.0.1337.exe a variant of Win32/ELEX.BH potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\t7145FFC5-EF2C-4750-9CC6-B934D573F69Bmp\tmp\SupTab_v5.8.8.777_noblank.exe a variant of Win32/Thinknice.F potentially unwanted application

C:\Users\berntsson\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\berntsson\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe Win32/Bundled.Toolbar.Ask.H potentially unsafe application

C:\Users\berntsson\Documents\produkey_1.65.x32\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe application

C:\Users\berntsson\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Users\berntsson\Downloads\PDF_Sam_Installer.exe a variant of Win32/InstallIQ.A potentially unwanted application

C:\Users\berntsson\Downloads\Windows 8.1 Pro 64 Bit +ALL UPDATES PreActivated.exe a variant of Win32/AdWare.WiseInstaller.A application

C:\Users\berntsson\Downloads\yet_another_cleaner_sfto_5_6_105.exe a variant of Win32/ELEX.AS potentially unwanted application

C:\Users\berntsson\Dropbox\Backup laptop\Downloads\microsoft-picture-it-foto.exe Win32/InstallCore.DC potentially unwanted application

C:\Users\fritzson\AppData\Roaming\Mozilla\Firefox\Profiles\lle0urwt.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul Win32/DealPly.J potentially unwanted application

C:\Windows\Installer\5f6191.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Windows\Temp\nsb65CF.exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Windows\Temp\nsd1C78.exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Windows\Temp\nshB306.exe a variant of Win32/ClientConnect.A potentially unwanted application

C:\Windows\Temp\nsi71A8.exe a variant of Win32/ClientConnect.A potentially unwanted application

Operating memory virus

 

[Cecilia]

Hej!

 

Det mesta som finns i den loggen finns i AdwCleaners karantän (dvs redan oskadliggjort) och i olika mappar för tillfälliga (temporary) filer. Om du hittar igen de tillfälliga mapparna kan du tömma dem, om inte kan du använda programmet Diskrensning som finns i Windows.

C:\Windows\Temp

C:\Users\berntsson\AppData\Local\Temp

C:\Users\berntsson\AppData\Local\Microsoft\Windows\Temporary Internet Files

C:\Users\administrator\AppData\Local\Temp

 

C:\Users\berntsson\Downloads

är mappen "Hämtade filer" och i den kan du ta bort filer själv.

 

C:\Users\berntsson\Documents\produkey_1.65.x32\ProduKey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe application

Crackade program innebär alltid en risk och du kan ta bort filen själv från "Mina dokument".

 

C:\Users\berntsson\Dropbox\Backup laptop\Downloads\microsoft-picture-it-foto.exe Win32/InstallCore.DC potentially unwanted application

Du kan ta bort filen själv.

 

C:\Users\fritzson\AppData\Roaming\Mozilla\Firefox\Profiles\lle0urwt.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul Win32/DealPly.J potentially unwanted application

Olämpligt tillägg i Firefox, gå igenom de tillägg som finns där och ta bort mappen.

 

Om du behöver mer hjälp följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

[pyretjens2002]

Hej och tack Cecilia för hjälpen.

 

Det verkar som att allt är borta, dels så kör den mycket snabbare och smidigare nu och Adware och ESET Online Scanner ger inga larm längre.

 

Däremot så kvarstår ett fenomen. iexplore.exe startar av sig självt och körs under processer i Task Manager.

 

Va kan det vara?

[Cecilia]

Då verkar det vara något kvar och jag föreslår att du gör det som jag skrev sist i föregående inlägg.

