Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Rensa datorn från spy och antispy

gest

Startad av gest,
i Virus, skadliga program & botemedel

Rekommendera Poster

gest

gest

Postad
Postad

Hej
Vi har försökt lägga in F-Safe på en stationär dator med Windows 10, men rester av gamla  spy- / antispy-filer i datorn gör att installationen måste avbrytas. En scanning med FRST  gav nedanstående resp. bifogad log. Vad kan vi ta bort och hur gör vi det?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by Admin (administrator) on ERIK-HP (30-11-2016 18:11:14)
Running from C:\Users\Admin.Erik-HP.000\Downloads
Loaded Profiles: Admin (Available Profiles: Erik & Admin & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [25256 2016-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\...\RunOnce: [uninstall C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\...\RunOnce: [uninstall C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{825c8548-eb17-4b6f-b43c-5291f0d02690}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRfkQDtrr9xPjLF5pmsN2tbKcmtQvCO6C6YyjO6q1wJLnhJCx_G7DFGWRFa1oJ2Hc5DVgv9Yw6HbUn8Q0z23YA,&q={searchTerms}
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRfkQDtrr9xPjLF5pmsN2tbKcmtQvCO6C6YyjO6q1wJLnhJCx_G7DFGWRFa1oJ2Hc5DVgv9Yw6HbUn8Q0z23YA,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRfkQDtrr9xPjLF5pmsN2tbKcmtQvCO6C6YyjO6q1wJLnhJCx_G7DFGWRFa1oJ2Hc5DVgv9Yw6HbUn8Q0z23YA,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default [2016-11-30]
FF NewTab: Mozilla\Firefox\Profiles\96pmbcrn.default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRVLkTEIPAlDSLPpPo-klRhj9AvSoSvI9Sz1DDM3B3g434TIoOv7IqcTEhCf9U0cCmu1mXa5yGC_fg152QRCT8,
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF Homepage: Mozilla\Firefox\Profiles\96pmbcrn.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\96pmbcrn.default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRfkQDtrr9xPjLF5pmsN2tbKcmtQvCO6C6YyjO6q1wJLnhJCx_G7DFGWRFa1oJ2Hc5DVgv9Yw6HbUn8Q0z23YA,&q=
FF Extension: (SafeFinder Smartbar) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} [2014-09-25] [not signed]
FF Extension: (Site Counselor) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-25] [not signed]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-03-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2013-02-12] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-09-12] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [157144 2016-10-12] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [157144 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [33896 2016-11-23] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ardrv; C:\ProgramData\F-Secure\sidegrade\ardrv.sys [15576 2016-11-30] (OPSWAT, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [23640 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [44816 2016-08-25] (CrystalIdea Software)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-03] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Tdsshbecr; C:\WINDOWS\system32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 18:11 - 2016-11-30 18:11 - 00018606 _____ C:\Users\Admin.Erik-HP.000\Downloads\FRST.txt
2016-11-30 18:10 - 2016-11-30 18:11 - 00000000 ____D C:\FRST
2016-11-30 18:10 - 2016-11-30 18:10 - 02411520 _____ (Farbar) C:\Users\Admin.Erik-HP.000\Downloads\FRST64.exe
2016-11-30 18:10 - 2016-11-30 18:10 - 00000000 ____D C:\Users\Admin.Erik-HP.000\Downloads\FRST-OlderVersion
2016-11-30 18:03 - 2016-11-30 12:38 - 02411520 _____ (Farbar) C:\Users\Erik\Downloads\FRST64(1).exe
2016-11-30 13:34 - 2016-11-30 18:06 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-11-30 13:34 - 2016-11-30 13:34 - 00001290 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-11-30 13:28 - 2016-11-30 13:28 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\Skype
2016-11-30 11:55 - 2016-11-30 11:55 - 00000000 ____D C:\Users\Erik\AppData\Local\{04EF3817-10B0-4D22-8168-7DAF5D77F581}
2016-11-30 11:46 - 2016-10-17 11:18 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-11-30 11:45 - 2016-10-17 11:18 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-11-30 11:45 - 2016-10-17 11:18 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-11-30 11:45 - 2016-10-17 11:18 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-11-30 11:45 - 2016-10-17 11:18 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-11-30 00:31 - 2016-11-30 00:31 - 00003068 _____ C:\WINDOWS\System32\Tasks\RunUninstallTool_SkipUac
2016-11-30 00:31 - 2016-11-30 00:31 - 00001165 _____ C:\Users\Admin.Erik-HP.000\Desktop\Uninstall Tool.lnk
2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\CrystalIdea Software
2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\Program Files (x86)\Uninstall Tool
2016-11-30 00:31 - 2016-08-25 14:14 - 00044816 _____ (CrystalIdea Software) C:\WINDOWS\system32\Drivers\CisUtMonitor.sys
2016-11-29 21:47 - 2016-11-29 21:50 - 00866272 _____ (F-Secure Corporation) C:\Users\Erik\Downloads\F-Secure-Safe-Network-Installer.exe
2016-11-29 21:22 - 2016-11-30 13:50 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\LocalLow\Mozilla
2016-11-29 20:08 - 2016-11-29 20:08 - 00000000 ____D C:\Users\Erik\AppData\Local\AviraSpeedup
2016-11-29 20:01 - 2016-11-29 20:01 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Comms
2016-11-29 20:00 - 2016-11-30 11:36 - 00000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job
2016-11-29 20:00 - 2016-11-29 20:00 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdmin
2016-11-29 20:00 - 2016-11-29 20:00 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\Hewlett-Packard
2016-11-29 19:59 - 2016-11-29 20:00 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Hewlett-Packard
2016-11-29 19:45 - 2016-11-30 13:29 - 00002440 _____ C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-29 19:45 - 2016-11-30 13:29 - 00000000 ___RD C:\Users\Admin.Erik-HP.000\OneDrive
2016-11-29 19:45 - 2016-11-29 19:46 - 00017920 ___SH C:\Users\Admin.Erik-HP.000\Desktop\Thumbs.db
2016-11-29 19:45 - 2016-11-29 19:45 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\NetworkTiles
2016-11-29 19:44 - 2016-11-29 19:44 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Publishers
2016-11-29 19:43 - 2016-11-30 13:34 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Avira
2016-11-29 19:43 - 2016-11-30 13:29 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\ConnectedDevicesPlatform
2016-11-29 19:43 - 2016-11-29 20:01 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Packages
2016-11-29 19:43 - 2016-11-29 19:43 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\TileDataLayer
2016-11-29 13:41 - 2016-11-29 13:41 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-11-29 13:37 - 2016-11-30 11:15 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-29 13:37 - 2016-11-29 21:50 - 00000000 ____D C:\Users\Erik\AppData\Local\FSDART
2016-11-29 13:37 - 2016-11-29 13:37 - 00000000 ____D C:\Users\Erik\AppData\Local\F-Secure
2016-11-29 09:11 - 2016-11-29 09:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{6D10B461-1BFE-473F-803D-008B922C55D7}
2016-11-28 20:32 - 2016-11-28 20:32 - 00000000 ____D C:\Users\Erik\AppData\Local\{9AED8C1D-4CFC-4A17-AB8E-65FC58328A00}
2016-11-27 23:11 - 2016-11-27 23:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{151DD593-BE5A-4FD8-BA1E-995DE5E2A05D}
2016-11-26 15:38 - 2016-11-29 16:33 - 00000000 ____D C:\Users\Admin.Erik-HP.000\Desktop\OpenOffice 4.1.3 Language Pack (Swedish) Installation Files
2016-11-26 15:31 - 2016-11-26 15:31 - 00192000 ___SH C:\Users\Erik\Documents\Thumbs.db
2016-11-26 10:03 - 2016-11-26 10:03 - 00000000 ____D C:\Users\Erik\AppData\Local\{87C4BF96-0ED4-4C6B-AE5D-FD307D66E9C7}
2016-11-25 21:41 - 2016-11-25 21:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{6BA1B2E0-29B0-47AF-A367-75A9C0FDD3AB}
2016-11-25 09:41 - 2016-11-25 09:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{642FE3F1-C773-4FFB-B5EE-9BBBA180E5E4}
2016-11-24 15:54 - 2016-11-24 15:54 - 00000000 ____D C:\Users\Erik\AppData\Local\{6D32764D-52E3-4D0C-9874-C922ADE4E32A}
2016-11-23 23:00 - 2016-11-23 23:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{3B982462-FD9F-4CEA-A39D-8F2E213145F5}
2016-11-23 11:00 - 2016-11-23 11:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{303065CB-D159-4D17-8943-4908FD3D81E8}
2016-11-22 22:04 - 2016-11-22 22:04 - 00000000 ____D C:\Users\Erik\AppData\Local\{22E300D0-C3AE-4296-AAE3-CA0BD807DEE0}
2016-11-22 14:37 - 2016-11-22 14:37 - 00001207 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-22 10:00 - 2016-11-22 10:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{1431926A-F405-4452-ABBF-45C94AD9BF44}
2016-11-21 09:53 - 2016-11-21 09:53 - 00000000 ____D C:\Users\Erik\AppData\Local\{B1699897-BE38-48BB-BBFF-36F558B79D2C}
2016-11-20 19:49 - 2016-11-20 19:49 - 00000000 ____D C:\Users\Erik\AppData\Local\{6E8FE208-9459-4367-82D6-8A04E01B9CE3}
2016-11-19 15:45 - 2016-11-19 15:45 - 00000000 ____D C:\Users\Erik\AppData\Local\{6AC973AF-9800-4A5C-8677-A21D764CBBCD}
2016-11-18 11:26 - 2016-11-30 16:05 - 00000000 ____D C:\Users\Erik\AppData\LocalLow\Mozilla
2016-11-18 11:25 - 2016-11-18 11:25 - 00000000 ____D C:\Users\Erik\AppData\Local\{4AB0C5A4-C12B-46DF-88BD-B3FE910FFB65}
2016-11-17 22:18 - 2016-11-17 22:18 - 00000000 ____D C:\Users\Erik\AppData\Local\{5376D844-62BB-4344-A983-36DC38019868}
2016-11-17 09:56 - 2016-11-17 09:56 - 00000000 ____D C:\Users\Erik\AppData\Local\{2899D0DF-C79E-4516-987E-D602C39581F3}
2016-11-16 16:00 - 2016-11-16 16:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{297D8E72-DC67-4FE5-8AD3-21EF29A20BA4}
