Misstänker virus i datorn

[nokia9800]

Hej!

 

Dator var konstig före semestern så jag följde denna guiden.

 

//eforum.idg.se/topic/348370-%C3%A4r-du-infekterad-l%C3%A4s-detta/?hl=infekterad

 

Något program hittade något men kommer inte ihåg vad, datorn fungerade sedan men har blivit konstig igen.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Andreas Janson (administrator) on FUJITSU-SIEMENS on 21-07-2015 20:28:00
Running from C:\Documents and Settings\Andreas Janson\Skrivbord
Loaded Profiles: Andreas Janson (Available Profiles: Andreas Janson & Administratör)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Svenska
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program\SUPERAntiSpyware\SASCORE.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program\Tall Emu\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [soundMan] => C:\WINDOWS\SOUNDMAN.EXE [66048 2004-04-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KONICA MINOLTA magicolor 2400W STD] => C:\WINDOWS\system32\MSTMON_S.EXE [184320 2005-06-22] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [NBKeyScan] => C:\Program\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1226288 2007-05-24] (Nero AG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2010-05-12] (Intel Corporation)
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\...\Run: [sUPERAntiSpyware] => C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\...\Run: [msnmsgr] => C:\Program\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-29] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Secunia PSI Tray.lnk [2011-01-13]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program\AVAST Software\Avast\ashShell.dll [2015-05-07] (Avast Software s.r.o.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1409082233-1563985344-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> {F62A5950-5B8C-4E9A-BBE5-1599AC524E2C} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.)
BHO: Windows Live inloggningshjälpen -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273668429105
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program\Tall Emu\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-30] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7BBE9177-C682-4A7B-AEDE-BE4991868417}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\d0i747t3.default-1436983257390
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandasecurity.com/activescan -> C:\Program\Panda Security\ActiveScan 2.0\npwrapper.dll [2010-07-27] (Panda Security, S.L.)
FF Plugin: @se.nexus/Personal -> C:\Program\Personal\bin\np_prsnl.dll [2010-06-07] (Technology Nexus AB)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin2.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin3.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin4.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin5.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\8hwlssls.standard\searchplugins\google-avast.xml [2015-01-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\8hwlssls.standard\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-25]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program\AVAST Software\Avast\WebRep\FF [2014-12-01]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-18] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-07] (Avast Software s.r.o.)
S2 Bonjour Service; C:\Program\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S2 MBAMService; C:\Program\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Program\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-04-23] (Mozilla Foundation)
S3 NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [792112 2007-05-24] (Nero AG)
S2 ndassvc; C:\Program\NDAS\System\ndassvc.exe [236520 2007-06-29] (XIMETA, Inc.)
S3 NMIndexingService; C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe [271920 2007-05-29] (Nero AG)
S2 OAcat; C:\Program\Tall Emu\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
S2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [53248 2005-09-16] (Prolific Technology Inc.) [File not signed]
S2 Secunia PSI Agent; C:\Program\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
S2 Secunia Update Agent; C:\Program\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S2 SimeseServer; C:\Program\Simese\Simese.exe [899072 2009-08-19] (Mattic) [File not signed]
S2 SqueezeMySQL; C:\Program\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2010-06-01] () [File not signed]
S2 SvcOnlineArmor; C:\Program\Tall Emu\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
S3 WMPNetworkSvc; C:\Program\Windows Media Player\WMPNetwk.exe [912384 2006-11-15] (Microsoft Corporation)
S2 PCloudCleanerService; No ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [616124 2004-04-28] (Realtek Semiconductor Corp.) [File not signed]
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-04] (ADMtek Incorporated.)
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-07] ()
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-07] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-07] (Avast Software s.r.o.)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-07] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-07] (Avast Software s.r.o.)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-07-14] (Avast Software s.r.o.)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-07] (Avast Software s.r.o.)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-07] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 epp32; C:\EEK\bin\epp32.sys [112408 2015-07-14] (Emsisoft GmbH)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R0 lfsfilt; C:\WINDOWS\System32\DRIVERS\lfsfilt.sys [254440 2007-06-29] (XIMETA, Inc.)
R0 lpx; C:\WINDOWS\System32\DRIVERS\lpx.sys [62056 2007-06-29] (XIMETA, Inc.)
S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 ndasbus; C:\WINDOWS\System32\DRIVERS\ndasbus.sys [75880 2007-06-29] (XIMETA, Inc.)
S1 ndasfat; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [372584 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\WINDOWS\System32\DRIVERS\ndasscsi.sys [187368 2007-06-29] (XIMETA, Inc.)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
S1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-15] (Emsisoft)
S0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 QCMerced; C:\WINDOWS\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
S1 SASDIFSV; C:\Program\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-30] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-30] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [593408 2003-10-30] (Analog Devices, Inc.) [File not signed]
S3 TdsNordecr; C:\WINDOWS\System32\DRIVERS\nordecr.sys [23040 2007-10-30] (Todos Data System AB)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-07-16] ()