[pyretjens2002]

Hej igen, här kommer Farbar loggen inklippt och bifogar Additional loggen också.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by berntsson (administrator) on BERNTSSON-NNB7 on 26-01-2015 14:19:55

Running from C:\Users\berntsson\Downloads

Loaded Profiles: berntsson (Available profiles: asghari & Administrator & berntsson)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

() C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

() C:\Miele_Service\ProfiM\MieleStartStopService.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

() C:\Users\berntsson\AppData\Roaming\SpeedTray\speedtray.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

(Dropbox, Inc.) C:\Users\berntsson\AppData\Roaming\Dropbox\bin\Dropbox.exe

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

() C:\Windows\SysWOW64\srvany.exe

(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe

(Sophos Limited) C:\Program Files\Sophos\Sophos Patch Agent\spa.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

() C:\ProgramData\Telenor Mobile Partner\OnlineUpdate\ouc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-08] (IDT, Inc.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()

HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)

HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [537088 2013-07-04] (SolarWinds)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-04] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527312 2012-01-13] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-11] (Sophos Limited)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)

HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Run: [GoogleChromeAutoLaunch_F12B40DE094C8D3FF95C38EAB7539E5C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.)

HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Run: [speedTray] => C:\Users\berntsson\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-27] ()

HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-18\...\Policies\system: [EnableLinkedConnections] 1

HKU\S-1-5-18\...\MountPoints2: {f4630c2f-229b-11db-b326-806d6172696f} - D:\setup.exe

AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2014-09-15] (Sophos Limited)

AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk

ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk

ShortcutTarget: Personal.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

Startup: C:\Users\berntsson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\berntsson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\fritzson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-78709032-952245617-1458450816-26130\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-78709032-952245617-1458450816-26130\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-78709032-952245617-1458450816-26130\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gp.se/

HKU\S-1-5-21-78709032-952245617-1458450816-26130\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-78709032-952245617-1458450816-26130 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-78709032-952245617-1458450816-26130 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://145.253.245.252/CACHE/stc/1/binaries/vpnweb.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{2569FB0C-1010-47A8-9877-214048B6B185}: [NameServer] 195.54.122.221 195.54.122.211

Tcpip\..\Interfaces\{89728CFD-A151-44F6-8246-B5490BF4D4BD}: [NameServer] 195.54.122.211 195.54.122.221

Tcpip\..\Interfaces\{AAE809FD-455C-4A8B-9533-178AB2BB3DA1}: [NameServer] 195.54.122.221 195.54.122.211

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-13]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-25]

FF Extension: ffChromeHelper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{0F789E159EEADB4272FFA590367BFAAC} [2014-12-01]

FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D8C2E3B0CEB2F3386F23EAF3B8B73F7D} [2014-11-23]

FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\berntsson\AppData\Roaming\Mozilla\Firefox\Profiles\jt3lnfx4.default\extensions\faststartff@gmail.com

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-11]

CHR Extension: (iCloud Bookmarks) - C:\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-09-30]

CHR Extension: (AdBlock) - C:\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-19]

CHR Extension: (Google Wallet) - C:\Users\berntsson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]

CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BERNTS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [948224 2013-07-04] (SolarWinds) [File not signed]

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

R2 MieleStartStopService; C:\Miele_Service\ProfiM\MieleStartStopService.exe [24576 2006-01-20] () [File not signed]

S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)

R3 MSSQLFDLauncher; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [38568 2014-07-10] (Microsoft Corporation)

R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43128496 2014-07-10] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 ReportServer; c:\Program Files (x86)\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1193136 2014-07-10] (Microsoft Corporation)

R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-06-10] (Sophos Limited)

R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-11-20] (Sophos Limited)

S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]

R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2014-06-12] (Sophos Limited)

R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-11] (Sophos Limited)

R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [655144 2014-09-16] (Sophos Limited)

R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2014-06-12] (Sophos Limited)

R2 Sophos Patch Agent; C:\Program Files\Sophos\Sophos Patch Agent\spa.exe [3163432 2014-06-10] (Sophos Limited)

R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-11-20] (Sophos Limited)

S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)

S4 SQLSERVERAGENT; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [381104 2014-07-10] (Microsoft Corporation)