2016-11-15 22:17 - 2016-11-15 22:17 - 00000000 ____D C:\Users\Erik\AppData\Local\{3AE0DC6F-0D3F-4B24-AC1F-9CE226D5A8CC}
2016-11-15 09:40 - 2016-11-15 09:40 - 00000000 ____D C:\Users\Erik\AppData\Local\{394F18B1-DD09-4211-BB39-1063DA2D9C89}
2016-11-14 09:44 - 2016-11-14 09:44 - 00000000 ____D C:\Users\Erik\AppData\Local\{104BA3A9-294F-402F-93C3-266CADF50334}
2016-11-12 22:40 - 2016-11-12 22:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{7A6AD77F-0844-4D63-B233-63E5BFAA4634}
2016-11-11 17:07 - 2016-11-11 17:07 - 00000000 ____D C:\Users\Erik\AppData\Local\{7BBE8685-4BDF-40E4-B7FD-CDC6EAC708A0}
2016-11-10 10:37 - 2016-11-10 10:37 - 00000000 ____D C:\Users\Erik\AppData\Local\{E7D255F9-2749-4DA8-8CA3-B206EC5FE185}
2016-11-09 16:16 - 2016-11-09 16:16 - 00000000 ____D C:\Users\Erik\AppData\Local\{D0B56EED-D2A0-4BA0-9D3F-63905B73FD25}
2016-11-09 12:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 12:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 12:43 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 12:43 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 12:43 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 12:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 12:43 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 12:43 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 12:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 12:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 12:43 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 12:43 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 12:43 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 12:43 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 12:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 12:43 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 12:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 12:43 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 12:43 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 12:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 12:43 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 12:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 12:43 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 12:43 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 12:43 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 12:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 12:43 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 12:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 12:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 12:43 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 12:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 12:43 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 12:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 12:43 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 12:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 12:43 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 12:43 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 12:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 12:43 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 12:43 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 12:43 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 12:43 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 12:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 12:43 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 12:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 12:43 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 12:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 12:43 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 12:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 12:43 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 12:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 12:43 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 12:43 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 12:43 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 12:43 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 12:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 12:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 12:43 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 12:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 12:43 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 12:43 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 12:43 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 12:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 12:43 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 12:43 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 12:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 12:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 12:43 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 12:43 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 12:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 12:43 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 12:43 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 12:43 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 12:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 12:43 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 12:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 12:43 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 12:43 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 12:43 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 12:43 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 12:43 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 12:43 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 12:43 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 12:43 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 12:43 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 12:43 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 12:43 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 12:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 12:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 12:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 12:43 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 12:39 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 12:39 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 12:38 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 12:38 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 12:38 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 12:38 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 12:38 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 12:38 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 12:38 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 12:38 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 12:38 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 12:38 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 12:38 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 12:38 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 12:38 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 12:38 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 12:38 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 12:38 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 12:38 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 12:38 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 12:38 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 12:38 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 12:38 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 12:38 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 12:38 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 12:38 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 12:38 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 12:38 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 12:38 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 12:38 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 12:38 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 12:38 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 12:38 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 12:38 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 12:38 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 12:38 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 12:38 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 12:38 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 12:38 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 12:38 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 12:38 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 12:38 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 12:38 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 12:38 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 12:38 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 12:38 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 12:38 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 12:38 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 12:38 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 12:38 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 12:38 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 12:38 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 12:38 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 12:38 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 12:38 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 12:38 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 12:38 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 