S3 VAC; C:\WINDOWS\System32\Drivers\S5L840F.sys [94829 2003-07-29] (Your Corporation) [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S4 hpt3xx; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 20:28 - 2015-07-21 20:28 - 00017967 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\FRST.txt
2015-07-21 20:26 - 2015-07-21 20:28 - 00000000 ____D C:\FRST
2015-07-21 20:26 - 2015-07-21 20:16 - 01638912 _____ (Farbar) C:\Documents and Settings\Andreas Janson\Skrivbord\FRST.exe
2015-07-15 17:29 - 2015-07-15 17:29 - 00000637 _____ C:\Documents and Settings\Administratör\Skrivbord\Start Emsisoft Emergency Kit.lnk
2015-07-15 16:50 - 2015-07-15 16:52 - 00003434 _____ C:\Documents and Settings\Administratör\Skrivbord\Rkill.txt
2015-07-15 16:48 - 2015-07-16 20:48 - 00000000 ____D C:\Documents and Settings\Administratör\Lokala inställningar\temp
2015-07-15 16:48 - 2015-07-15 21:03 - 00000000 ____D C:\Documents and Settings\Administratör\Skrivbord
2015-07-15 16:48 - 2015-07-15 19:41 - 00000192 ___SH C:\Documents and Settings\Administratör\ntuser.ini
2015-07-15 16:48 - 2015-07-15 17:29 - 00000000 ___HD C:\Documents and Settings\Administratör\Lokala inställningar
2015-07-15 16:48 - 2015-07-15 16:48 - 00000000 __SHD C:\Documents and Settings\Administratör\IETldCache
2015-07-15 16:48 - 2015-07-15 16:48 - 00000000 ____D C:\Documents and Settings\Administratör
2015-07-15 16:48 - 2010-05-14 10:20 - 00000000 ____D C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Adobe
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program\Autostart
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___HD C:\Documents and Settings\Administratör\Skrivare
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___HD C:\Documents and Settings\Administratör\Nätverket
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\Administratör\Mina dokument
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\Administratör\Favoriter
2015-07-15 16:48 - 2010-05-12 14:39 - 00001599 _____ C:\Documents and Settings\Administratör\Start-meny\Program\Fjärrhjälp.lnk
2015-07-15 16:48 - 2010-05-12 14:39 - 00000760 _____ C:\Documents and Settings\Administratör\Start-meny\Program\Windows Media Player.lnk
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 __SHD C:\Documents and Settings\Administratör\Lokala inställningar\Tidigare
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program\Tillbehör
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program
2015-07-15 16:48 - 2010-05-12 14:35 - 00000000 ___HD C:\Documents and Settings\Administratör\Mallar
2015-07-15 09:30 - 2015-07-15 19:33 - 00000000 ____D C:\AdwCleaner
2015-07-15 09:30 - 2015-07-15 09:30 - 02248704 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\adwcleaner_4.208.exe
2015-07-15 00:12 - 2015-07-15 00:12 - 00000000 ____D C:\Program\ESET
2015-07-14 22:15 - 2015-07-15 17:02 - 00000733 _____ C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 20:28 - 2012-02-12 20:04 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp
2015-07-21 20:28 - 2010-05-12 14:45 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Skrivbord
2015-07-21 20:20 - 2015-04-19 12:25 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-21 19:53 - 2010-05-12 14:47 - 01167608 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-21 19:50 - 2014-12-01 21:15 - 00000352 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-21 19:50 - 2014-03-25 20:42 - 00000240 _____ C:\WINDOWS\Tasks\Microsoft Windows XP - Inloggningsmeddelande gällande när tjänsten upphör.job
2015-07-21 19:50 - 2010-05-12 16:33 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-07-21 19:50 - 2010-05-12 16:33 - 00000050 ____C C:\WINDOWS\wiaservc.log
2015-07-21 19:49 - 2010-05-12 14:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-21 19:49 - 2001-09-07 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-16 22:20 - 2010-05-12 14:43 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-16 20:59 - 2012-02-12 20:04 - 00000000 ____D C:\Documents and Settings\LocalService\Lokala inställningar\temp
2015-07-16 20:59 - 2010-05-12 20:23 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Tracing
2015-07-16 20:52 - 2010-05-12 14:45 - 00000192 ___SH C:\Documents and Settings\Andreas Janson\ntuser.ini
2015-07-16 20:36 - 2015-05-31 08:33 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-16 03:02 - 2014-02-14 04:18 - 00015722 ____C C:\WINDOWS\KB2909921-IE8.log
2015-07-15 20:01 - 2014-12-31 10:36 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Skrivbord\Old Firefox Data
2015-07-15 17:49 - 2015-05-31 12:44 - 00000000 ____D C:\EEK
2015-07-15 17:05 - 2014-11-30 12:11 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-15 17:02 - 2014-11-30 12:10 - 00000000 ____D C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes Anti-Malware
2015-07-15 17:02 - 2014-11-30 12:09 - 00000000 ____D C:\Program\Malwarebytes Anti-Malware
2015-07-15 17:02 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\All Users\Skrivbord
2015-07-15 16:59 - 2015-05-30 22:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-15 02:41 - 2010-05-18 09:39 - 00000000 ____D C:\Program\uTorrent
2015-07-15 00:12 - 2010-05-12 16:26 - 00000000 ____D C:\Program
2015-07-14 22:08 - 2015-05-31 08:30 - 18070088 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\RogueKiller.exe
2015-07-14 22:04 - 2015-05-30 22:14 - 00003434 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\Rkill.txt
2015-07-14 21:33 - 2010-05-22 22:21 - 00000000 ____D C:\Program\SUPERAntiSpyware
2015-07-14 20:41 - 2014-12-01 21:11 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-14 20:24 - 2015-06-02 22:20 - 00000000 ____D C:\Program\Mozilla Firefox
2015-07-14 20:24 - 2015-05-15 19:09 - 00000000 ____D C:\Program\Mozilla Firefox.bak
2015-07-14 20:22 - 2015-05-16 20:17 - 00000000 _____ C:\Program\moz_update_in_progress.lock
2015-07-14 20:16 - 2014-03-25 20:42 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP - Månatligt meddelande gällande när tjänsten upphör.job
2015-07-03 08:49 - 2010-05-12 15:33 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-16 20:17 - 2015-07-14 20:22 - 0000000 _____ () C:\Program\moz_update_in_progress.lock
2011-05-25 21:20 - 2015-04-18 07:32 - 0000000 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\ars.cache
2011-05-25 21:20 - 2015-04-18 07:33 - 0582793 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\census.cache
2013-11-13 20:32 - 2013-11-13 20:32 - 0000664 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\d3d9caps.tmp
2010-05-15 09:26 - 2014-05-31 23:12 - 0160256 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-25 09:59 - 2010-05-25 09:59 - 0000036 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\housecall.guid.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