R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-11] (Sophos Limited)

S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2015-01-11] (Sophos Limited)

R2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]

S2 Telenor Mobile Partner. RunOuc; C:\Program Files (x86)\Telenor Mobile Partner\UpdateDog\ouc.exe [655712 2014-09-18] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-14] (Microsoft Corporation)

R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)

R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)

S3 elscrsvr; C:\Windows\System32\DRIVERS\elscr.sys [29184 2010-08-12] (Eletrolux)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)

R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-06-10] (Sophos Limited)

R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-06-10] (Sophos Limited)

S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-06-10] (Sophos Limited)

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)

S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [58368 2009-07-27] (TOSHIBA Corporation) [File not signed]

S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp64.sys [91008 2010-05-27] (Magic Control Technology Corp.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 14:19 - 2015-01-26 14:20 - 00028399 _____ () C:\Users\berntsson\Downloads\FRST.txt

2015-01-26 14:19 - 2015-01-26 14:19 - 02129920 _____ (Farbar) C:\Users\berntsson\Downloads\FRST64.exe

2015-01-26 12:18 - 2015-01-26 12:18 - 00020992 _____ () C:\Users\berntsson\Downloads\Klassificering-av-leasingavtal.xls

2015-01-26 10:50 - 2015-01-26 10:50 - 37987520 _____ (Microsoft Corporation) C:\Users\berntsson\Downloads\Windows-KB890830-x64-V5.20.exe

2015-01-26 10:41 - 2015-01-26 10:41 - 00000994 _____ () C:\Users\Public\Desktop\Max Uninstaller.lnk

2015-01-26 10:36 - 2015-01-26 10:37 - 04756960 _____ (http://www.maxuninstaller.com/ ) C:\Users\berntsson\Downloads\MUninstaller_2014_Setup.exe

2015-01-26 10:09 - 2015-01-26 10:09 - 02194432 _____ () C:\Users\berntsson\Downloads\adwcleaner_4.109.exe

2015-01-24 21:57 - 2015-01-24 21:57 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-01-24 19:22 - 2015-01-24 19:22 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk

2015-01-24 19:22 - 2015-01-24 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-01-24 19:22 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2015-01-24 19:20 - 2015-01-24 19:22 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-01-24 19:20 - 2015-01-24 19:22 - 00000000 ____D () C:\Program Files\iTunes

2015-01-24 19:20 - 2015-01-24 19:22 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-01-24 19:20 - 2015-01-24 19:20 - 00000000 ____D () C:\Program Files\iPod

2015-01-24 19:17 - 2015-01-24 19:17 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-01-24 19:17 - 2015-01-24 19:17 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2015-01-24 19:17 - 2015-01-24 19:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2015-01-24 19:16 - 2015-01-24 19:20 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\Program Files\Bonjour

2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2015-01-24 19:13 - 2015-01-24 19:14 - 122418480 _____ (Apple Inc.) C:\Users\berntsson\Downloads\iTunes64Setup.exe

2015-01-23 13:57 - 2015-01-23 13:57 - 00003288 ____N () C:\bootsqm.dat

2015-01-23 12:38 - 2015-01-23 12:38 - 00042174 _____ () C:\Users\berntsson\Downloads\Planering externa resurser 2015 LP3.xls.zip

2015-01-23 12:36 - 2015-01-23 12:36 - 02347384 _____ (ESET) C:\Users\berntsson\Downloads\esetsmartinstaller_enu.exe

2015-01-23 06:51 - 2015-01-23 06:51 - 00005734 _____ () C:\Users\berntsson\Desktop\Eset Scanning 150122.txt

2015-01-21 12:23 - 2015-01-21 13:43 - 00000000 ___HD () C:\ProgramData\cbt

2015-01-20 00:32 - 2015-01-20 00:32 - 00042441 _____ () C:\ComboFix.txt

2015-01-20 00:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-20 00:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-20 00:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-20 00:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-20 00:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-20 00:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-20 00:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-20 00:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-20 00:03 - 2015-01-20 00:33 - 00000000 ____D () C:\Qoobox

