Just nu i M3-nätverket
Gå till innehåll

Proxyserver hindrar BankID. Virusrelaterat?


yassas

Rekommendera Poster

Det finns en tråd med liknande frågor, men det blir kanske rörigt med tre frågor i samma. Så jag skapar en ny.

Lite fakta:

Win7

Telia ADSL

Webläsare Opera, men för BankID används Chrome

Microsoft antivirus och brandvägg. Malwarebytes emellanåt.

BankID fungerade före den 4/2 då jag reste bort i 14 dagar.Några dagar efter hemkost var det strul.

 

Kan inte installera Bank ID från Länsförsäkringar.

Får detta meddelande:

“Det gick inte att starta Bank Id säkerhetsprogram. Det kan bero på att du 

inte har rätt version av säkerhetsprogrammet installerat

eller att du inte godkänt att din webbläsare får starta säkerhetsprogrammet.”

Därefter visas ett formulär rubricerat "Fel vid användning av HTTP-Proxy"

mm text bl a "meddelandekod 10034"

 

Jag har vidtagit alla åtgärder som finns hos BankID-supporten och haft kontakt med personal via mail (ny handläggare varje gång). Proxyservrar verkar inte vara deras område, men påstår tvärsäkert att min dator infekterats av PUM.bad.proxy och att ominstallation är lösningen.

Det finns en "systemproxyserver" under Internetalternativ....LAN-inställnigar med adress

127.0.0.1 och port 8080. Den går inte att avmarkera, utan återställs automatiskt.

 Jag har för mig att inställningen alltid funnits, men är inte säker. Det finns mycket skrivet på nätet om detta. Ska inte "Automatisk identifiering av inställningar" vara ibockat och "Proxyserver" vara avaktiverat?

 

Jag har gått igenom gamla logfiler i Malwarebytes, men inte hittat PUM.bad.proxy. I senaste Malwarebytes-körningen hittades inga allvarigheter, men de har parkerats i karantän. Winupdsvc.exe och WOWsearch är väl inte så trevliga.Finns mycket skrivet på nätet. Frågan är om de kan påverka inställningarna för Proxyserver?

 

Jag har också haft strul med avbrutna uppdateringar av Windows och Java.

 

Tacksam för råd om var och hur problemen skall angripas.

/

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01

Ran by thd (administrator) on YASSAS on 26-02-2015 11:00:35

Running from C:\Users\thd\Desktop

Loaded Profiles: thd (Available profiles: UpdatusUser & thd)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

() C:\Program Files (x86)\Loca\bin\LocaProxy.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Intel) C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

() C:\Program Files (x86)\Loca\bin\LocaProxyTracker.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Finansiell ID-Teknik BID AB) C:\Program Files (x86)\BankID\BankID.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(Opera Software) C:\Program Files (x86)\Opera\opera.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-02] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-31] (Lenovo)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [intel Scheduler2 Service] => C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe [362296 2010-11-01] (Intel)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)

HKLM-x32\...\Run: [intelSBA] => C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [DataMigrationSoftwareMonitor.exe] => C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe [2605224 2010-11-01] (Intel)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)

HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-07] (Google Inc.)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [backgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\thd\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [iLivid] => "C:\Users\thd\AppData\Local\iLivid\iLivid.exe" -autorun

HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\MountPoints2: {feb67c1c-f8ec-11e1-aa8f-806e6f6e6963} - Q:\LenovoQDrive.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)

Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [s-1-5-21-206814398-840138992-2035921961-1002] => Internet Explorer proxy is enabled.

ProxyServer: [s-1-5-21-206814398-840138992-2035921961-1002] => http=127.0.0.1:8080;https=127.0.0.1:8080

HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP

HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad

SearchScopes: HKLM -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKLM-x32 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

SearchScopes: HKU\.DEFAULT -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKU\S-1-5-21-206814398-840138992-2035921961-1002 -> {394CF198-B57B-43F8-9AD4-F2EFE3F49DA8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149


SearchScopes: HKU\S-1-5-21-206814398-840138992-2035921961-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=266&systemid=406&v=n12441-329&apn_uid=8260449092774093&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-206814398-840138992-2035921961-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.67.199.37

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.3.0.6 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-206814398-840138992-2035921961-1002: @Google.com/GoogleEarthPlugin -> C:\Users\thd\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2015-01-15]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-01]

FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-09-07]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"

CHR Profile: C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Logitech SetPoint) - C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-01-14]

CHR Extension: (Google Wallet) - C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]

CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-10-30]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)

R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)

R2 Intel® Small Business Advantage; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)

R2 IntSch2Svc; C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [1164704 2010-11-01] (Intel)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)

R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-02] (Lenovo Group Limited)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()

R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()

R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)

R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)

R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]

R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)

R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-26] (Malwarebytes Corporation)

R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)

R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)

R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)

R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)

R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)

R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 11:00 - 2015-02-26 11:00 - 00029739 _____ () C:\Users\thd\Desktop\FRST.txt

2015-02-26 11:00 - 2015-02-26 11:00 - 00000000 ____D () C:\FRST

2015-02-26 10:58 - 2015-02-26 10:58 - 02087936 _____ (Farbar) C:\Users\thd\Desktop\FRST64.exe

2015-02-26 08:22 - 2015-02-26 08:22 - 00000000 ____D () C:\Users\thd\AppData\Local\{35F43F6F-5541-462A-940D-091F9425C143}

2015-02-25 20:21 - 2015-02-25 20:21 - 00000000 ____D () C:\Users\thd\AppData\Local\{C60FEA3B-0C1E-4890-99B3-788589D694AF}

2015-02-25 08:21 - 2015-02-25 08:21 - 00000000 ____D () C:\Users\thd\AppData\Local\{9695FA2B-B6BF-4736-A1E4-4FD71C79188C}

2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\thd\AppData\Local\{B5340B39-4E55-49A5-9996-B2FF6C660315}

2015-02-24 11:59 - 2015-02-23 23:21 - 00026735 _____ () C:\Users\thd\Desktop\Log1.log

2015-02-24 07:47 - 2015-02-24 07:47 - 00000000 ____D () C:\Users\thd\AppData\Local\{FB5AA65F-A2A8-472B-AC0A-2B6DFA73BE0B}

2015-02-23 19:46 - 2015-02-23 19:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{A45660CC-690C-4A74-9175-BF7CD662D356}

2015-02-23 18:30 - 2015-02-23 15:23 - 00012252 _____ () C:\Users\thd\Desktop\mbam-log-2015-02-23 (15-01-42).xml

2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\Users\thd\AppData\Roaming\BankID