[Cecilia]

Hej!

 

Kan du beskriva på vilket sätt datorn var och är konstig?

[nokia9800]

När jag har startat den och ska öppna Firefox eller något annat program så låser sig datorn och cpu visar 100% i aktivitetshanteraren, startar jag den i felsäkert läge verkar den fungera normalt.

Den fungerade ett tag efter att jag följde guiden som jag länkade till, jag har varit bortrest och skulle prova den när jag kommit hem och då fungerar den inte som den ska igen.

[Cecilia]

Vilken process är det som använder CPU:n enligt fliken Processer i Aktivitetshanteraren?

 

Jag tror inte en dator mår så bra av så många säkerhetsprogram igång samtidigt, risk för konflikter:

(SUPERAntiSpyware.com) C:\Program\SUPERAntiSpyware\SASCORE.EXE

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program\Tall Emu\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)

HKLM\...\Run: [AvastUI.exe] => C:\Program\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)

S2 MBAMService; C:\Program\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)

S1 epp32; C:\EEK\bin\epp32.sys [112408 2015-07-14] (Emsisoft GmbH)

[nokia9800]

AvastSvc.exe 99%

 

Ska något säkerhetsprogram avinstalleras?

[Cecilia]

Avinstallera alla och kör motsvarande särskilda borttagningsprogram. Googla t ex på "Avast uninstallation" för att hitta dem. När alla är helt borta och datorn omstartad kan du installera ett antivirusprogram, Malwarebytes Anti-Malware och en brandvägg.

[nokia9800]

Nu har jag avinstallerat alla, men jag hittar bara särskilt borttagningsprogram för Avast och SuperAntiSpyware.

[Cecilia]

Panda: http://www.pandasecurity.com/sweden/homeusers/support/card?id=55509

Emsisoft Emergency Kit: http://support.emsisoft.com/topic/12064-how-to-uninstall-emsisoft-emergency-kit/?do=findComment&comment=84112

 

Gör en ny FRST.txt och kolla i den om du hittar rester av de olika programmen.

[nokia9800]