2015-01-20 00:02 - 2015-01-20 00:31 - 00000000 ____D () C:\Windows\erdnt

2015-01-19 23:46 - 2015-01-26 10:21 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-01-19 23:46 - 2015-01-19 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2015-01-19 23:46 - 2015-01-19 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-01-19 18:16 - 2015-01-19 18:16 - 00000000 ____D () C:\Users\berntsson\Desktop\Virus mm

2015-01-19 15:16 - 2015-01-19 15:16 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-19 14:24 - 2015-01-26 14:20 - 00000000 ____D () C:\FRST

2015-01-15 14:52 - 2015-01-19 13:51 - 00009469 _____ () C:\Users\berntsson\Documents\LanguageTranslatorInstall.log

2015-01-15 14:52 - 2015-01-15 14:52 - 00005508 _____ () C:\Users\berntsson\Documents\6a18775f-ba12-46bd-ad9c-5d615fea90e6LanguageTranslatorInstall.log

2015-01-15 14:52 - 2015-01-15 14:52 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\FreeLanguageTranslator

2015-01-14 12:05 - 2015-01-14 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram

2015-01-14 12:05 - 2015-01-14 12:05 - 00000000 ____D () C:\Program Files (x86)\BankID

2015-01-12 14:27 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAE.DLL

2015-01-12 14:26 - 2015-01-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series

2015-01-11 23:11 - 2015-01-11 23:11 - 00000000 ____D () C:\Users\berntsson\AppData\Local\Sophos

2015-01-11 21:49 - 2015-01-26 10:20 - 00000000 ____D () C:\AdwCleaner

2015-01-05 15:08 - 2015-01-05 15:08 - 00000998 _____ () C:\Users\berntsson\AppData\Local\recently-used.xbel

2015-01-05 15:08 - 2015-01-05 15:08 - 00000000 ____D () C:\Users\berntsson\.thumbnails

2015-01-05 14:40 - 2015-01-05 15:08 - 00000000 ____D () C:\Users\berntsson\AppData\Local\gtk-2.0

2015-01-05 14:20 - 2015-01-05 15:10 - 00000000 ____D () C:\Users\berntsson\.gimp-2.8

2015-01-05 14:20 - 2015-01-05 14:20 - 00000000 ____D () C:\Users\berntsson\AppData\Local\gegl-0.2

2014-12-27 10:46 - 2014-12-27 10:46 - 00000000 __SHD () C:\Users\berntsson\AppData\Local\EmieBrowserModeList

2014-12-27 10:30 - 2014-12-27 10:30 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\SpeedTray

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-26 14:15 - 2011-05-11 00:09 - 01622691 _____ () C:\Windows\WindowsUpdate.log

2015-01-26 13:57 - 2012-04-05 20:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-26 13:22 - 2012-10-17 15:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-26 10:42 - 2011-05-19 09:03 - 00000000 ____D () C:\Program Files (x86)\PDFCreator

2015-01-26 10:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Microsoft Games

2015-01-26 10:28 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-26 10:28 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-26 10:20 - 2014-03-05 18:31 - 00000000 ___RD () C:\Users\berntsson\Dropbox

2015-01-26 10:20 - 2014-03-05 18:30 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\Dropbox

2015-01-26 10:19 - 2012-10-17 15:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-26 10:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-26 10:18 - 2010-11-21 04:47 - 00203462 _____ () C:\Windows\PFRO.log

2015-01-26 10:18 - 2009-07-14 05:51 - 00115815 _____ () C:\Windows\setupact.log

2015-01-24 21:57 - 2012-04-05 20:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 21:57 - 2012-04-05 20:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-24 21:57 - 2011-05-19 09:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 19:16 - 2014-03-28 21:51 - 00000000 ____D () C:\ProgramData\Apple