2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram

2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\Program Files (x86)\BankID

2015-02-23 11:03 - 2015-02-23 11:03 - 12731440 _____ () C:\Users\thd\Downloads\BankID_installation_6_3_0 (1).exe

2015-02-23 10:53 - 2015-02-23 10:53 - 00517008 _____ () C:\Users\thd\Downloads\Remove_BISP (1).exe

2015-02-23 10:50 - 2015-02-23 10:50 - 00517008 _____ () C:\Users\thd\Downloads\Remove_BISP.exe

2015-02-23 07:46 - 2015-02-23 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{F1779C2D-154C-42C7-9660-CA2D0FD02A68}

2015-02-22 19:00 - 2015-02-22 11:48 - 00249701 _____ () C:\Users\thd\Desktop\gamLog1.log

2015-02-22 19:00 - 2015-01-29 22:23 - 00512052 _____ () C:\Users\thd\Desktop\gamLog2.log

2015-02-22 11:11 - 2015-02-22 11:11 - 00000000 ____D () C:\Users\thd\AppData\Local\{B35AD6F6-82E7-45CA-B456-3C83B548C2D2}

2015-02-22 11:07 - 2015-02-22 11:07 - 00000374 _____ () C:\Users\thd\Downloads\Remove_WinInet.reg

2015-02-22 10:56 - 2015-02-22 10:56 - 00000454 _____ () C:\Users\thd\Downloads\Add_WinInet (1).reg

2015-02-22 09:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-02-22 09:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-02-22 09:49 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-02-22 09:49 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-02-22 09:49 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-02-22 09:49 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-02-22 09:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-02-22 09:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-02-22 09:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-02-22 09:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-02-22 09:37 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-22 09:37 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-22 09:37 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-02-21 23:10 - 2015-02-21 23:10 - 00000000 ____D () C:\Users\thd\AppData\Local\{9C242293-B198-4A97-AF34-9949A4CD803B}

2015-02-21 11:10 - 2015-02-21 11:10 - 00000000 ____D () C:\Users\thd\AppData\Local\{06E564BD-5D9B-412E-8317-24AE2527EFF7}

2015-02-21 08:00 - 2015-02-21 08:00 - 00000454 _____ () C:\Users\thd\Downloads\Add_WinInet.reg

2015-02-20 23:03 - 2015-02-20 23:03 - 00000000 ____D () C:\Users\thd\AppData\Local\{E9FD3FD2-52A7-4748-A7F3-85C134762979}

2015-02-20 13:15 - 2015-02-20 13:16 - 12731440 _____ () C:\Users\thd\Downloads\BankID_installation_6_3_0.exe

2015-02-20 11:02 - 2015-02-20 11:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{E3535D58-8880-4DBB-AD60-0F73E053DBBA}

2015-02-19 23:02 - 2015-02-19 23:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{A42862FD-3BF4-471A-8B71-04ACEA59DAFA}

2015-02-19 11:02 - 2015-02-19 11:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{47BBB750-81BE-45B4-AF51-22BE4B808D68}

2015-02-18 23:01 - 2015-02-18 23:01 - 00000000 ____D () C:\Users\thd\AppData\Local\{FA9BF542-64D5-40A6-91A5-25CFE046AFBB}

2015-02-18 07:42 - 2015-02-18 07:42 - 00000000 ____D () C:\Users\thd\AppData\Local\{33626A93-9BDB-407B-9969-17A719861C5E}

2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\thd\AppData\Local\{033E09CE-BBB1-4F82-AAE4-403AA12C2124}

2015-02-04 07:46 - 2015-02-04 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{7152F9E9-DC95-43FA-82E0-C5F8B4849B2C}

2015-02-03 19:46 - 2015-02-03 19:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{53532332-5ED4-4B9F-859A-D069B251EA4A}

2015-02-03 07:46 - 2015-02-03 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{0E877FD1-D015-42CC-9370-90519A437CA1}

2015-02-02 19:45 - 2015-02-02 19:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{B9CA0F87-30C9-4F61-B471-2C5EFF322682}

2015-02-02 07:45 - 2015-02-02 07:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{E3D64060-A681-4DEB-BBC8-C76E97E2777D}

2015-02-01 19:45 - 2015-02-01 19:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{48370DB5-0783-4449-BA7F-F45AAA16B639}

2015-02-01 07:45 - 2015-02-01 07:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{3878B7C2-DBE3-4127-BFD9-A1DEEC3085C7}

2015-01-31 09:49 - 2015-01-31 09:49 - 00002458 _____ () C:\Users\Public\Desktop\Google Earth.lnk

2015-01-31 09:49 - 2015-01-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2015-01-31 08:40 - 2015-01-31 08:40 - 00000000 ____D () C:\Users\thd\AppData\Roaming\NVIDIA

2015-01-31 07:55 - 2015-01-31 07:55 - 00000000 ____D () C:\Users\thd\AppData\Local\{8385911A-7648-466C-9F5D-3225F4317296}

2015-01-30 22:53 - 2015-01-30 22:53 - 00880784 _____ (Google Inc.) C:\Users\thd\Downloads\GoogleEarthSetup.exe

2015-01-30 19:53 - 2015-02-24 18:50 - 00000000 ____D () C:\Program Files (x86)\hela

2015-01-30 19:53 - 2015-01-30 19:53 - 00000000 ____D () C:\Users\thd\AppData\Local\{B792AD6E-AB17-43A0-854B-8662E2E0352C}

2015-01-30 07:53 - 2015-01-30 07:53 - 00000000 ____D () C:\Users\thd\AppData\Local\{455FA4A8-BCFB-4D97-876E-67FADAEA499D}

2015-01-29 19:53 - 2015-01-29 19:53 - 00000000 ____D () C:\Users\thd\AppData\Local\{674D9A2A-CF0C-41DB-A5AF-B317B22BB909}

2015-01-29 07:53 - 2015-01-29 07:53 - 00000000 ____D () C:\Users\thd\AppData\Local\{65D6F348-0A02-4D1F-8628-8E5B845F5E83}

2015-01-28 19:52 - 2015-01-28 19:52 - 00000000 ____D () C:\Users\thd\AppData\Local\{BF9F33A4-E2BC-41FF-990F-592415C82D67}

2015-01-28 07:52 - 2015-01-28 07:52 - 00000000 ____D () C:\Users\thd\AppData\Local\{46C4EF7C-BC1C-47D3-B42D-3DCEA013D60D}

2015-01-27 19:52 - 2015-01-27 19:52 - 00000000 ____D () C:\Users\thd\AppData\Local\{1E74A4F9-1961-4C87-A1BE-68017DE39676}

