Adrian har skadeprogram på datorn..

[cybertears]

Adrian har fått in skit i datorn och det som jag kan läsa av loggarna från FRST är att:

 

1. Han verkar ha två antivirusprogram installerat i datorn.
   Det verkar som om att 
   MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
   MSCONFIG\startupreg: BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe bara är två registerfiler.
    
2. Gammal version av java
3. GearDrvs tror jag ska avinstalleras
4. Dll-Files Fixer vet jag inte om det är ett skadeprogram eller om det är okej.

​AnyProtectEx är rekommenderad att att han ska avinstallera.

 

Detta tror jag kan tas bort med frst:

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}


HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {0633EE93-D77
6-472f-A0FF-E1416B8B2E3A} URL = http://www.luckysearches.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&ts=1429973472&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.luckysearches.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&ts=1429973472&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.luckysearches.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&ts=1429973472&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {8AEE309A-D8C8-4DCD-8A38-FCC9A42A4014} URL = http://www.luckysearches.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&ts=1429973472&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1604462049-2382875770-1229168442-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.luckysearches.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&ts=1429973472&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

http://www.luckysearches.com/?type=sc&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

Sen vet jag inte om mer kommer behövas avinstalleras / tas bort med FRST.

Jag har bett honom köra Adwcleaner och inväntar loggar.

FRST.txt

Addition.txt

[cybertears]

Här är loggen från vad Adwcleaner har hittat:

 

# AdwCleaner v4.204 - Logfile created 15/05/2015 at 18:59:42
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : adrian - ADRIAN-PC
# Running from : C:\Users\adrian\Downloads\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****

Service Found : IHProtect Service
Service Found : innfd_1_10_0_14

***** [ Files / Folders ] *****

File Found : C:\prefs.js
File Found : C:\Users\adrian\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
File Found : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Found : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Found : C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Folder Found : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\ShoppingChip
Folder Found : C:\Program Files (x86)\ShoppingChip
Folder Found : C:\Program Files (x86)\snipsmart
Folder Found : C:\Program Files (x86)\XTab
Folder Found : C:\ProgramData\{1481f9e4-567e-35cc-1481-1f9e4567e791}
Folder Found : C:\ProgramData\a9f3a2ac00006624
Folder Found : C:\ProgramData\def87410717f223d
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\PriceMeterLiveUpdate
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Crossbrowse
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\03D40274-1429980028-05B6-FD06-540700080009
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\globalUpdate
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\adrian\AppData\Local\SmartWeb
Folder Found : C:\Users\adrian\AppData\Local\Temp\OCS
Folder Found : C:\Users\adrian\AppData\Local\Temp\snipsmart
Folder Found : C:\Users\adrian\AppData\LocalLow\SmartWeb
Folder Found : C:\Users\adrian\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\adrian\AppData\Roaming\dll-files.com
Folder Found : C:\Users\adrian\AppData\Roaming\DriverCure
Folder Found : C:\Users\adrian\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\adrian\AppData\Roaming\Systweak
Folder Found : C:\Users\adrian\Documents\DCSCMIN
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Crossbrowse
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok

***** [ Scheduled tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
Task Found : DLL-Files.Com Fixer_MONTHLY
Task Found : DLL-Files.Com Fixer_Updates
Task Found : RDReminder
Task Found : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.luckysearches.com/?type=sc&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\dll-files.com
Key Found : HKCU\Software\GetPrivate
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\HomeTab
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8AEE309A-D8C8-4DCD-8A38-FCC9A42A4014}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SearchProtectWS
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WajIntEnhance
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Appscion
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKCU\Software\dll-files.com
Key Found : [x64] HKCU\Software\GetPrivate
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\HomeTab
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8AEE309A-D8C8-4DCD-8A38-FCC9A42A4014}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\SearchProtectWS
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TNT2
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\WajIntEnhance
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\754c0721-a372-4e1d-2309-7d6ab30c695b
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\dll-files.com
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\luckysearchesSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dll-Files Fixer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\MyBestOffersToday
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\WajIntEnhance
Key Found : HKLM\SOFTWARE\WS.Booster
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [smartWeb]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429973424&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

-\\ Google Chrome v42.0.2311.152

[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=1091&r=2014/07/08&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

-\\ Chromium v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [28684 bytes] - [15/05/2015 18:59:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28744 bytes] ##########

 

Vad den har tagit bort:

# AdwCleaner v4.204 - Logfile created 15/05/2015 at 19:01:15
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : adrian - ADRIAN-PC
# Running from : C:\Users\adrian\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : IHProtect Service
[#] Service Deleted : innfd_1_10_0_14