2015-01-24 19:02 - 2012-04-17 13:25 - 00000542 _____ () C:\Windows\Tasks\Samstag 24h.job

2015-01-23 06:54 - 2011-05-18 10:39 - 00186240 __RSH () C:\ProgramData\ntuser.pol

2015-01-23 06:54 - 2011-05-18 10:38 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl

2015-01-22 20:16 - 2013-11-27 15:53 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-22 19:06 - 2014-11-26 08:25 - 00000000 ____D () C:\Users\berntsson\Documents\ECDIS Course

2015-01-22 13:44 - 2009-07-14 06:13 - 00988316 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-20 00:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-01-20 00:28 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-20 00:19 - 2009-07-14 03:34 - 23068672 _____ () C:\Windows\system32\config\SYSTEM.bak

2015-01-20 00:19 - 2009-07-14 03:34 - 110886912 _____ () C:\Windows\system32\config\SOFTWARE.bak

2015-01-20 00:19 - 2009-07-14 03:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak

2015-01-20 00:19 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2015-01-20 00:17 - 2011-05-18 10:43 - 00000000 ____D () C:\Users\fritzson

2015-01-19 15:11 - 2014-08-11 10:40 - 00000000 ____D () C:\Users\berntsson\AppData\Temp

2015-01-19 14:48 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2015-01-19 14:09 - 2014-02-17 09:42 - 00000000 ____D () C:\Users\berntsson\AppData\Local\VirtualStore

2015-01-19 13:48 - 2014-10-06 13:10 - 00000000 ____D () C:\Program Files (x86)\Acro Software

2015-01-19 13:46 - 2011-05-11 00:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-14 22:35 - 2013-08-12 08:00 - 00000000 _____ () C:\Windows\system32\vireng.log

2015-01-11 23:49 - 2014-02-14 08:23 - 00000000 ____D () C:\Users\berntsson\AppData\Local\Google

2015-01-11 23:35 - 2014-04-01 17:08 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\Skype

2015-01-11 22:58 - 2012-10-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-11 22:53 - 2012-10-17 15:36 - 00000000 ____D () C:\Program Files\Google

2015-01-11 22:45 - 2012-10-17 15:35 - 00000000 ____D () C:\ProgramData\Google

2015-01-11 22:38 - 2014-03-28 21:54 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\Apple Computer

2015-01-11 22:32 - 2014-03-05 19:15 - 00000000 ____D () C:\Program Files (x86)\Samsung

2015-01-11 22:30 - 2014-09-30 08:05 - 00000000 ___RD () C:\Users\berntsson\iCloudDrive

2015-01-11 22:19 - 2011-05-18 11:39 - 00000000 ____D () C:\Program Files (x86)\Sophos

2015-01-11 21:58 - 2014-05-08 17:45 - 00000000 ___RD () C:\Users\berntsson\Google Drive

2015-01-11 21:13 - 2014-09-17 14:09 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2015-01-08 12:43 - 2014-06-12 11:04 - 00000000 ____D () C:\Users\berntsson\AppData\Local\Adobe

2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-01-05 15:08 - 2014-02-14 08:23 - 00000000 ____D () C:\Users\berntsson

2015-01-05 10:50 - 2014-09-01 13:56 - 00000000 ____D () C:\Users\berntsson\AppData\Roaming\vlc

2015-01-01 12:55 - 2014-07-09 11:09 - 00002302 _____ () C:\Users\berntsson\Desktop\Chrome App Launcher.lnk

2015-01-01 12:55 - 2014-02-14 08:24 - 00001415 _____ () C:\Users\berntsson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-01 12:34 - 2012-06-30 06:45 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-01 12:34 - 2012-06-30 06:45 - 00000000 ____D () C:\ProgramData\Skype