Ser det bättre ut nu?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Andreas Janson (administrator) on FUJITSU-SIEMENS on 23-07-2015 00:27:53
Running from C:\Documents and Settings\Andreas Janson\Skrivbord
Loaded Profiles: Andreas Janson (Available Profiles: Andreas Janson & Administratör)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Svenska
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program\Tall Emu\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program\Tall Emu\Online Armor\OAsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Apple Inc.) C:\Program\Bonjour\mDNSResponder.exe
(XIMETA, Inc.) C:\Program\NDAS\System\ndassvc.exe
(Secunia) C:\Program\Secunia\PSI\psia.exe
(Secunia) C:\Program\Secunia\PSI\sua.exe
() C:\Program\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Emsisoft GmbH) C:\Program\Tall Emu\Online Armor\OAui.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Emsisoft GmbH) C:\Program\Tall Emu\Online Armor\OAhlp.exe
(Samsung Electronics Co., Ltd.) C:\Program\Samsung\Kies\KiesTrayAgent.exe
(Nero AG) C:\Program\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
(Microsoft Corporation) C:\Program\Windows Live\Messenger\msnmsgr.exe
(Nero AG) C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
(Secunia) C:\Program\Secunia\PSI\psi_tray.exe
(Nero AG) C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program\Tall Emu\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [soundMan] => C:\WINDOWS\SOUNDMAN.EXE [66048 2004-04-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KONICA MINOLTA magicolor 2400W STD] => C:\WINDOWS\system32\MSTMON_S.EXE [184320 2005-06-22] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [NBKeyScan] => C:\Program\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1226288 2007-05-24] (Nero AG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2010-05-12] (Intel Corporation)
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\...\Run: [msnmsgr] => C:\Program\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-29] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Secunia PSI Tray.lnk [2011-01-13]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1409082233-1563985344-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1409082233-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409082233-1563985344-725345543-1004 -> {F62A5950-5B8C-4E9A-BBE5-1599AC524E2C} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Windows Live inloggningshjälpen -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273668429105
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program\Tall Emu\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
Winsock: Catalog5 04 C:\Program\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7BBE9177-C682-4A7B-AEDE-BE4991868417}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\d0i747t3.default-1436983257390
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @se.nexus/Personal -> C:\Program\Personal\bin\np_prsnl.dll [2010-06-07] (Technology Nexus AB)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin2.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin3.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin4.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npqtplugin5.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\8hwlssls.standard\searchplugins\google-avast.xml [2015-01-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Andreas Janson\Application Data\Mozilla\Firefox\Profiles\8hwlssls.standard\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-25]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S3 MozillaMaintenance; C:\Program\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-04-23] (Mozilla Foundation)
S3 NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [792112 2007-05-24] (Nero AG)
R2 ndassvc; C:\Program\NDAS\System\ndassvc.exe [236520 2007-06-29] (XIMETA, Inc.)
R3 NMIndexingService; C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe [271920 2007-05-29] (Nero AG)
R2 OAcat; C:\Program\Tall Emu\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
S2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [53248 2005-09-16] (Prolific Technology Inc.) [File not signed]