2015-01-27 07:52 - 2015-01-27 07:52 - 00000000 ____D () C:\Users\thd\AppData\Local\{E48CC71D-94D9-45CE-A20C-0F59F1658873}

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 10:04 - 2012-09-07 14:31 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-26 08:54 - 2014-11-13 11:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-26 08:20 - 2009-07-14 05:51 - 00153699 _____ () C:\Windows\setupact.log

2015-02-25 22:04 - 2012-09-07 14:31 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-25 10:28 - 2012-09-07 14:10 - 01535739 _____ () C:\Windows\WindowsUpdate.log

2015-02-25 08:36 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-25 08:36 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-24 14:38 - 2012-10-24 15:43 - 00000000 ____D () C:\Users\thd\AppData\Local\MobileAccess

2015-02-24 08:31 - 2014-01-13 11:34 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-24 07:39 - 2012-09-07 13:55 - 00664068 _____ () C:\Windows\system32\perfh01D.dat

2015-02-24 07:39 - 2012-09-07 13:55 - 00142836 _____ () C:\Windows\system32\perfc01D.dat

2015-02-24 07:39 - 2009-07-14 06:13 - 01580554 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-23 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-23 15:24 - 2012-09-07 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-23 15:23 - 2012-09-07 14:32 - 00000000 ____D () C:\Windows\PCHEALTH

2015-02-23 15:23 - 2010-11-21 04:47 - 00680416 _____ () C:\Windows\PFRO.log

2015-02-23 15:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-23 11:00 - 2015-01-18 07:39 - 00000000 ____D () C:\Program Files (x86)\Loca

2015-02-23 09:16 - 2012-10-31 07:47 - 00007616 _____ () C:\Users\thd\AppData\Local\resmon.resmoncfg

2015-02-23 07:46 - 2015-01-22 14:04 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe

2015-02-23 07:46 - 2015-01-22 14:04 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe

2015-02-23 07:46 - 2015-01-22 14:04 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe

2015-02-22 13:11 - 2012-10-25 12:30 - 00000000 ____D () C:\Users\thd\AppData\Local\CrashDumps

2015-02-22 09:58 - 2009-07-14 05:45 - 00287616 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-22 09:50 - 2014-11-24 10:07 - 01556124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-02-22 09:49 - 2014-11-24 09:01 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-22 09:49 - 2012-10-25 10:44 - 00002155 _____ () C:\Windows\epplauncher.mif

2015-02-22 09:49 - 2012-10-25 10:19 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-02-22 09:49 - 2012-10-25 10:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-22 09:49 - 2012-10-25 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2015-02-03 09:05 - 2012-09-06 21:36 - 00000000 ____D () C:\ProgramData\Lenovo

2015-01-31 09:49 - 2012-10-24 15:49 - 00000000 ____D () C:\Users\thd\AppData\Local\Google

2015-01-31 08:38 - 2014-02-24 14:21 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-01-30 23:04 - 2012-10-24 15:42 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-29 17:49 - 2012-10-24 17:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2012-10-31 07:47 - 2015-02-23 09:16 - 0007616 _____ () C:\Users\thd\AppData\Local\resmon.resmoncfg

2015-01-17 13:45 - 2015-01-17 13:45 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe

2012-10-24 15:46 - 2014-01-15 16:30 - 0000372 _____ () C:\ProgramData\LastUpdate.xml

2015-01-22 14:04 - 2015-02-23 07:46 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe

2015-01-22 14:04 - 2015-02-23 07:46 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe

2015-01-22 14:04 - 2015-02-23 07:46 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe

 

Files to move or delete:

====================

C:\ProgramData\cryptoDrvUpdate.exe

C:\ProgramData\yvd_chrome_se.exe

C:\ProgramData\yvd_firefox_se.exe

C:\ProgramData\yvd_ie_se.exe

 

 

Some content of TEMP:

====================

C:\Users\thd\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\thd\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\thd\AppData\Local\Temp\jsonparser.dll

C:\Users\thd\AppData\Local\Temp\LMkRstPt.exe

C:\Users\thd\AppData\Local\Temp\MSETUP4.EXE

C:\Users\thd\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\thd\AppData\Local\Temp\nvStereoApiI64.dll

C:\Users\thd\AppData\Local\Temp\nvStInst.exe

C:\Users\thd\AppData\Local\Temp\optprosetup.exe

C:\Users\thd\AppData\Local\Temp\PrefJsonCpp.exe

C:\Users\thd\AppData\Local\Temp\SkypeSetup.exe

C:\Users\thd\AppData\Local\Temp\sqlite3.exe

C:\Users\thd\AppData\Local\Temp\TB_EB0.exe

C:\Users\thd\AppData\Local\Temp\uninstall.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-23 08:40

 

==================== End Of Log ============================


 

 

 

 

 

 

Addition.txt

mbam-log-2015-02-23 (15-01-42).xml

Länk till kommentar
Dela på andra webbplatser

Alltid bäst med bara en infekterad dator i en tråd.

 

Det är något i datorn som kallar sig LocaProxy och det ska vi väl kunna få bort så småningom.

 

1. Avinstallera:

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Därför att det är gamla programversioner med kända säkerhetshål som gör det lätt att infektera en dator från en webbsida. De flesta behöver inte ha Java installerat men om du måste är det viktigt att alltid ha senaste versionen, vilket för närvarande är Java 8 Update 31 (eller ändå högre).

 

2. Avinstallera (om det går enkelt):

Yontoo

eftersom det är ett annonsprogram.

 

 

3. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

Reultatet:

 

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 14:28:49
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : thd - YASSAS
# Running from : C:\Users\thd\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\thd\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\thd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DiskDiagnostic
Folder Found : C:\Program Files (x86)\EZ YouTube Video Downloader
Folder Found : C:\Program Files (x86)\hela
Folder Found : C:\Program Files (x86)\Loca
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\thd\AppData\Local\Conduit
Folder Found : C:\Users\thd\AppData\Local\jZip
Folder Found : C:\Users\thd\AppData\Local\Temp\jZip
Folder Found : C:\Users\thd\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\thd\AppData\LocalLow\Conduit
Folder Found : C:\Users\thd\AppData\Roaming\Systweak
Folder Found : C:\Users\thd\Documents\Optimizer Pro
Folder Found : C:\Windows\Util

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8080;hxxps=127.0.0.1:8080
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{394CF198-B57B-43F8-9AD4-F2EFE3F49DA8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SecurityUpdatesService
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{394CF198-B57B-43F8-9AD4-F2EFE3F49DA8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SecurityUpdatesService
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZ YouTube Video Downloader
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainerV2]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v40.0.2214.94