12:38 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 12:38 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 12:38 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 12:38 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 12:38 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 12:38 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 12:38 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 12:38 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 12:38 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 12:38 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 12:38 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 12:38 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 12:38 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 12:38 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 12:38 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 12:38 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 12:37 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 12:37 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 12:37 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 12:37 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 12:37 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 12:37 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 12:37 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 12:37 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 12:37 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 12:37 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 12:37 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 12:37 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 12:37 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 12:37 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 12:37 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 12:37 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 12:37 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 12:37 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 12:37 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 12:37 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 12:37 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 12:37 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 12:37 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 12:37 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 12:37 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 12:37 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 12:37 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 12:37 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 12:37 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 12:37 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 12:37 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 12:37 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 12:37 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 12:37 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 12:37 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 12:37 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 12:37 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 12:37 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 12:37 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 12:37 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 12:37 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 12:37 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 16:58 - 2016-11-08 16:58 - 00000000 ____D C:\Users\Erik\AppData\Local\{1C227BD8-2B79-47A3-A1D0-E4B687A9212A}
2016-11-07 15:53 - 2016-11-07 15:53 - 00000000 ____D C:\Users\Erik\AppData\Local\{AC874696-06DC-4DC8-80B5-481E654DE4FD}
2016-11-07 12:28 - 2016-11-07 12:28 - 00000000 ____D C:\Users\Erik\AppData\Local\{3C340B84-876B-4573-B67A-03943052AE46}
2016-11-06 22:11 - 2016-11-06 22:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{06A258D6-4659-4D6C-9319-BA8258E6F6AE}
2016-11-05 17:07 - 2016-11-05 17:07 - 00000000 ____D C:\Users\Erik\AppData\Local\{E61E8C73-2EE2-46FF-ABC9-BD74E9B9B43B}
2016-11-04 10:57 - 2016-11-04 10:57 - 00000000 ____D C:\Users\Erik\AppData\Local\{7B008266-388A-4260-B6B3-A2C8862F932C}
2016-11-03 17:01 - 2016-11-03 17:01 - 00000000 ____D C:\Users\Erik\AppData\Local\{66462688-0266-432D-968A-89D120BA2F7E}
2016-11-02 09:43 - 2016-11-02 09:43 - 00000000 ____D C:\Users\Erik\AppData\Local\{B76911AD-BD3A-4DAB-8E55-03BB6C8BED75}
2016-11-01 08:39 - 2016-11-01 08:39 - 00000000 ____D C:\Users\Erik\AppData\Local\{2AA20C95-CD89-41FE-82D1-DE221DD1DD6C}
2016-10-31 17:03 - 2016-10-31 17:03 - 00000000 ____D C:\Users\Erik\AppData\Local\{072B048C-5E84-4DF0-BF40-8F21366817B1}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 18:01 - 2016-09-21 20:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-30 13:50 - 2016-10-12 21:14 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-30 13:46 - 2013-01-27 21:06 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Mozilla
2016-11-30 13:34 - 2016-10-12 21:21 - 00003430 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray
2016-11-30 13:34 - 2016-10-12 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-30 13:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-30 11:54 - 2013-01-25 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-30 11:53 - 2012-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 11:45 - 2016-10-12 21:14 - 00000000 ____D C:\ProgramData\Avira
2016-11-30 11:42 - 2016-09-21 20:40 - 02048674 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-30 11:42 - 2016-07-16 23:09 - 00709400 _____ C:\WINDOWS\system32\perfh01D.dat
2016-11-30 11:42 - 2016-07-16 23:09 - 00176316 _____ C:\WINDOWS\system32\perfc01D.dat
2016-11-30 11:36 - 2016-10-12 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-30 11:36 - 2016-09-21 21:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-30 11:35 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-29 23:23 - 2013-06-14 16:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-29 22:25 - 2012-01-25 12:22 - 03041320 _____ (Macrovision Corporation) C:\Users\Erik\Downloads\shb_kortlasare.exe
2016-11-29 21:50 - 2016-09-21 20:41 - 00000000 ____D C:\Users\Admin.Erik-HP.000
2016-11-29 21:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-29 20:23 - 2016-10-12 21:28 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk
2016-11-29 20:23 - 2016-10-12 21:28 - 00002227 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2016-11-29 20:18 - 2014-10-03 16:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-11-29 20:17 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-29 19:57 - 2014-10-03 16:23 - 00000000 ____D C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2016-11-29 19:57 - 2011-11-03 05:24 - 00000000 ____D C:\ProgramData\truesuite
2016-11-29 19:43 - 2016-01-25 21:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-29 19:20 - 2013-08-18 20:58 - 00000000 ____D C:\Users\Erik\Documents\Bilder Kullarmark 265
2016-11-29 16:42 - 2016-09-21 20:41 - 00000000 ____D C:\Users\Erik
2016-11-29 16:35 - 2016-10-12 21:28 - 00001170 _____ C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job
2016-11-29 16:34 - 2016-09-21 20:41 - 00000000 ____D C:\Users\DefaultAppPool
2016-11-29 16:34 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-29 16:33 - 2012-02-10 17:30 - 00000000 ____D C:\Users\Erik\Documents\Garmin
2016-11-29 16:33 - 2012-01-24 16:05 - 00000000 ___RD C:\Users\Erik\Documents\Scanned Documents
2016-11-29 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-29 16:26 - 2012-02-10 17:30 - 00000000 ____D C:\Users\Erik\Documents\Friluftskartan
2016-11-29 16:26 - 2012-01-24 16:05 - 00000000 ____D C:\Users\Erik\Documents\Fax
2016-11-22 20:36 - 2016-10-12 21:28 - 00004260 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineUA
2016-11-22 20:36 - 2016-10-12 21:28 - 00004028 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineCore
2016-11-22 20:36 - 2016-10-12 21:28 - 00001166 _____ C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job
2016-11-22 14:37 - 2014-09-25 21:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-18 17:16 - 2013-01-25 21:06 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-12 16:05 - 2016-01-25 21:58 - 00000000 ___RD C:\Users\Erik\OneDrive
2016-11-12 15:49 - 2012-01-24 14:35 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2016-11-10 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 10:24 - 2013-08-06 19:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 10:21 - 2012-02-03 10:43 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 16:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-09 16:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-09 16:30 - 2014-10-20 11:27 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Adobe
2016-11-09 16:30 - 2012-01-26 13:55 - 00000000 ____D C:\Users\Erik\AppData\Local\Adobe
2016-11-09 16:22 - 2016-09-21 20:35 - 00224776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 12:59 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-07 19:46 - 2016-09-21 21:03 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 21:04 - 2015-11-06 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2011-11-03 05:24 - 2011-06-10 00:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-01-24 14:35 - 2016-11-12 15:49 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2012-01-24 14:45 - 2014-09-25 22:58 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2012-01-24 14:35 - 2012-01-24 14:35 - 0000268 ___RH () C:\ProgramData\Sounds
2012-01-24 14:45 - 2012-01-24 14:45 - 0000268 ___RH () C:\ProgramData\Space Choir