R2 Secunia PSI Agent; C:\Program\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S2 SimeseServer; C:\Program\Simese\Simese.exe [899072 2009-08-19] (Mattic) [File not signed]
R2 SqueezeMySQL; C:\Program\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe [4149248 2010-06-01] () [File not signed]
R2 SvcOnlineArmor; C:\Program\Tall Emu\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
S3 WMPNetworkSvc; C:\Program\Windows Media Player\WMPNetwk.exe [912384 2006-11-15] (Microsoft Corporation)
S2 PCloudCleanerService; No ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [616124 2004-04-28] (Realtek Semiconductor Corp.) [File not signed]
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-04] (ADMtek Incorporated.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R0 lfsfilt; C:\WINDOWS\System32\DRIVERS\lfsfilt.sys [254440 2007-06-29] (XIMETA, Inc.)
R0 lpx; C:\WINDOWS\System32\DRIVERS\lpx.sys [62056 2007-06-29] (XIMETA, Inc.)
S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
R3 ndasbus; C:\WINDOWS\System32\DRIVERS\ndasbus.sys [75880 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [372584 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\WINDOWS\System32\DRIVERS\ndasscsi.sys [187368 2007-06-29] (XIMETA, Inc.)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-15] (Emsisoft)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 QCMerced; C:\WINDOWS\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [593408 2003-10-30] (Analog Devices, Inc.) [File not signed]
S3 TdsNordecr; C:\WINDOWS\System32\DRIVERS\nordecr.sys [23040 2007-10-30] (Todos Data System AB)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-07-16] ()
S3 VAC; C:\WINDOWS\System32\Drivers\S5L840F.sys [94829 2003-07-29] (Your Corporation) [File not signed]
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S4 hpt3xx; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 00:15 - 2015-07-23 00:17 - 00000000 ____D C:\SMCLpav
2015-07-22 23:38 - 2015-07-22 23:39 - 00000000 ____D C:\Program\AVAST Software
2015-07-21 20:29 - 2015-07-21 20:30 - 00063634 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\Addition.txt
2015-07-21 20:28 - 2015-07-23 00:28 - 00016329 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\FRST.txt
2015-07-21 20:26 - 2015-07-23 00:27 - 00000000 ____D C:\FRST
2015-07-21 20:26 - 2015-07-21 20:16 - 01638912 _____ (Farbar) C:\Documents and Settings\Andreas Janson\Skrivbord\FRST.exe
2015-07-15 17:29 - 2015-07-15 17:29 - 00000637 _____ C:\Documents and Settings\Administratör\Skrivbord\Start Emsisoft Emergency Kit.lnk
2015-07-15 16:50 - 2015-07-15 16:52 - 00003434 _____ C:\Documents and Settings\Administratör\Skrivbord\Rkill.txt
2015-07-15 16:48 - 2015-07-16 20:48 - 00000000 ____D C:\Documents and Settings\Administratör\Lokala inställningar\temp
2015-07-15 16:48 - 2015-07-15 21:03 - 00000000 ____D C:\Documents and Settings\Administratör\Skrivbord
2015-07-15 16:48 - 2015-07-15 19:41 - 00000192 ___SH C:\Documents and Settings\Administratör\ntuser.ini
2015-07-15 16:48 - 2015-07-15 17:29 - 00000000 ___HD C:\Documents and Settings\Administratör\Lokala inställningar
2015-07-15 16:48 - 2015-07-15 16:48 - 00000000 __SHD C:\Documents and Settings\Administratör\IETldCache
2015-07-15 16:48 - 2015-07-15 16:48 - 00000000 ____D C:\Documents and Settings\Administratör
2015-07-15 16:48 - 2010-05-14 10:20 - 00000000 ____D C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Adobe
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program\Autostart
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___HD C:\Documents and Settings\Administratör\Skrivare
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ___HD C:\Documents and Settings\Administratör\Nätverket
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\Administratör\Mina dokument
2015-07-15 16:48 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\Administratör\Favoriter
2015-07-15 16:48 - 2010-05-12 14:39 - 00001599 _____ C:\Documents and Settings\Administratör\Start-meny\Program\Fjärrhjälp.lnk
2015-07-15 16:48 - 2010-05-12 14:39 - 00000760 _____ C:\Documents and Settings\Administratör\Start-meny\Program\Windows Media Player.lnk
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 __SHD C:\Documents and Settings\Administratör\Lokala inställningar\Tidigare