[C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://wow.utop.it/?q={searchTerms}

-\\ Opera v27.0.1689.76

*************************

AdwCleaner[R0].txt - [6267 bytes] - [02/03/2015 14:28:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6326 bytes] ##########

Länk till kommentar
Dela på andra webbplatser

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med programmet igen och klistra in de två nya loggarna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Cecilia

Det verkar finnas en del elände

 

 

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 15:43:18
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : thd - YASSAS
# Running from : C:\Users\thd\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\EZ YouTube Video Downloader
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Loca
Folder Deleted : C:\Program Files (x86)\DiskDiagnostic
Folder Deleted : C:\Program Files (x86)\hela
Folder Deleted : C:\Windows\Util
Folder Deleted : C:\Users\thd\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\thd\AppData\Local\Conduit
Folder Deleted : C:\Users\thd\AppData\Local\jZip
Folder Deleted : C:\Users\thd\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\thd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\thd\AppData\Roaming\Systweak
Folder Deleted : C:\Users\thd\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\thd\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\thd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainerV2]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{394CF198-B57B-43F8-9AD4-F2EFE3F49DA8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\SecurityUpdatesService
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\jZip
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZ YouTube Video Downloader
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8080;hxxps=127.0.0.1:8080
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v40.0.2214.94

[C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://wow.utop.it/?q={searchTerms}