2014-12-31 13:12 - 2011-05-18 12:01 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2011-06-08 17:52 - 2011-06-08 17:52 - 0000818 _____ () C:\Program Files (x86)\INSTALL.LOG

2014-02-14 09:57 - 2014-02-14 09:57 - 0000868 _____ () C:\Users\berntsson\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2014-09-30 07:35 - 2014-11-03 11:04 - 0000003 _____ () C:\Users\berntsson\AppData\Local\proxy.log

2015-01-05 15:08 - 2015-01-05 15:08 - 0000998 _____ () C:\Users\berntsson\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\berntsson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzdlkhg.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-26 13:54

 

==================== End Of Log ============================

Addition_26-01-2015_14-22-14.txt

[Cecilia]

1. Vet du vad detta är för program?

C:\Users\fritzson\Documents\Setup prg files\imt

 

2. Det finns "group policys" inlagda för Chrome och Internet Explorer. Är det något som är gjort med vilje eller är det något som något av de olämpliga programmen gjort?

 

3. Ska det vara inlagt en proxy för internetanslutningen?

 

4. Java 8 Update 20 är en gammal version med kända säkerhetshål som kanske kan användas för att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat men om du måste är det viktigt att alltid ha senaste versionen.

 

 

5. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
Task: {32E4B811-8243-4537-9798-BE540BD2F85A} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
C:\Program Files (x86)\GetPrivate
C:\Users\berntsson\AppData\Roaming\SpeedTray
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Run: [SpeedTray] => C:\Users\berntsson\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-27] ()
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-78709032-952245617-1458450816-26130 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-25]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\berntsson\AppData\Roaming\Mozilla\Firefox\Profiles\jt3lnfx4.default\extensions\faststartff@gmail.com
CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BERNTS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
Reboot:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

[pyretjens2002]

Hej igen,

 

Först svar på 1-4 sedan kommer Fixloggen.

 

1. Vet du vad detta är för program?
C:\Users\fritzson\Documents\Setup prg files\imt

De är nu borttagna eftersom de inte behövs.

2. Det finns "group policys" inlagda för Chrome och Internet Explorer. Är det något som är gjort med vilje eller är det något som något av de olämpliga programmen gjort? Känner inte till det, men behövs de egentligen annars hur tar man bort dem?
3. Ska det vara inlagt en proxy för internetanslutningen?

Möjligen eftersom jag kör VPN tunnel mot ett företagsnätverk emellanåt, om den inte behövs, hur tar man bort den?

4. Java 8 Update 20 är en gammal version med kända säkerhetshål som kanske kan användas för att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat men om du måste är det viktigt att alltid ha senaste versionen.

Avinstallerad tills vidare.

 

 

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

CloseProcesses:

Task: {32E4B811-8243-4537-9798-BE540BD2F85A} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION

C:\Program Files (x86)\GetPrivate

C:\Users\berntsson\AppData\Roaming\SpeedTray

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Run: [speedTray] => C:\Users\berntsson\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-27] ()

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Toolbar: HKU\S-1-5-21-78709032-952245617-1458450816-26130 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-13]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-25]

FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\berntsson\AppData\Roaming\Mozilla\Firefox\Profiles\jt3lnfx4.default\extensions\faststartff@gmail.com

CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BERNTS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

CHR HKU\S-1-5-21-78709032-952245617-1458450816-26130\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt  

CMD: ipconfig /release

CMD: ipconfig /renew

EmptyTemp:

Reboot:

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32E4B811-8243-4537-9798-BE540BD2F85A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E4B811-8243-4537-9798-BE540BD2F85A}" => Key deleted successfully.

C:\Windows\System32\Tasks\GPUP => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.

"C:\Program Files (x86)\GetPrivate" => File/Directory not found.

C:\Users\berntsson\AppData\Roaming\SpeedTray => Moved successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\S-1-5-21-78709032-952245617-1458450816-26130\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedTray => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-21-78709032-952245617-1458450816-26130\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331" => Key deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.