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\a9f3a2ac00006624
Folder Deleted : C:\ProgramData\def87410717f223d
Folder Deleted : C:\ProgramData\{1481f9e4-567e-35cc-1481-1f9e4567e791}
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\snipsmart
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\ShoppingChip
Folder Deleted : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Deleted : C:\Users\adrian\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\adrian\AppData\Local\Temp\snipsmart
Folder Deleted : C:\Users\Administrator\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\adrian\AppData\Local\globalUpdate
Folder Deleted : C:\Users\adrian\AppData\Local\SmartWeb
Folder Deleted : C:\Users\adrian\AppData\Local\03D40274-1429980028-05B6-FD06-540700080009
Folder Deleted : C:\Users\adrian\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\adrian\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\adrian\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\adrian\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\adrian\AppData\Roaming\Systweak
Folder Deleted : C:\Users\adrian\AppData\Roaming\dll-files.com
Folder Deleted : C:\Users\adrian\Documents\DCSCMIN
Folder Deleted : C:\Users\Guest\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olklehkoahocdankdbbkaopplmjacfok
File Deleted : C:\prefs.js
File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\Users\adrian\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
File Deleted : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Deleted : C:\Users\adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Deleted : C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : ASP
Task Deleted : DLL-Files.Com Fixer_MONTHLY
Task Deleted : DLL-Files.Com Fixer_Updates
Task Deleted : RDReminder
Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [smartWeb]
Key Deleted : HKLM\SOFTWARE\754c0721-a372-4e1d-2309-7d6ab30c695b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8AEE309A-D8C8-4DCD-8A38-FCC9A42A4014}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\GetPrivate
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\dll-files.com
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\WS.Booster
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\luckysearchesSoftware
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dll-Files Fixer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Google Chrome v42.0.2311.152

[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=1091&r=2014/07/08&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.luckysearches.com/web/?type=dspp&ts=1429973467&from=cmi&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

-\\ Chromium v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [28940 bytes] - [15/05/2015 18:59:42]
AdwCleaner[s0].txt - [19386 bytes] - [15/05/2015 19:01:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19446  bytes] ##########

[Cecilia]

1.

CHR dev: Chrome dev build detected! <======= ATTENTION

Innebär att man får in versioner av Chrome som är avsedda för utvecklare och testare. De har lägre säkerhet.

Man måste avinstallera Chrome och då välja att ta bort även inställningar mm, starta om datorn och installera Chrome igen för att få tillbaks endast färdiga versioner med normal säkerhet.

 

2. Avinstallera alla Java-versioner.

 

3. Gör ovanstående och kör sen FRST, så får vi se vad som återstår i de nya loggarna.

 

4.

255.255.255.255    easyanticheat.se    # misleading site
255.255.255.255    www.easyanticheat.se    # misleading site
255.255.255.255    easyanticheat.com    # misleading site
255.255.255.255    www.easyanticheat.com    # misleading site
255.255.255.255    easyanticheat.info    # misleading site
255.255.255.255    www.easyanticheat.info    # misleading site
255.255.255.255    easyanticheat.org    # misleading site
255.255.255.255    www.easyanticheat.org    # misleading site

Känner du till ovanstående?

[cybertears]

Det ligger i hosts filen

 

==================== Hosts content: ==========================

 

Det är bara för att han har crackade program o.s.v

 

Jag har gjort så gott jag kan.

 

Här kommer nya loggar.

 

Det jag undrar över är om man ska ta bort följande med FRST:

 

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

 

c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe

 

C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
RemoveDirectory: C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll

 

 

FRST.txt

Addition.txt

[Cecilia]

1. Börja med Norton Removal Tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

 

Men jag hittar inte något motsvarande för Bullguard så det får tas bort med FRST.

 

 

2. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [mbot_se_102] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-25]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{1481f9e4-567e-35cc-1481-1f9e4567e791}\hqghumeaylnlf.exe (No File)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7489\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [Not Found]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-04-25 17:49 - 2015-04-25 17:49 - 0628688 _____ (CMI Limited) C:\Users\adrian\AppData\Local\nsb31CA.tmp
2015-04-25 16:39 - 2015-04-25 16:39 - 0260876 _____ (VuuPC Limited) C:\Users\adrian\AppData\Local\nsgC5F.tmp
2015-04-25 16:53 - 2015-04-25 16:53 - 0613255 _____ (CMI Limited) C:\Users\adrian\AppData\Local\nsqEF6A.tmp
Task: {E5F7F4F2-BC8F-4070-A771-F6552E2E7A8A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe
Task: {EDA4E717-F0E4-48FB-8037-506E947B1B08} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3
EmptyTemp:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

3. Kolla vad Esets skanner säger om datorn.

[cybertears]

Det fixar jag.