-\\ Opera v27.0.1689.76

[C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://wow.utop.it/?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6457 bytes] - [02/03/2015 14:28:49]
AdwCleaner[R1].txt - [6516 bytes] - [02/03/2015 15:41:43]
AdwCleaner[s0].txt - [6018 bytes] - [02/03/2015 15:43:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6077 bytes] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by thd (administrator) on YASSAS on 02-03-2015 15:49:18
Running from C:\Users\thd\Desktop
Loaded Profiles: thd (Available profiles: UpdatusUser & thd)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel) C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-02] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-31] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [intel Scheduler2 Service] => C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe [362296 2010-11-01] (Intel)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [intelSBA] => C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DataMigrationSoftwareMonitor.exe] => C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe [2605224 2010-11-01] (Intel)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-07] (Google Inc.)
HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\MountPoints2: {feb67c1c-f8ec-11e1-aa8f-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-206814398-840138992-2035921961-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-206814398-840138992-2035921961-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_svSE507SE507
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-206814398-840138992-2035921961-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.67.199.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.3.0.6 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206814398-840138992-2035921961-1002: @Google.com/GoogleEarthPlugin -> C:\Users\thd\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-09-07]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Profile: C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Logitech SetPoint) - C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\thd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 Intel® Small Business Advantage; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 IntSch2Svc; C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [1164704 2010-11-01] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 15:48 - 2015-03-02 15:48 - 00000000 ____D () C:\Users\thd\Desktop\FRST-OlderVersion
2015-03-02 14:28 - 2015-03-02 15:43 - 00000000 ____D () C:\AdwCleaner
2015-03-02 14:24 - 2015-03-02 14:24 - 02126848 _____ () C:\Users\thd\Desktop\adwcleaner_4.111.exe
2015-03-02 08:51 - 2015-03-02 09:06 - 00001168 _____ () C:\Users\thd\Desktop\mbam150223.txt
2015-03-02 07:50 - 2015-03-02 07:50 - 00000000 ____D () C:\Users\thd\AppData\Local\{54BEE695-78F2-42BC-8AD2-02180380FFBD}
2015-03-01 07:36 - 2015-03-01 07:36 - 00000000 ____D () C:\Users\thd\AppData\Local\{24AB8A8F-003D-4BA4-996C-FBD281BA0E54}
2015-02-27 23:47 - 2015-02-27 23:47 - 00000000 ____D () C:\Users\thd\AppData\Local\{20157A63-A5DD-4C1F-8E8F-A74ECE625C5F}
2015-02-27 13:05 - 2015-03-02 10:26 - 00001907 _____ () C:\Users\thd\Desktop\Bankid.txt
2015-02-27 08:23 - 2015-02-27 08:23 - 00000000 ____D () C:\Users\thd\AppData\Local\{ED1968AA-7471-4585-B76C-0BB514FDA7A8}
2015-02-27 08:05 - 2015-03-02 12:54 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425020741
2015-02-27 08:05 - 2015-02-27 08:05 - 00019672 _____ () C:\Users\thd\Desktop\Opera 12 Notes.html
2015-02-27 08:05 - 2015-02-27 08:05 - 00001140 _____ () C:\Users\Public\Desktop\Opera 27.lnk
2015-02-27 08:05 - 2015-02-27 08:05 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
2015-02-27 08:05 - 2015-02-27 08:05 - 00000000 ____D () C:\Users\thd\AppData\Roaming\Opera Software
2015-02-27 08:05 - 2015-02-27 08:05 - 00000000 ____D () C:\Users\thd\AppData\Local\Opera Software
2015-02-26 20:23 - 2015-02-26 20:23 - 00000000 ____D () C:\Users\thd\AppData\Local\{2D0703C5-0E12-4DAD-9DBD-14BFE17B9AC6}
2015-02-26 11:01 - 2015-02-26 11:01 - 00041257 _____ () C:\Users\thd\Desktop\Addition.txt
2015-02-26 11:00 - 2015-03-02 15:49 - 00025687 _____ () C:\Users\thd\Desktop\FRST.txt
2015-02-26 11:00 - 2015-03-02 15:49 - 00000000 ____D () C:\FRST
2015-02-26 10:58 - 2015-03-02 15:48 - 02092544 _____ (Farbar) C:\Users\thd\Desktop\FRST64.exe
2015-02-26 08:22 - 2015-02-26 08:22 - 00000000 ____D () C:\Users\thd\AppData\Local\{35F43F6F-5541-462A-940D-091F9425C143}
2015-02-25 20:21 - 2015-02-25 20:21 - 00000000 ____D () C:\Users\thd\AppData\Local\{C60FEA3B-0C1E-4890-99B3-788589D694AF}
2015-02-25 08:21 - 2015-02-25 08:21 - 00000000 ____D () C:\Users\thd\AppData\Local\{9695FA2B-B6BF-4736-A1E4-4FD71C79188C}
2015-02-24 19:47 - 2015-02-24 19:47 - 00000000 ____D () C:\Users\thd\AppData\Local\{B5340B39-4E55-49A5-9996-B2FF6C660315}
2015-02-24 11:59 - 2015-02-23 23:21 - 00026735 _____ () C:\Users\thd\Desktop\Log1.log
2015-02-24 07:47 - 2015-02-24 07:47 - 00000000 ____D () C:\Users\thd\AppData\Local\{FB5AA65F-A2A8-472B-AC0A-2B6DFA73BE0B}
2015-02-23 19:46 - 2015-02-23 19:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{A45660CC-690C-4A74-9175-BF7CD662D356}
2015-02-23 18:30 - 2015-02-23 15:23 - 00012252 _____ () C:\Users\thd\Desktop\mbam-log-2015-02-23 (15-01-42).xml
2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\Users\thd\AppData\Roaming\BankID
2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
2015-02-23 11:04 - 2015-02-23 11:04 - 00000000 ____D () C:\Program Files (x86)\BankID
2015-02-23 11:03 - 2015-02-23 11:03 - 12731440 _____ () C:\Users\thd\Downloads\BankID_installation_6_3_0 (1).exe
2015-02-23 10:53 - 2015-02-23 10:53 - 00517008 _____ () C:\Users\thd\Downloads\Remove_BISP (1).exe
2015-02-23 10:50 - 2015-02-23 10:50 - 00517008 _____ () C:\Users\thd\Downloads\Remove_BISP.exe
2015-02-23 07:46 - 2015-02-23 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{F1779C2D-154C-42C7-9660-CA2D0FD02A68}
2015-02-22 19:00 - 2015-02-22 11:48 - 00249701 _____ () C:\Users\thd\Desktop\gamLog1.log
2015-02-22 19:00 - 2015-01-29 22:23 - 00512052 _____ () C:\Users\thd\Desktop\gamLog2.log
2015-02-22 11:11 - 2015-02-22 11:11 - 00000000 ____D () C:\Users\thd\AppData\Local\{B35AD6F6-82E7-45CA-B456-3C83B548C2D2}
2015-02-22 11:07 - 2015-02-22 11:07 - 00000374 _____ () C:\Users\thd\Downloads\Remove_WinInet.reg
2015-02-22 10:56 - 2015-02-22 10:56 - 00000454 _____ () C:\Users\thd\Downloads\Add_WinInet (1).reg
2015-02-22 09:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-22 09:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-22 09:49 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-22 09:49 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-22 09:49 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-22 09:49 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-22 09:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-22 09:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-22 09:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-22 09:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-22 09:37 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-22 09:37 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-22 09:37 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-21 23:10 - 2015-02-21 23:10 - 00000000 ____D () C:\Users\thd\AppData\Local\{9C242293-B198-4A97-AF34-9949A4CD803B}
2015-02-21 11:10 - 2015-02-21 11:10 - 00000000 ____D () C:\Users\thd\AppData\Local\{06E564BD-5D9B-412E-8317-24AE2527EFF7}
2015-02-21 08:00 - 2015-02-21 08:00 - 00000454 _____ () C:\Users\thd\Downloads\Add_WinInet.reg
2015-02-20 23:03 - 2015-02-20 23:03 - 00000000 ____D () C:\Users\thd\AppData\Local\{E9FD3FD2-52A7-4748-A7F3-85C134762979}
2015-02-20 13:15 - 2015-02-20 13:16 - 12731440 _____ () C:\Users\thd\Downloads\BankID_installation_6_3_0.exe
2015-02-20 11:02 - 2015-02-20 11:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{E3535D58-8880-4DBB-AD60-0F73E053DBBA}
2015-02-19 23:02 - 2015-02-19 23:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{A42862FD-3BF4-471A-8B71-04ACEA59DAFA}
2015-02-19 11:02 - 2015-02-19 11:02 - 00000000 ____D () C:\Users\thd\AppData\Local\{47BBB750-81BE-45B4-AF51-22BE4B808D68}
2015-02-18 23:01 - 2015-02-18 23:01 - 00000000 ____D () C:\Users\thd\AppData\Local\{FA9BF542-64D5-40A6-91A5-25CFE046AFBB}
2015-02-18 07:42 - 2015-02-18 07:42 - 00000000 ____D () C:\Users\thd\AppData\Local\{33626A93-9BDB-407B-9969-17A719861C5E}
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\thd\AppData\Local\{033E09CE-BBB1-4F82-AAE4-403AA12C2124}
2015-02-04 07:46 - 2015-02-04 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{7152F9E9-DC95-43FA-82E0-C5F8B4849B2C}
2015-02-03 19:46 - 2015-02-03 19:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{53532332-5ED4-4B9F-859A-D069B251EA4A}
2015-02-03 07:46 - 2015-02-03 07:46 - 00000000 ____D () C:\Users\thd\AppData\Local\{0E877FD1-D015-42CC-9370-90519A437CA1}
2015-02-02 19:45 - 2015-02-02 19:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{B9CA0F87-30C9-4F61-B471-2C5EFF322682}
2015-02-02 07:45 - 2015-02-02 07:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{E3D64060-A681-4DEB-BBC8-C76E97E2777D}
2015-02-01 19:45 - 2015-02-01 19:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{48370DB5-0783-4449-BA7F-F45AAA16B639}
2015-02-01 07:45 - 2015-02-01 07:45 - 00000000 ____D () C:\Users\thd\AppData\Local\{3878B7C2-DBE3-4127-BFD9-A1DEEC3085C7}
2015-01-31 09:49 - 2015-01-31 09:49 - 00002458 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-01-31 09:49 - 2015-01-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-01-31 08:40 - 2015-01-31 08:40 - 00000000 ____D () C:\Users\thd\AppData\Roaming\NVIDIA
2015-01-31 07:55 - 2015-01-31 07:55 - 00000000 ____D () C:\Users\thd\AppData\Local\{8385911A-7648-466C-9F5D-3225F4317296}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 15:48 - 2012-09-07 13:55 - 00664068 _____ () C:\Windows\system32\perfh01D.dat
2015-03-02 15:48 - 2012-09-07 13:55 - 00142836 _____ () C:\Windows\system32\perfc01D.dat
2015-03-02 15:48 - 2009-07-14 06:13 - 01580554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 15:47 - 2012-09-07 14:10 - 01845982 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 15:45 - 2012-09-07 14:31 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 15:45 - 2012-09-07 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-02 15:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 15:44 - 2009-07-14 05:51 - 00155152 _____ () C:\Windows\setupact.log
2015-03-02 15:04 - 2012-09-07 14:31 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 13:09 - 2012-10-25 12:30 - 00000000 ____D () C:\Users\thd\AppData\Local\CrashDumps
2015-03-02 12:54 - 2012-10-30 08:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-02 08:44 - 2014-11-13 11:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:29 - 2012-10-24 15:43 - 00000000 ____D () C:\Users\thd\AppData\Local\MobileAccess
2015-02-28 10:32 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 10:32 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 10:24 - 2010-11-21 04:47 - 00680770 _____ () C:\Windows\PFRO.log
2015-02-27 08:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-24 08:31 - 2014-01-13 11:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-23 15:23 - 2012-09-07 14:32 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-23 09:16 - 2012-10-31 07:47 - 00007616 _____ () C:\Users\thd\AppData\Local\resmon.resmoncfg
2015-02-23 07:46 - 2015-01-22 14:04 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
2015-02-22 09:58 - 2009-07-14 05:45 - 00287616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-22 09:50 - 2014-11-24 10:07 - 01556124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-22 09:49 - 2014-11-24 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-22 09:49 - 2012-10-25 10:44 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-22 09:49 - 2012-10-25 10:19 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-22 09:49 - 2012-10-25 10:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-22 09:49 - 2012-10-25 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-03 09:05 - 2012-09-06 21:36 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-31 09:49 - 2012-10-24 15:49 - 00000000 ____D () C:\Users\thd\AppData\Local\Google
2015-01-31 08:38 - 2014-02-24 14:21 - 00000000 ____D () C:\Windows\system32\appmgmt