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program\Tillbehör
2015-07-15 16:48 - 2010-05-12 14:39 - 00000000 ___RD C:\Documents and Settings\Administratör\Start-meny\Program
2015-07-15 16:48 - 2010-05-12 14:35 - 00000000 ___HD C:\Documents and Settings\Administratör\Mallar
2015-07-15 09:30 - 2015-07-15 19:33 - 00000000 ____D C:\AdwCleaner
2015-07-15 09:30 - 2015-07-15 09:30 - 02248704 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\adwcleaner_4.208.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 00:28 - 2012-02-12 20:04 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp
2015-07-23 00:25 - 2010-05-12 20:23 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Tracing
2015-07-23 00:25 - 2010-05-12 14:47 - 01209981 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-23 00:24 - 2014-03-25 20:42 - 00000240 _____ C:\WINDOWS\Tasks\Microsoft Windows XP - Inloggningsmeddelande gällande när tjänsten upphör.job
2015-07-23 00:24 - 2010-05-12 16:33 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-07-23 00:24 - 2010-05-12 16:33 - 00000050 ____C C:\WINDOWS\wiaservc.log
2015-07-23 00:24 - 2010-05-12 14:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-23 00:23 - 2010-05-12 14:45 - 00000192 ___SH C:\Documents and Settings\Andreas Janson\ntuser.ini
2015-07-23 00:23 - 2010-05-12 14:43 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-23 00:20 - 2015-04-19 12:25 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-22 23:46 - 2010-05-12 16:26 - 00000000 ____D C:\Program
2015-07-22 23:36 - 2010-05-12 16:25 - 00000327 ___SH C:\boot.ini
2015-07-22 23:28 - 2010-05-12 14:45 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Skrivbord
2015-07-22 23:21 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\All Users\Start-meny\Program
2015-07-22 23:20 - 2010-05-12 14:45 - 00000000 ____D C:\Documents and Settings\Andreas Janson
2015-07-22 23:15 - 2010-05-12 16:26 - 00000000 ____D C:\Program\Delade filer
2015-07-22 23:13 - 2010-05-12 17:25 - 00000000 ____D C:\Program\Panda Security
2015-07-22 23:12 - 2010-05-12 16:26 - 00000000 ____D C:\Documents and Settings\All Users\Skrivbord
2015-07-21 19:49 - 2001-09-07 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-16 20:59 - 2012-02-12 20:04 - 00000000 ____D C:\Documents and Settings\LocalService\Lokala inställningar\temp
2015-07-16 20:36 - 2015-05-31 08:33 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-16 03:02 - 2014-02-14 04:18 - 00015722 ____C C:\WINDOWS\KB2909921-IE8.log
2015-07-15 20:01 - 2014-12-31 10:36 - 00000000 ____D C:\Documents and Settings\Andreas Janson\Skrivbord\Old Firefox Data
2015-07-15 16:59 - 2015-05-30 22:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-15 02:41 - 2010-05-18 09:39 - 00000000 ____D C:\Program\uTorrent
2015-07-14 22:08 - 2015-05-31 08:30 - 18070088 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\RogueKiller.exe
2015-07-14 22:04 - 2015-05-30 22:14 - 00003434 _____ C:\Documents and Settings\Andreas Janson\Skrivbord\Rkill.txt
2015-07-14 20:24 - 2015-06-02 22:20 - 00000000 ____D C:\Program\Mozilla Firefox
2015-07-14 20:24 - 2015-05-15 19:09 - 00000000 ____D C:\Program\Mozilla Firefox.bak
2015-07-14 20:22 - 2015-05-16 20:17 - 00000000 _____ C:\Program\moz_update_in_progress.lock
2015-07-14 20:16 - 2014-03-25 20:42 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP - Månatligt meddelande gällande när tjänsten upphör.job
2015-07-03 08:49 - 2010-05-12 15:33 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-16 20:17 - 2015-07-14 20:22 - 0000000 _____ () C:\Program\moz_update_in_progress.lock
2011-05-25 21:20 - 2015-04-18 07:32 - 0000000 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\ars.cache
2011-05-25 21:20 - 2015-04-18 07:33 - 0582793 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\census.cache
2013-11-13 20:32 - 2013-11-13 20:32 - 0000664 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\d3d9caps.tmp
2010-05-15 09:26 - 2014-05-31 23:12 - 0160256 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-25 09:59 - 2010-05-25 09:59 - 0000036 ____C () C:\Documents and Settings\Andreas Janson\Lokala inställningar\Application Data\housecall.guid.cache