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-22 22:45

==================== End of FRST.txt ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

1. Avinstallera:

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Hidden
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 16.10.2840.1797 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{F2396C9D-4724-4BB9-87A0-A137C4C69524}) (Version: 1.2.3.14696 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.0.0.3502 - Avira Operations GmbH & Co. KG)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
 

Kör Avira RegistryCleaner Tool: https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902

 

 

2. Spara AdwCleaner på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s1].txt

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Log-filen från AdwCleaner:

 

 

# AdwCleaner v6.030 - Logfile created 01/12/2016 at 13:06:26
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-12-01.1 [server]
# Operating System : Windows 10 Home  (X64)
# Username : Admin - ERIK-HP
# Running from : C:\Users\Admin.Erik-HP.000\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found:  esgiguard


***** [ Folders ] *****

Folder Found:  C:\Users\Admin.Erik-HP.000\AppData\Local\LPT
Folder Found:  C:\Users\Admin.Erik-HP.000\AppData\Local\Smartbar
Folder Found:  C:\Users\Admin.Erik-HP.000\AppData\Roaming\OpenCandy
Folder Found:  C:\Users\Admin.Erik-HP.000\AppData\Roaming\WebExtend
Folder Found:  C:\Program Files\Enigma Software Group
Folder Found:  C:\WINDOWS\SysWoW64\SearchProtect


***** [ Files ] *****

File Found:  C:\WINDOWS\Reimage.ini
File Found:  C:\Users\ADMINE~1.000\AppData\Local\Temp\EsgScanner.sys


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected:  C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.safefinder.com/?publisher=ONSF&dpid=ONSF&co=SE&userid=3f2244ac-098e-61de-808f-f7a26e54ac80&sea
Shortcut infected:  C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ( hxxp://feed.safefinder.com/?publisher=ONSF&dpid=ONSF&co=SE&userid=3f2244ac-098e-61d


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found:  HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found:  HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Reimage
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\smartbarbackup
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\smartbarlog
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Softonic
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\WEBAPP
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKCU\Software\Reimage
Key Found:  HKCU\Software\smartbarbackup
Key Found:  HKCU\Software\smartbarlog
Key Found:  HKCU\Software\Softonic
Key Found:  HKCU\Software\WEBAPP
Key Found:  HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKLM\SOFTWARE\SiteSee
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1898B668-CCF5-429F-A86F-9837E5439D77}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Found:  [x64] HKCU\Software\Reimage
Key Found:  [x64] HKCU\Software\smartbarbackup
Key Found:  [x64] HKCU\Software\smartbarlog
Key Found:  [x64] HKCU\Software\Softonic
Key Found:  [x64] HKCU\Software\WEBAPP
Key Found:  [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  [x64] HKLM\SOFTWARE\Reimage
Key Found:  [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3119383209-2459362220-190218579-1003\Products\363FB0CBBA367FF4E81FEAD0F717B142
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUw
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main [search Bar] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUww
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqP
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWm
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikU
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRry
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [search Bar] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_w
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRr
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuR
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [search Bar] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRr
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERG
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmku
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Data Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found:  HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found:  HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found:  HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found:  HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found:  HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found:  HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\prefs.js] - "browser.newtab.url" -  "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61
Firefox pref Found:  [C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\prefs.js] - "keyword.URL" -  "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjW
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[s0].txt - [11403 Bytes] - [01/12/2016 13:06:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11477 Bytes] ##########
 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[C1].txt

 

 

2. Skanna datorn online genom att följa instruktionen på sidan http://support.eset.com/kb2921/ .
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

 

Om du inte får skannern att fungera fortsätt med nästa punkt.

 

 

3. Starta FRST.

Välj Addition.txt innan du låter programmet skanna datorn igen.

Ladda upp de två nya loggfilerna.

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Logfil från AdwCleaner:

 

# AdwCleaner v6.030 - Logfile created 01/12/2016 at 14:05:03

# Updated on 19/10/2016 by Malwarebytes

# Database : 2016-12-01.1 [server]

# Operating System : Windows 10 Home  (X64)

# Username : Admin - ERIK-HP

# Running from : C:\Users\Admin.Erik-HP.000\Desktop\adwcleaner_6.030.exe

# Mode: Clean

# Support : hxxps://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

[-] Service deleted: esgiguard

 

 

***** [ Folders ] *****

 

[-] Folder deleted: C:\Users\Admin.Erik-HP.000\AppData\Local\LPT

[-] Folder deleted: C:\Users\Admin.Erik-HP.000\AppData\Local\Smartbar

[-] Folder deleted: C:\Users\Admin.Erik-HP.000\AppData\Roaming\OpenCandy

[-] Folder deleted: C:\Users\Admin.Erik-HP.000\AppData\Roaming\WebExtend

[-] Folder deleted: C:\Program Files\Enigma Software Group

[-] Folder deleted: C:\WINDOWS\SysWoW64\SearchProtect

 

 

***** [ Files ] *****

 

[-] File deleted: C:\WINDOWS\Reimage.ini

[-] File deleted: C:\Users\ADMINE~1.000\AppData\Local\Temp\EsgScanner.sys

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

[-] Shortcut disinfected: C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

[-] Shortcut disinfected: C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState

[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

[-] Key deleted: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}

[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Reimage

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\smartbarbackup

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\smartbarlog

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Softonic

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\WEBAPP

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

[#] Key deleted on reboot: HKCU\Software\Reimage

[#] Key deleted on reboot: HKCU\Software\smartbarbackup

[#] Key deleted on reboot: HKCU\Software\smartbarlog

[#] Key deleted on reboot: HKCU\Software\Softonic

[#] Key deleted on reboot: HKCU\Software\WEBAPP

[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

[-] Key deleted: HKLM\SOFTWARE\SiteSee

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1898B668-CCF5-429F-A86F-9837E5439D77}

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}

[#] Key deleted on reboot: [x64] HKCU\Software\Reimage

[#] Key deleted on reboot: [x64] HKCU\Software\smartbarbackup

[#] Key deleted on reboot: [x64] HKCU\Software\smartbarlog

[#] Key deleted on reboot: [x64] HKCU\Software\Softonic

[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP

[#] Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage

[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3119383209-2459362220-190218579-1003\Products\363FB0CBBA367FF4E81FEAD0F717B142

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main [search Page]

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main [search Bar]

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Search [searchAssistant]

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [search Page]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [search Page]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Data restored: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[-] Key deleted: HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}

[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}

[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}

[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}

 

 

***** [ Web browsers ] *****

 

[-] Chrome preferences cleaned: "browser.newtab.url" -  "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRVLkTEIPAlDSLPpPo-klRhj9AvSoSvI9Sz1DDM3B3g434TIoOv7IqcTEhCf9U0cCmu1mXa5yGC_fg152QRCT8,"

[-] Chrome preferences cleaned: "keyword.URL" -  "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIYRCCkpP61cHCqPjWmkXikUwwK8_L_8DnTt1FkF2lVbNseb_LIAJr7fERGs2p_wmkuRryI54h0kTRfkQDtrr9xPjLF5pmsN2tbKcmtQvCO6C6YyjO6q1wJLnhJCx_G7DFGWRFa1oJ2Hc5DVgv9Yw6HbUn8Q0z23YA,&q="

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C0].txt - [10371 Bytes] - [01/12/2016 14:05:03]

C:\AdwCleaner\AdwCleaner[s0].txt - [11669 Bytes] - [01/12/2016 13:06:26]

C:\AdwCleaner\AdwCleaner[s1].txt - [11743 Bytes] - [01/12/2016 14:03:40]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10593 Bytes] ##########

 

 

Skanningen med eset  stannade  efter ca 1,5 h. Då var den nära slutet och informationsfälten blev svarta med röd text (1 hot, men i 3 filer.).