==================== Files in the root of some directories =======

2012-10-31 07:47 - 2015-02-23 09:16 - 0007616 _____ () C:\Users\thd\AppData\Local\resmon.resmoncfg
2015-01-17 13:45 - 2015-01-17 13:45 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe
2012-10-24 15:46 - 2014-01-15 16:30 - 0000372 _____ () C:\ProgramData\LastUpdate.xml
2015-01-22 14:04 - 2015-02-23 07:46 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-01-22 14:04 - 2015-02-23 07:46 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-01-22 14:04 - 2015-02-23 07:46 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe

Files to move or delete:
====================
C:\ProgramData\cryptoDrvUpdate.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe


Some content of TEMP:
====================
C:\Users\thd\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\thd\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\thd\AppData\Local\Temp\jsonparser.dll
C:\Users\thd\AppData\Local\Temp\LMkRstPt.exe
C:\Users\thd\AppData\Local\Temp\MSETUP4.EXE
C:\Users\thd\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\thd\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\thd\AppData\Local\Temp\nvStInst.exe
C:\Users\thd\AppData\Local\Temp\optprosetup.exe
C:\Users\thd\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\thd\AppData\Local\Temp\Quarantine.exe
C:\Users\thd\AppData\Local\Temp\SkypeSetup.exe
C:\Users\thd\AppData\Local\Temp\sqlite3.dll
C:\Users\thd\AppData\Local\Temp\sqlite3.exe
C:\Users\thd\AppData\Local\Temp\TB_EB0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 08:40

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by thd at 2015-03-02 15:49:49
Running from C:\Users\thd\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.3.0.6 - Finansiell ID-Teknik BID AB)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG6200 series användarregistrering (HKLM-x32\...\Canon MG6200 series användarregistrering) (Version: - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
Canon MG6200 series On-screen Manual (HKLM-x32\...\Canon MG6200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Document Express DjVu Plug-in (HKLM-x32\...\{53303FF5-6905-4E9A-8ECD-F56A911D81D4}) (Version: 6.1.33333 - Cuminas Corporation)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2725 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Data Migration Software powered by Acronis (HKLM-x32\...\{BFFC2681-5F7C-45BC-981A-277A29332678}) (Version: 13.0.14133 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version: 3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: - Intel® Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Logitech SetPoint 6.50 (HKLM\...\sp6) (Version: 6.50.152 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{9112041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.1.0 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-206814398-840138992-2035921961-1002\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision drivrutin 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA-uppdatering 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ditt företagsnamn)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TPTEST 5.0.2 (HKLM-x32\...\TPTEST5_is1) (Version: - )
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
wow search (HKLM-x32\...\wow search) (Version: 1.0.11 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

22-02-2015 07:57:01 Windows Update
22-02-2015 09:46:22 Windows Update
22-02-2015 19:00:04 Windows Säkerhetskopiering
23-02-2015 11:04:39 Installerad BankID säkerhetsprogram.
25-02-2015 10:27:59 Windows Update
01-03-2015 10:43:01 Windows Update
01-03-2015 18:50:13 Installed Microsoft Fix it 50566
01-03-2015 19:00:04 Windows Säkerhetskopiering
02-03-2015 14:19:34 Removed Java 7 Update 71
02-03-2015 14:20:10 Removed Java 7 Update 45 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08775DD7-5340-46B8-8C74-B615189591FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {0F7C64DF-54FD-4931-A320-A5B25C1FE0AE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {1379E556-5710-4105-B74C-7C7DDF37CAC6} - System32\Tasks\{A5708013-FCE1-491C-9777-FEAD4E6DB93E} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2012-05-15] (Microsoft Corporation)
Task: {274D055A-77D8-442E-A63A-0158501227BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {27996E24-A0FC-469A-8AD2-8975BB4361B8} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {29D74981-672B-4607-BFD3-5C905E757988} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for yassas.thd => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {331E53B3-FF08-4022-9D98-068C95365C93} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-16] (Lenovo)
Task: {636D2F2D-289F-4EA8-85E4-9016F18D82C8} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {689A9077-BE1D-4DAE-B82E-6FD950A85703} - System32\Tasks\{D86CC193-1CC9-430C-89BC-F5DB91BD2E53} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2012-05-15] (Microsoft Corporation)
Task: {6BBE8C43-45DB-4575-BC6D-D418A6A1BF28} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {91710117-1FA4-4277-8E31-F324BE30B0F5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic => C:\Program Files (x86)\hela\hela.exe <==== ATTENTION
Task: {AC31CE17-ABF2-4660-AF5E-1AC784F5B5D2} - System32\Tasks\{83D8579F-B8B4-429B-A47B-647ECFEB4BE4} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2012-05-15] (Microsoft Corporation)
Task: {ADF2ACCE-506C-43C8-A039-4FE72163BA1C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {AE7D2CBA-58AA-4AF2-AA10-8283BE760F95} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe <==== ATTENTION
Task: {BE927E24-B819-47A8-B2F2-1387173A5DA8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {CBA58224-B0A2-4E05-89DC-1B2DCC839E5E} - System32\Tasks\Opera scheduled Autoupdate 1425020741 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {EC155D58-B761-415E-91B1-FC10F9C0BDF0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {F0C70A52-36B6-4861-99E8-5FDA42E92966} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {F8353BEE-3129-4F19-9570-3B52678994E8} - System32\Tasks\{281F982C-A86D-4921-A2DB-1587FE6E787C} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2012-05-15] (Microsoft Corporation)
Task: {F8CE445C-CB36-4B2D-A768-0C6FA96916FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-07 14:23 - 2013-10-29 01:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-07 14:23 - 2012-05-31 17:48 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-07 14:26 - 2012-05-15 22:32 - 00095232 ____N () C:\Program Files (x86)\ThinkPad\Utilities\SV\PWMRT64V.DLL
2012-02-25 07:38 - 2012-02-25 07:38 - 00246336 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\041D\TpShocks.dll
2012-10-06 09:15 - 2012-10-06 09:15 - 01976632 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-09-07 14:22 - 2012-04-09 00:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-07 14:20 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2012-09-07 14:29 - 2012-01-17 07:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-09-07 14:27 - 2011-08-02 12:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-09-07 14:27 - 2011-08-02 12:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-09-07 14:21 - 2011-07-13 18:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2012-05-31 01:32 - 2012-05-31 01:32 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2010-11-01 10:58 - 2010-11-01 10:58 - 00028512 _____ () C:\Program Files (x86)\Intel\DataMigrationSoftware\Common\rpc_client.dll
2012-09-07 14:19 - 2012-02-21 04:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-10-24 16:28 - 2012-02-27 12:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\ProcessPrivileges.dll
2012-10-24 16:28 - 2012-02-27 12:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-10-24 16:28 - 2012-02-27 12:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Interop.TaskScheduler.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-206814398-840138992-2035921961-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\thd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.67.199.37