Some files in TEMP:
====================
C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp\aqbarqcr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

[Cecilia]

Det finns lite rester kvar, så för att ta bort dem starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Group Policy detected <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 PCloudCleanerService; No ImagePath
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
2015-07-22 23:38 - 2015-07-22 23:39 - 00000000 ____D C:\Program\AVAST Software
2015-07-22 23:13 - 2010-05-12 17:25 - 00000000 ____D C:\Program\Panda Security
C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp\aqbarqcr.exe
Reboot:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

[nokia9800]

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Andreas Janson at 2015-07-23 08:54:42 Run:1
Running from C:\Documents and Settings\Andreas Janson\Skrivbord
Loaded Profiles: Andreas Janson (Available Profiles: Andreas Janson & Administratör)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Group Policy detected <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 PCloudCleanerService; No ImagePath
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
2015-07-22 23:38 - 2015-07-22 23:39 - 00000000 ____D C:\Program\AVAST Software
2015-07-22 23:13 - 2010-05-12 17:25 - 00000000 ____D C:\Program\Panda Security
C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp\aqbarqcr.exe
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
PCloudCleanerService => Service removed successfully.
epp32 => Service removed successfully.
C:\Program\AVAST Software => moved successfully.
C:\Program\Panda Security => moved successfully.
C:\Documents and Settings\Andreas Janson\Lokala inställningar\temp\aqbarqcr.exe => moved successfully.


The system needed a reboot.

==== End of Fixlog 08:55:16 ====

[Cecilia]

Bra!

Då kan du installera ett antivirusprogram.

[nokia9800]

Ok, Avast eller vad rekommenderar du?

[Cecilia]

Om du vill ha ett gratis antivirusprogram verkar Avast, AVG och Avira vara rätt lika i tester, sett över lång tid.