 

 

 

Logfil från FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016

Ran by Admin (administrator) on ERIK-HP (01-12-2016 15:49:42)

Running from C:\Users\Admin.Erik-HP.000\Desktop

Loaded Profiles: Admin (Available Profiles: Erik & Admin & DefaultAppPool)

Platform: Windows 10 Home Version 1607 (X64) Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(ESET spol. s r.o.) C:\Users\Admin.Erik-HP.000\Desktop\esetonlinescanner_enu.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

 

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\...\RunOnce: [uninstall C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\...\RunOnce: [uninstall C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{825c8548-eb17-4b6f-b43c-5291f0d02690}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sv.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-3119383209-2459362220-190218579-1003 -> {FEF609AE-CA17-43FF-B8B9-E7EC8ADF1F72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default [2016-12-01]

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search

FF Homepage: Mozilla\Firefox\Profiles\96pmbcrn.default -> about:home

FF Extension: (SafeFinder Smartbar) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} [2014-09-25] [not signed]

FF Extension: (Site Counselor) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-25] [not signed]

FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-03-01] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]

FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2013-02-12] (Caminova, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]

StartMenuInternet: Google Chrome - Chrome.exe

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]

S2 scupdate; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /svc [X]

S3 scupdatem; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /medsvc [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ardrv; C:\ProgramData\F-Secure\sidegrade\ardrv.sys [15576 2016-11-30] (OPSWAT, Inc.) [File not signed]

S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [44816 2016-08-25] (CrystalIdea Software)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)

S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-03] ()

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )

S3 Tdsshbecr; C:\WINDOWS\system32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

U3 idsvc; no ImagePath

S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]

S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-12-01 15:49 - 2016-12-01 15:49 - 00014176 _____ C:\Users\Admin.Erik-HP.000\Desktop\FRST.txt

2016-12-01 15:48 - 2016-11-30 18:10 - 02411520 _____ (Farbar) C:\Users\Admin.Erik-HP.000\Desktop\FRST64.exe

2016-12-01 14:20 - 2016-12-01 14:20 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\ESET

2016-12-01 14:17 - 2016-12-01 14:20 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Admin.Erik-HP.000\Desktop\esetonlinescanner_enu.exe

2016-12-01 13:04 - 2016-12-01 14:05 - 00000000 ____D C:\AdwCleaner

2016-12-01 13:01 - 2016-12-01 13:04 - 03910208 _____ C:\Users\Admin.Erik-HP.000\Desktop\adwcleaner_6.030.exe

2016-12-01 12:22 - 2016-12-01 12:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-12-01 09:22 - 2016-12-01 09:22 - 00000000 ____D C:\Users\Erik\AppData\Local\{FD5B44C7-6293-434A-969A-758ABE54BA8A}

2016-11-30 21:55 - 2016-11-30 21:55 - 00000830 _____ C:\Users\Admin.Erik-HP.000\Documents\Filmer - genväg.lnk

2016-11-30 18:18 - 2016-11-30 18:18 - 00002292 _____ C:\Users\Admin.Erik-HP.000\Desktop\HP Support Assistant.lnk

2016-11-30 18:16 - 2016-11-30 18:17 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\hpqLog

2016-11-30 18:16 - 2016-11-30 18:16 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

2016-11-30 18:12 - 2016-11-30 18:13 - 00043012 _____ C:\Users\Admin.Erik-HP.000\Downloads\Addition.txt

2016-11-30 18:11 - 2016-11-30 18:13 - 00064004 _____ C:\Users\Admin.Erik-HP.000\Downloads\FRST.txt

2016-11-30 18:10 - 2016-12-01 15:49 - 00000000 ____D C:\FRST

2016-11-30 18:10 - 2016-11-30 18:10 - 02411520 _____ (Farbar) C:\Users\Admin.Erik-HP.000\Downloads\FRST64.exe

2016-11-30 18:10 - 2016-11-30 18:10 - 00000000 ____D C:\Users\Admin.Erik-HP.000\Downloads\FRST-OlderVersion

2016-11-30 18:03 - 2016-11-30 12:38 - 02411520 _____ (Farbar) C:\Users\Erik\Downloads\FRST64(1).exe

2016-11-30 13:28 - 2016-11-30 13:28 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\Skype

2016-11-30 11:55 - 2016-11-30 11:55 - 00000000 ____D C:\Users\Erik\AppData\Local\{04EF3817-10B0-4D22-8168-7DAF5D77F581}

2016-11-30 00:31 - 2016-11-30 00:31 - 00003068 _____ C:\WINDOWS\System32\Tasks\RunUninstallTool_SkipUac

2016-11-30 00:31 - 2016-11-30 00:31 - 00001165 _____ C:\Users\Admin.Erik-HP.000\Desktop\Uninstall Tool.lnk

2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\CrystalIdea Software

2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool

2016-11-30 00:31 - 2016-11-30 00:31 - 00000000 ____D C:\Program Files (x86)\Uninstall Tool

2016-11-30 00:31 - 2016-08-25 14:14 - 00044816 _____ (CrystalIdea Software) C:\WINDOWS\system32\Drivers\CisUtMonitor.sys

2016-11-29 21:47 - 2016-11-29 21:50 - 00866272 _____ (F-Secure Corporation) C:\Users\Erik\Downloads\F-Secure-Safe-Network-Installer.exe

2016-11-29 21:22 - 2016-12-01 14:10 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\LocalLow\Mozilla

2016-11-29 20:08 - 2016-11-29 20:08 - 00000000 ____D C:\Users\Erik\AppData\Local\AviraSpeedup

2016-11-29 20:01 - 2016-11-29 20:01 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Comms

2016-11-29 20:00 - 2016-11-30 22:03 - 00000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job

2016-11-29 20:00 - 2016-11-30 18:18 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdmin

2016-11-29 20:00 - 2016-11-29 20:00 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Roaming\Hewlett-Packard

2016-11-29 19:59 - 2016-11-29 20:00 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Hewlett-Packard