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administratör (S-1-5-21-206814398-840138992-2035921961-500 - Administrator - Disabled)
Gäst (S-1-5-21-206814398-840138992-2035921961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-206814398-840138992-2035921961-1003 - Limited - Enabled)
thd (S-1-5-21-206814398-840138992-2035921961-1002 - Administrator - Enabled) => C:\Users\thd
UpdatusUser (S-1-5-21-206814398-840138992-2035921961-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 03:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2015 01:08:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x55fc
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 00:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x55e4
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 00:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x42c0
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 00:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x3644
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 00:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x52c8
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 00:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x4dec
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 11:58:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x5340
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 11:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x4ee0
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3

Error: (03/02/2015 10:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
, felet uppstod i modulen med namn: LocaProxy.exe, version 0.0.0.0, tidsstämpel 0x54e7497a
Undantagskod: 0xc0000005
Felförskjutning: 0x0012b66a
Process-ID: 0x4950
Programmets starttid: 0xLocaProxy.exe0
Sökväg till program: LocaProxy.exe1
Sökväg till modul: LocaProxy.exe2
Rapport-ID: LocaProxy.exe3


System errors:
=============
Error: (03/02/2015 03:46:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten NVIDIA Update Service Daemon kunde inte startas på grund av följande fel:
%%1069

Error: (03/02/2015 03:46:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Tjänsten nvUpdatusService kunde inte logga in som .\UpdatusUser med det för närvarande konfigurerade lösenordet på grund av följande fel:
%%1330

Kontrollera att tjänsten är korrekt konfigurerad med hjälp av snapin-modulen Tjänster i MMC (Microsoft Management Console).

Error: (03/02/2015 03:45:37 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)

Error: (03/02/2015 03:44:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten SMI Helper Driver (smihlp2) kunde inte startas på grund av följande fel:
%%2

Error: (03/02/2015 03:44:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\System32\IWMSSvc.dll

Error: (03/02/2015 03:44:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\System32\IWMSSvc.dll

Error: (03/02/2015 03:44:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\System32\IWMSSvc.dll

Error: (03/02/2015 03:44:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\System32\IWMSSvc.dll

Error: (03/02/2015 03:43:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Volume Shadow Copy avslutades oväntat. Detta har skett 1 gånger.

Error: (03/02/2015 03:43:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Power Manager DBC Service avslutades oväntat. Detta har skett 1 gånger.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 03:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2015 01:08:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a55fc01d054dfa3b3baddC:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exee23527e8-c0d4-11e4-b384-028037ec0200

Error: (03/02/2015 00:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a55e401d054dd8505a1c8C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.execf24190b-c0d2-11e4-b384-028037ec0200

Error: (03/02/2015 00:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a42c001d054dc1838ce79C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exeb0a722cf-c0d0-11e4-b384-028037ec0200

Error: (03/02/2015 00:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a364401d054db5d1a2241C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exe43df3192-c0cf-11e4-b384-028037ec0200

Error: (03/02/2015 00:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a52c801d054d9d4e2796cC:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exe88b70f56-c0ce-11e4-b384-028037ec0200

Error: (03/02/2015 00:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a4dec01d054d7d3b54c6fC:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exe008496b5-c0cd-11e4-b384-028037ec0200

Error: (03/02/2015 11:58:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a534001d054d4cc358e35C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exeff517632-c0ca-11e4-b384-028037ec0200

Error: (03/02/2015 11:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a4ee001d054ce3e598a98C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exef7dc6680-c0c7-11e4-b384-028037ec0200

Error: (03/02/2015 10:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LocaProxy.exe0.0.0.054e7497aLocaProxy.exe0.0.0.054e7497ac00000050012b66a495001d054cbb7a13ac6C:\Program Files (x86)\Loca\bin\LocaProxy.exeC:\Program Files (x86)\Loca\bin\LocaProxy.exe69fdf1d9-c0c1-11e4-b384-028037ec0200


CodeIntegrity Errors:
===================================
Date: 2013-11-13 22:11:26.882
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-13 22:11:26.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-30 17:45:16.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:16.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:14.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:14.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:12.732
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:12.685
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:10.619
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-30 17:45:10.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 7915.11 MB
Available physical RAM: 5940.71 MB
Total Pagefile: 15828.39 MB
Available Pagefile: 13655.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:153.78 GB) (Free:46.9 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.4 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: B26EA2B5)
Partition 1: (Active) - (Size=510 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=153.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Adwcleaner