 

Jag fick detta från Eset:

 

C:\Program Files (x86)\Assetto Corsa\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\Program Files (x86)\Assetto Corsa\launcher\support\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\Program Files (x86)\watch dogs\Watch Dogs\bin\Watch_Dogs.exe Win64/HackTool.Crack.A potentially unsafe application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\adrian\AppData\Local\nsb31CA.tmp Win32/AnyProtect.G potentially unwanted application
C:\Users\adrian\AppData\Local\nsqEF6A.tmp Win32/AnyProtect.G potentially unwanted application
C:\Users\adrian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\adrian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\adrian\AppData\Roaming\03D40274-1429972622-05B6-FD06-540700080009\vnsf572E.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\Users\adrian\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\adrian\Downloads\DERBI SENDA XTREME 50 R user guide provided through pdfretriever.com.exe a variant of Win32/GetNow.I potentially unwanted application
C:\Users\adrian\Downloads\dffsetup-xlive.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\adrian\Downloads\FreeMouseAutoClickerSetup.exe Win32/InstallMonetizer.AF potentially unwanted application
C:\Users\adrian\Downloads\loic.v1.1.1.25.zip a variant of MSIL/HackTool.LOIC.AB potentially unsafe application
C:\Users\adrian\Downloads\windows-movie-maker.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
C:\Users\adrian\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.3(v1.0.335.2).and.Crack.v4-3DM\3DMGAME-Grand.Theft.Auto.V.Update.3(v1.0.335.2).and.Crack.v4-3DM.7z a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\adrian\Downloads\Dirt.3-SKIDROW\sr-dirt3.iso Win32/HackTool.Crack.O potentially unsafe application
C:\Users\adrian\Downloads\F1.2014-RELOADED\rld-f12014.iso Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\adrian\Downloads\Farming Simulator 2013 Titanium Edition\Farming Simulator 2013 TE.iso Win32/Packed.Autoit.E.Gen potentially unwanted application
C:\Users\adrian\Downloads\GMT-MAX.ORG_Grand_Theft_Auto_V_CrackFIX_v.4.0+Patch_3\Crack\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\adrian\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\content.js JS/Chromex.Agent.L trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfomhkcajedgjbfakneboglfelmbcpnd\2.1\MCu_W1aoqV.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jjnhbphkjjkbnggifjkokekddfmpipmk\2.1\Q9a.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\199\TmbqF5NM6QCU.js JS/Kryptik.ATB trojan

[cybertears]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by adrian at 2015-05-16 00:37:05 Run:3
Running from C:\Users\adrian\Desktop\frst64 mapp
Loaded Profiles: adrian (Available profiles: adrian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [mbot_se_102] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-25]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{1481f9e4-567e-35cc-1481-1f9e4567e791}\hqghumeaylnlf.exe (No File)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7489\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [Not Found]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-04-25 17:49 - 2015-04-25 17:49 - 0628688 _____ (CMI Limited) C:\Users\adrian\AppData\Local\nsb31CA.tmp
2015-04-25 16:39 - 2015-04-25 16:39 - 0260876 _____ (VuuPC Limited) C:\Users\adrian\AppData\Local\nsgC5F.tmp
2015-04-25 16:53 - 2015-04-25 16:53 - 0613255 _____ (CMI Limited) C:\Users\adrian\AppData\Local\nsqEF6A.tmp
Task: {E5F7F4F2-BC8F-4070-A771-F6552E2E7A8A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe
Task: {EDA4E717-F0E4-48FB-8037-506E947B1B08} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_se_102 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully.
C:\Users\adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
C:\ProgramData\{1481f9e4-567e-35cc-1481-1f9e4567e791}\hqghumeaylnlf.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7489\ff not found.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff not found.
MBAMSwissArmy => Service deleted successfully.
C:\Users\adrian\AppData\Local\nsb31CA.tmp => Moved successfully.
C:\Users\adrian\AppData\Local\nsgC5F.tmp => Moved successfully.
C:\Users\adrian\AppData\Local\nsqEF6A.tmp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5F7F4F2-BC8F-4070-A771-F6552E2E7A8A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F7F4F2-BC8F-4070-A771-F6552E2E7A8A}" => Key Deleted successfully.
C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Analyzer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDA4E717-F0E4-48FB-8037-506E947B1B08}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA4E717-F0E4-48FB-8037-506E947B1B08}" => Key Deleted successfully.
C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor" => Key deleted successfully.
C:\ProgramData\TEMP => ":FB6A21E3" ADS removed successfully.
EmptyTemp: => Removed 346.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 00:37:25 ====

[Cecilia]

Du kan gå igenom Esets lista och ta bort de filerna/mapparna, men du får väl prata med Adrian med tanke på alla crackade program. De är riskfyllda. Jag antar att Adrian inte vill ha sina spelkonton mm hackade vilket kan hända med cracks.

 

Du vet ju hur du avinstallerar AdwCleaner och FRST så det behöver jag ju inte skriva

[cybertears]

Du kan gå igenom Esets lista och ta bort de filerna/mapparna, men du får väl prata med Adrian med tanke på alla crackade program. De är riskfyllda. Jag antar att Adrian inte vill ha sina spelkonton mm hackade vilket kan hända med cracks.

 

Du vet ju hur du avinstallerar AdwCleaner och FRST så det behöver jag ju inte skriva

Nä, jag får säga till honom det, på det viset är det risk för virusangrepp också eftersom att man inte vet 100 vad programmen faktiskt gör.

 

Tack för hjälpen Cecilia! Jag har lärt mig mycket tack vare dig