2016-11-29 19:45 - 2016-11-30 13:29 - 00002440 _____ C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-11-29 19:45 - 2016-11-30 13:29 - 00000000 ___RD C:\Users\Admin.Erik-HP.000\OneDrive

2016-11-29 19:45 - 2016-11-29 19:46 - 00017920 ___SH C:\Users\Admin.Erik-HP.000\Desktop\Thumbs.db

2016-11-29 19:45 - 2016-11-29 19:45 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\NetworkTiles

2016-11-29 19:44 - 2016-11-29 19:44 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Publishers

2016-11-29 19:43 - 2016-11-30 13:34 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Avira

2016-11-29 19:43 - 2016-11-30 13:29 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\ConnectedDevicesPlatform

2016-11-29 19:43 - 2016-11-29 20:01 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Packages

2016-11-29 19:43 - 2016-11-29 19:43 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\TileDataLayer

2016-11-29 13:41 - 2016-11-29 13:41 - 00000000 ____D C:\Program Files (x86)\F-Secure

2016-11-29 13:37 - 2016-11-30 11:15 - 00000000 ____D C:\ProgramData\F-Secure

2016-11-29 13:37 - 2016-11-29 21:50 - 00000000 ____D C:\Users\Erik\AppData\Local\FSDART

2016-11-29 13:37 - 2016-11-29 13:37 - 00000000 ____D C:\Users\Erik\AppData\Local\F-Secure

2016-11-29 09:11 - 2016-11-29 09:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{6D10B461-1BFE-473F-803D-008B922C55D7}

2016-11-28 20:32 - 2016-11-28 20:32 - 00000000 ____D C:\Users\Erik\AppData\Local\{9AED8C1D-4CFC-4A17-AB8E-65FC58328A00}

2016-11-27 23:11 - 2016-11-27 23:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{151DD593-BE5A-4FD8-BA1E-995DE5E2A05D}

2016-11-26 15:31 - 2016-11-26 15:31 - 00192000 ___SH C:\Users\Erik\Documents\Thumbs.db

2016-11-26 10:03 - 2016-11-26 10:03 - 00000000 ____D C:\Users\Erik\AppData\Local\{87C4BF96-0ED4-4C6B-AE5D-FD307D66E9C7}

2016-11-25 21:41 - 2016-11-25 21:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{6BA1B2E0-29B0-47AF-A367-75A9C0FDD3AB}

2016-11-25 09:41 - 2016-11-25 09:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{642FE3F1-C773-4FFB-B5EE-9BBBA180E5E4}

2016-11-24 15:54 - 2016-11-24 15:54 - 00000000 ____D C:\Users\Erik\AppData\Local\{6D32764D-52E3-4D0C-9874-C922ADE4E32A}

2016-11-23 23:00 - 2016-11-23 23:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{3B982462-FD9F-4CEA-A39D-8F2E213145F5}

2016-11-23 11:00 - 2016-11-23 11:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{303065CB-D159-4D17-8943-4908FD3D81E8}

2016-11-22 22:04 - 2016-11-22 22:04 - 00000000 ____D C:\Users\Erik\AppData\Local\{22E300D0-C3AE-4296-AAE3-CA0BD807DEE0}

2016-11-22 10:00 - 2016-11-22 10:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{1431926A-F405-4452-ABBF-45C94AD9BF44}

2016-11-21 09:53 - 2016-11-21 09:53 - 00000000 ____D C:\Users\Erik\AppData\Local\{B1699897-BE38-48BB-BBFF-36F558B79D2C}

2016-11-20 19:49 - 2016-11-20 19:49 - 00000000 ____D C:\Users\Erik\AppData\Local\{6E8FE208-9459-4367-82D6-8A04E01B9CE3}

2016-11-19 15:45 - 2016-11-19 15:45 - 00000000 ____D C:\Users\Erik\AppData\Local\{6AC973AF-9800-4A5C-8677-A21D764CBBCD}

2016-11-18 11:26 - 2016-12-01 10:44 - 00000000 ____D C:\Users\Erik\AppData\LocalLow\Mozilla

2016-11-18 11:25 - 2016-11-18 11:25 - 00000000 ____D C:\Users\Erik\AppData\Local\{4AB0C5A4-C12B-46DF-88BD-B3FE910FFB65}

2016-11-17 22:18 - 2016-11-17 22:18 - 00000000 ____D C:\Users\Erik\AppData\Local\{5376D844-62BB-4344-A983-36DC38019868}

2016-11-17 09:56 - 2016-11-17 09:56 - 00000000 ____D C:\Users\Erik\AppData\Local\{2899D0DF-C79E-4516-987E-D602C39581F3}

2016-11-16 16:00 - 2016-11-16 16:00 - 00000000 ____D C:\Users\Erik\AppData\Local\{297D8E72-DC67-4FE5-8AD3-21EF29A20BA4}

2016-11-15 22:17 - 2016-11-15 22:17 - 00000000 ____D C:\Users\Erik\AppData\Local\{3AE0DC6F-0D3F-4B24-AC1F-9CE226D5A8CC}

2016-11-15 09:40 - 2016-11-15 09:40 - 00000000 ____D C:\Users\Erik\AppData\Local\{394F18B1-DD09-4211-BB39-1063DA2D9C89}

2016-11-14 09:44 - 2016-11-14 09:44 - 00000000 ____D C:\Users\Erik\AppData\Local\{104BA3A9-294F-402F-93C3-266CADF50334}

2016-11-12 22:40 - 2016-11-12 22:41 - 00000000 ____D C:\Users\Erik\AppData\Local\{7A6AD77F-0844-4D63-B233-63E5BFAA4634}

2016-11-11 17:07 - 2016-11-11 17:07 - 00000000 ____D C:\Users\Erik\AppData\Local\{7BBE8685-4BDF-40E4-B7FD-CDC6EAC708A0}

2016-11-10 10:37 - 2016-11-10 10:37 - 00000000 ____D C:\Users\Erik\AppData\Local\{E7D255F9-2749-4DA8-8CA3-B206EC5FE185}

2016-11-09 16:16 - 2016-11-09 16:16 - 00000000 ____D C:\Users\Erik\AppData\Local\{D0B56EED-D2A0-4BA0-9D3F-63905B73FD25}

2016-11-09 12:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2016-11-09 12:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-11-09 12:43 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-11-09 12:43 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2016-11-09 12:43 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-11-09 12:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2016-11-09 12:43 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-11-09 12:43 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-11-09 12:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2016-11-09 12:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll

2016-11-09 12:43 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-11-09 12:43 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-11-09 12:43 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-11-09 12:43 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-11-09 12:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-11-09 12:43 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-11-09 12:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-11-09 12:43 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2016-11-09 12:43 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2016-11-09 12:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2016-11-09 12:43 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2016-11-09 12:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-11-09 12:43 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll

2016-11-09 12:43 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-11-09 12:43 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2016-11-09 12:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-11-09 12:43 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll

2016-11-09 12:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2016-11-09 12:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll