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe.vir a variant of Win32/Adware.Gertokr.E application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\hela\hela.exe.vir a variant of Win32/Adware.Gertokr.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Loca\uninstall.exe.vir a variant of Win32/Adware.Gertokr.G application
C:\AdwCleaner\Quarantine\C\Users\thd\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\thd\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\ProgramData\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
C:\Users\All Users\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5SC3O4D\loca_1.0.2[1].exe a variant of Win32/Adware.Gertokr.A application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5SC3O4D\loca_1.0.3[1].exe a variant of Win32/Adware.Gertokr.G application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYS0LT0S\hela_1.0.6[1] a variant of Win32/Adware.Gertokr.B application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJFH3Q6Y\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0L10H7Z\loca_1.0.0[1] a variant of Win32/Adware.Gertokr.A application
C:\Users\thd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ1CV3VU\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\thd\AppData\Local\Temp\optprosetup.exe a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\Users\thd\AppData\Local\Temp\nsf76C2.tmp\soffer.dll Win32/Soffer.A potentially unwanted application
C:\Users\thd\AppData\Local\Temp\nsiCC51.tmp\soffer.dll Win32/Soffer.A potentially unwanted application
C:\Users\thd\AppData\Local\Temp\nsxFA86.tmp\soffer.dll Win32/Soffer.A potentially unwanted application
C:\Users\thd\Downloads\Dilog\jZipSetup-r341-w-bo.exe a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cryptoDrvUpdate[1] a variant of Win32/Adware.Gertokr.E application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cryptoDrvUpdate[1] a variant of Win32/Adware.Gertokr.E application

 

Länk till kommentar
Dela på andra webbplatser

1. C:\Users\thd\Downloads\Dilog\jZipSetup-r341-w-bo.exe a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

Det där är en installationsfil som ligger i mappen "Hämtade filer" och den kommer alltså att vilja installera en toolbar under installationen.

 

 

2. Avinstallera:

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Det är gamla versioner med många kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

 

3. Nedanstående skript kommer bland annat att tömma papperskorgar och mappar för tillfälliga filer, se till att där inte finns något du vill ha kvar.

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
C:\ProgramData\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
C:\Users\All Users\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
2015-02-23 07:46 - 2015-01-22 14:04 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
Task: {6BBE8C43-45DB-4575-BC6D-D418A6A1BF28} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {91710117-1FA4-4277-8E31-F324BE30B0F5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic => C:\Program Files (x86)\hela\hela.exe <==== ATTENTION
Task: {AE7D2CBA-58AA-4AF2-AA10-8283BE760F95} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe <==== ATTENTION
C:\Program Files (x86)\EZ YouTube Video Downloader
C:\Program Files (x86)\DiskDiagnostic
C:\Program Files (x86)\hela
C:\Program Files (x86)\Loca
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
EmptyTemp:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

4. Hur fungerar datorn nu?

Länk till kommentar
Dela på andra webbplatser

Cecilia

 

För andra gången har Du löst ett elakt problem åt mig. Tack. Du är bra!

 

Mitt grundproblem är löst. Inställningen för Proxyserver under LAN-inställningar 

är avmarkerad. BankID går att ladda ner och det fungerar OK.

 

Det har ju dykt upp en del andra oönskade företeelser.

 

Dessa fyra ligger väl  i adwcleaners kärantän. Vad göra?

C:\Program Files (x86)\EZ YouTube Video Downloader" => File/Directory not found.
"C:\Program Files (x86)\DiskDiagnostic" => File/Directory not found.
"C:\Program Files (x86)\hela" => File/Directory not found.
"C:\Program Files (x86)\Loca" => File/Directory not found

 

De två första objekten i filen finns i angiven sökväg. Gertokr.E kan vara en elak

trojan, sägs det.?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by thd at 2015-03-03 09:08:52 Run:1
Running from C:\Users\thd\Desktop
Loaded Profiles: thd (Available profiles: UpdatusUser & thd)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
C:\Users\All Users\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
2015-02-23 07:46 - 2015-01-22 14:04 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-02-23 07:46 - 2015-01-22 14:04 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
Task: {6BBE8C43-45DB-4575-BC6D-D418A6A1BF28} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {91710117-1FA4-4277-8E31-F324BE30B0F5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic => C:\Program Files (x86)\hela\hela.exe <==== ATTENTION
Task: {AE7D2CBA-58AA-4AF2-AA10-8283BE760F95} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe <==== ATTENTION
C:\Program Files (x86)\EZ YouTube Video Downloader
C:\Program Files (x86)\DiskDiagnostic
C:\Program Files (x86)\hela
C:\Program Files (x86)\Loca
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application" => File/Directory not found.
"C:\Users\All Users\cryptoDrvUpdate.exe a variant of Win32/Adware.Gertokr.E application" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} => value deleted successfully.
C:\ProgramData\yvd_chrome_se.exe => Moved successfully.
C:\ProgramData\yvd_firefox_se.exe => Moved successfully.
C:\ProgramData\yvd_ie_se.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BBE8C43-45DB-4575-BC6D-D418A6A1BF28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BBE8C43-45DB-4575-BC6D-D418A6A1BF28}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\windows\DiskDiagnostic\DiskDiagnostic" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91710117-1FA4-4277-8E31-F324BE30B0F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91710117-1FA4-4277-8E31-F324BE30B0F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE7D2CBA-58AA-4AF2-AA10-8283BE760F95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7D2CBA-58AA-4AF2-AA10-8283BE760F95}" => Key deleted successfully.
C:\Windows\System32\Tasks\Loca\Loca\Loca => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Loca\Loca\Loca" => Key deleted successfully.
"C:\Program Files (x86)\EZ YouTube Video Downloader" => File/Directory not found.
"C:\Program Files (x86)\DiskDiagnostic" => File/Directory not found.
"C:\Program Files (x86)\hela" => File/Directory not found.
"C:\Program Files (x86)\Loca" => File/Directory not found.

========= ipconfig /flushdns =========


IP-konfiguration f�r Windows

DNS-matcharens cacheminne har rensats.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Winsock-katalogen har nollst�llts.
Du m�ste starta om datorn f�r att slutf�ra nollst�llningen.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

�terst�llning av Allm�n, OK!
�terst�llning av Gr�nssnitt, OK!
�terst�llning av V�g, OK!
�terst�llning av Undergr�nssnitt, OK!
Slutf�r �tg�rden genom att starta om datorn.


========= End of CMD: =========

EmptyTemp: => Removed 5.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 09:09:45 ====

Länk till kommentar
Dela på andra webbplatser

Win32/Adware.Gertokr.E

Adware = annonsprogram

Så vitt jag kan bedöma är inget som har med det att göra numera igång i datorn.

 

Under avinstallationen av AdwCleaner kommer dess karantän-mapp att tas bort.

 

Utmärkt att de fyra mapparna är borta.

 

Om du inte har några fler frågor eller kvarvarande problem är det dags att avinstallera AdwCleaner och FRST.

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...