"HKU\S-1-5-21-78709032-952245617-1458450816-26130\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.

"HKU\S-1-5-21-78709032-952245617-1458450816-26130\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.

catchme => Service deleted successfully.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

=========  netsh int ip reset c:\resetlog.txt =========

 

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

Reseting Route, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /release =========

 

 

Windows IP Configuration

 

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.

No operation can be performed on Local Area Connection while it has its media disconnected.

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : 

   Default Gateway . . . . . . . . . : 

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : kreussler.net

 

Tunnel adapter isatap.kreussler.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . : 

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:c73:343b:4d51:2497

   Link-local IPv6 Address . . . . . : fe80::c73:343b:4d51:2497%25

   Default Gateway . . . . . . . . . : ::

 

Tunnel adapter isatap.{CEA60C6D-0A09-4D43-83D6-5ECAA7176FEC}:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.14%27

   Default Gateway . . . . . . . . . : 

 

Tunnel adapter isatap.{939FEA1C-52E0-4C26-86AB-E3724E2CFFC2}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

========= End of CMD: =========

 

 

=========  ipconfig /renew =========

 

 

Windows IP Configuration

 

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.

No operation can be performed on Local Area Connection while it has its media disconnected.

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : 

   IPv4 Address. . . . . . . . . . . : 192.168.1.14

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.1

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : kreussler.net

 

Tunnel adapter isatap.kreussler.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . : 

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:c73:343b:4d51:2497

   Link-local IPv6 Address . . . . . : fe80::c73:343b:4d51:2497%25

   Default Gateway . . . . . . . . . : ::

 

Tunnel adapter isatap.{CEA60C6D-0A09-4D43-83D6-5ECAA7176FEC}:

 

   Connection-specific DNS Suffix  . : 

   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.14%27

   Default Gateway . . . . . . . . . : 

 

Tunnel adapter isatap.{939FEA1C-52E0-4C26-86AB-E3724E2CFFC2}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 1.4 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 21:45:54 ====

[Cecilia]

2. Normalt använder inte privatpersoner group policys men företag gör det. Men om du inte tror att det är så kan man ta bort dem med FRST.

 

Är det fortfarande problem med iexplore.exe?

[pyretjens2002]

Hej!

 

Nej inga självstartande iexplore.exe processer senaste dygnet så fixlist som du gjorde verkar ha gjort susen för det.

 

ang Group Policies och proxy så kan det vara något som it-adm har hjälpt mig med för att allt ska fungera bra när jag kör mot företagets nätverk utifrån eller?  Enligt samma IT ADM så ska min dator vara virusfri sa de redan innan jag kontaktade Eforum

 

1. Kanske bäst att låta Group Policies och proxyn vara eller? Kan de orsaka skador? Hur tar man bort dem med FRST?

 

2. Kanske lite OT men undrar om ett program, PDF Creator,  som vägrae

att avinstallera sig vare sig i Control Panel eller med programmets egna uninstall, den kan inte kör en nödvändigt program.  ( vv se bif screenshot)

PDF Creator.docx

[Cecilia]

Det är skillnad på virus och annonsprogram.

 

Om du inte märker att det är vissa saker du inte kan göra med Internet Explorer eller Chrome så är det inga problem med att ha kvar de "group policys" som finns i datorn.

 

PDF Creator är inte nödvändigt utan något man installerar själv.

http://www.pdfforge.org/

Har inte Office-program på denna dator så jag kan inte se din bifogade fil. Det går utmärkt att ladda upp bilder till forumet utan att gå vägen via Office.

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

 

Observera att det är ett mellanrum före /

Klicka på OK.

 

3. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

[pyretjens2002]

Allt klart! 

 

10 tummar upp till dig Cecilia för bra och enkel handledning!

 

Tack!

[Cecilia]

Tack själv fina ord