2016-11-09 12:43 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2016-11-09 12:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll

2016-11-09 12:43 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll

2016-11-09 12:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll

2016-11-09 12:43 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-11-09 12:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe

2016-11-09 12:43 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll

2016-11-09 12:43 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll

2016-11-09 12:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2016-11-09 12:43 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-11-09 12:43 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll

2016-11-09 12:43 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll

2016-11-09 12:43 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-11-09 12:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2016-11-09 12:43 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll

2016-11-09 12:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-11-09 12:43 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2016-11-09 12:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2016-11-09 12:43 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2016-11-09 12:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll

2016-11-09 12:43 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll

2016-11-09 12:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll

2016-11-09 12:43 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2016-11-09 12:43 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll

2016-11-09 12:43 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll

2016-11-09 12:43 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl

2016-11-09 12:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-11-09 12:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-11-09 12:43 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-11-09 12:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll

2016-11-09 12:43 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe

2016-11-09 12:43 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-11-09 12:43 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-11-09 12:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2016-11-09 12:43 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll

2016-11-09 12:43 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-11-09 12:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-11-09 12:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll

2016-11-09 12:43 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-11-09 12:43 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-11-09 12:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2016-11-09 12:43 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-11-09 12:43 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll

2016-11-09 12:43 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-11-09 12:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-11-09 12:43 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll

2016-11-09 12:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll

2016-11-09 12:43 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2016-11-09 12:43 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll

2016-11-09 12:43 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll

2016-11-09 12:43 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2016-11-09 12:43 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll

2016-11-09 12:43 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2016-11-09 12:43 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-11-09 12:43 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

2016-11-09 12:43 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll

2016-11-09 12:43 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2016-11-09 12:43 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll

2016-11-09 12:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2016-11-09 12:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls

2016-11-09 12:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls

2016-11-09 12:43 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2016-11-09 12:39 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-11-09 12:39 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2016-11-09 12:38 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-11-09 12:38 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-11-09 12:38 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-11-09 12:38 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2016-11-09 12:38 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe

2016-11-09 12:38 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-11-09 12:38 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-11-09 12:38 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-11-09 12:38 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-11-09 12:38 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-11-09 12:38 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2016-11-09 12:38 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-11-09 12:38 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-11-09 12:38 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-11-09 12:38 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2016-11-09 12:38 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2016-11-09 12:38 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-11-09 12:38 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll

2016-11-09 12:38 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys

2016-11-09 12:38 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-11-09 12:38 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-11-09 12:38 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-11-09 12:38 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-11-09 12:38 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-11-09 12:38 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe

2016-11-09 12:38 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll

2016-11-09 12:38 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-11-09 12:38 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-11-09 12:38 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2016-11-09 12:38 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll

2016-11-09 12:38 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-11-09 12:38 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2016-11-09 12:38 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-11-09 12:38 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2016-11-09 12:38 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll

2016-11-09 12:38 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-11-09 12:38 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-11-09 12:38 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2016-11-09 12:38 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll

2016-11-09 12:38 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl

2016-11-09 12:38 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2016-11-09 12:38 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2016-11-09 12:38 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll

2016-11-09 12:38 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll

2016-11-09 12:38 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll

2016-11-09 12:38 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-11-09 12:38 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll

2016-11-09 12:38 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-11-09 12:38 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll

2016-11-09 12:38 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-11-09 12:38 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll

2016-11-09 12:38 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-11-09 12:38 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-11-09 12:38 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-11-09 12:38 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe

2016-11-09 12:38 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll

2016-11-09 12:38 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2016-11-09 12:38 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll

2016-11-09 12:38 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll

2016-11-09 12:38 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-11-09 12:38 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-11-09 12:38 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-11-09 12:38 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2016-11-09 12:38 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll

2016-11-09 12:38 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-11-09 12:38 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-11-09 12:38 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll

2016-11-09 12:38 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-11-09 12:38 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-11-09 12:38 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll

2016-11-09 12:38 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2016-11-09 12:38 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

2016-11-09 12:38 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll

2016-11-09 12:38 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2016-11-09 12:38 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2016-11-09 12:38 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml

2016-11-09 12:37 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-11-09 12:37 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-11-09 12:37 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-11-09 12:37 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-11-09 12:37 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-11-09 12:37 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2016-11-09 12:37 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2016-11-09 12:37 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2016-11-09 12:37 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2016-11-09 12:37 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll

2016-11-09 12:37 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-11-09 12:37 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2016-11-09 12:37 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-11-09 12:37 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2016-11-09 12:37 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll

2016-11-09 12:37 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll

2016-11-09 12:37 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-11-09 12:37 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll

2016-11-09 12:37 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-11-09 12:37 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll

2016-11-09 12:37 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll

2016-11-09 12:37 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2016-11-09 12:37 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll

2016-11-09 12:37 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2016-11-09 12:37 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll

2016-11-09 12:37 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-11-09 12:37 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll

2016-11-09 12:37 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2016-11-09 12:37 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys

2016-11-09 12:37 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll

2016-11-09 12:37 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-11-09 12:37 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2016-11-09 12:37 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-11-09 12:37 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-11-09 12:37 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll

2016-11-09 12:37 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll

2016-11-09 12:37 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2016-11-09 12:37 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2016-11-09 12:37 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2016-11-09 12:37 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2016-11-09 12:37 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-11-09 12:37 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-11-08 16:58 - 2016-11-08 16:58 - 00000000 ____D C:\Users\Erik\AppData\Local\{1C227BD8-2B79-47A3-A1D0-E4B687A9212A}

2016-11-07 15:53 - 2016-11-07 15:53 - 00000000 ____D C:\Users\Erik\AppData\Local\{AC874696-06DC-4DC8-80B5-481E654DE4FD}

2016-11-07 12:28 - 2016-11-07 12:28 - 00000000 ____D C:\Users\Erik\AppData\Local\{3C340B84-876B-4573-B67A-03943052AE46}

2016-11-06 22:11 - 2016-11-06 22:11 - 00000000 ____D C:\Users\Erik\AppData\Local\{06A258D6-4659-4D6C-9319-BA8258E6F6AE}

2016-11-05 17:07 - 2016-11-05 17:07 - 00000000 ____D C:\Users\Erik\AppData\Local\{E61E8C73-2EE2-46FF-ABC9-BD74E9B9B43B}

2016-11-04 10:57 - 2016-11-04 10:57 - 00000000 ____D C:\Users\Erik\AppData\Local\{7B008266-388A-4260-B6B3-A2C8862F932C}

2016-11-03 17:01 - 2016-11-03 17:01 - 00000000 ____D C:\Users\Erik\AppData\Local\{66462688-0266-432D-968A-89D120BA2F7E}

2016-11-02 09:43 - 2016-11-02 09:43 - 00000000 ____D C:\Users\Erik\AppData\Local\{B76911AD-BD3A-4DAB-8E55-03BB6C8BED75}

2016-11-01 08:39 - 2016-11-01 08:39 - 00000000 ____D C:\Users\Erik\AppData\Local\{2AA20C95-CD89-41FE-82D1-DE221DD1DD6C}

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-12-01 15:22 - 2016-09-21 20:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2016-12-01 14:13 - 2016-09-21 20:40 - 02208742 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-12-01 14:13 - 2016-07-16 23:09 - 00790448 _____ C:\WINDOWS\system32\perfh01D.dat

2016-12-01 14:13 - 2016-07-16 23:09 - 00201432 _____ C:\WINDOWS\system32\perfc01D.dat

2016-12-01 14:13 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps

2016-12-01 14:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-12-01 14:07 - 2016-09-21 21:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-12-01 14:06 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2016-12-01 14:04 - 2014-09-25 21:51 - 00001150 _____ C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2016-12-01 12:22 - 2013-01-25 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-12-01 12:22 - 2012-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-12-01 10:59 - 2014-09-25 21:38 - 00000000 ____D C:\ProgramData\Package Cache

2016-12-01 09:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2016-11-30 22:51 - 2012-01-24 14:35 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT

2016-11-30 18:18 - 2016-09-21 21:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard

2016-11-30 18:18 - 2011-11-03 05:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2016-11-30 18:18 - 2011-11-03 05:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-11-30 18:17 - 2011-11-03 05:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2016-11-30 18:16 - 2011-11-03 05:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-11-30 18:16 - 2011-02-11 17:32 - 00000000 ____D C:\SWSETUP

2016-11-30 13:46 - 2013-01-27 21:06 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Mozilla

2016-11-30 11:36 - 2016-10-12 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2016-11-29 22:25 - 2012-01-25 12:22 - 03041320 _____ (Macrovision Corporation) C:\Users\Erik\Downloads\shb_kortlasare.exe

2016-11-29 21:50 - 2016-09-21 20:41 - 00000000 ____D C:\Users\Admin.Erik-HP.000

2016-11-29 20:23 - 2016-10-12 21:28 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk

2016-11-29 19:57 - 2014-10-03 16:23 - 00000000 ____D C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2016-11-29 19:57 - 2011-11-03 05:24 - 00000000 ____D C:\ProgramData\truesuite

2016-11-29 19:43 - 2016-01-25 21:47 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-11-29 19:20 - 2013-08-18 20:58 - 00000000 ____D C:\Users\Erik\Documents\Bilder Kullarmark 265

2016-11-29 16:42 - 2016-09-21 20:41 - 00000000 ____D C:\Users\Erik

2016-11-29 16:35 - 2016-10-12 21:28 - 00001170 _____ C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job

2016-11-29 16:34 - 2016-09-21 20:41 - 00000000 ____D C:\Users\DefaultAppPool

2016-11-29 16:34 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF

2016-11-29 16:33 - 2012-02-10 17:30 - 00000000 ____D C:\Users\Erik\Documents\Garmin

2016-11-29 16:33 - 2012-01-24 16:05 - 00000000 ___RD C:\Users\Erik\Documents\Scanned Documents

2016-11-29 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration

2016-11-29 16:26 - 2012-02-10 17:30 - 00000000 ____D C:\Users\Erik\Documents\Friluftskartan

2016-11-29 16:26 - 2012-01-24 16:05 - 00000000 ____D C:\Users\Erik\Documents\Fax

2016-11-22 20:36 - 2016-10-12 21:28 - 00004260 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineUA

2016-11-22 20:36 - 2016-10-12 21:28 - 00004028 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineCore

2016-11-22 20:36 - 2016-10-12 21:28 - 00001166 _____ C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job

2016-11-18 17:16 - 2013-01-25 21:06 - 00000868 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-11-12 16:05 - 2016-01-25 21:58 - 00000000 ___RD C:\Users\Erik\OneDrive

2016-11-10 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache

2016-11-10 10:24 - 2013-08-06 19:44 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-11-10 10:21 - 2012-02-03 10:43 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-11-09 16:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2016-11-09 16:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2016-11-09 16:30 - 2014-10-20 11:27 - 00000000 ____D C:\Users\Admin.Erik-HP.000\AppData\Local\Adobe

2016-11-09 16:30 - 2012-01-26 13:55 - 00000000 ____D C:\Users\Erik\AppData\Local\Adobe

2016-11-09 16:22 - 2016-09-21 20:35 - 00224776 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2016-11-09 16:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-11-09 12:59 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-11-07 19:46 - 2016-09-21 21:03 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-11-03 21:04 - 2015-11-06 09:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

 

==================== Files in the root of some directories =======

 

2011-11-03 05:24 - 2011-06-10 00:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011

2012-01-24 14:35 - 2016-11-30 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT

2012-01-24 14:45 - 2014-09-25 22:58 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

2012-01-24 14:35 - 2012-01-24 14:35 - 0000268 ___RH () C:\ProgramData\Sounds

2012-01-24 14:45 - 2012-01-24 14:45 - 0000268 ___RH () C:\ProgramData\Space Choir

 

Some files in TEMP:

====================

C:\Users\Admin.Erik-HP.000\AppData\Local\Temp\libeay32.dll

C:\Users\Admin.Erik-HP.000\AppData\Local\Temp\msvcr120.dll

C:\Users\Admin.Erik-HP.000\AppData\Local\Temp\sp64126.exe

C:\Users\Admin.Erik-HP.000\AppData\Local\Temp\sqlite3.dll

C:\Users\Admin.Erik-HP.000\AppData\Local\Temp\UninstallHPSA.exe

 

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-11-22 22:45

 

==================== End of FRST.txt ============================

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Jag hittade inte var jag skulle bifoga Addition.txt. Här är denna logfil:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
Ran by Admin (01-12-2016 15:51:26)
Running from C:\Users\Admin.Erik-HP.000\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-21 20:06:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3119383209-2459362220-190218579-1003 - Administrator - Enabled) => C:\Users\Admin.Erik-HP.000
Administratör (S-1-5-21-3119383209-2459362220-190218579-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3119383209-2459362220-190218579-503 - Limited - Disabled)
Erik (S-1-5-21-3119383209-2459362220-190218579-1000 - Limited - Enabled) => C:\Users\Erik
Gäst (S-1-5-21-3119383209-2459362220-190218579-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3119383209-2459362220-190218579-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.2.1.1 - Finansiell ID-Teknik BID AB)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Document Express DjVu Plug-in (HKLM-x32\...\{5EEF232F-D315-4A37-B486-C4C1DD079BA6}) (Version: 6.1.31219 - Caminova, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Handelsbankens kortläsare (HKLM-x32\...\{35C938B6-F72A-4D92-B8B5-A1F0F9B1DC76}) (Version: 1.00.0000 - Todos Data System AB)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Printing Software (HKLM-x32\...\HP Photo Printing Software) (Version:  - )
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Share-to-Web (HKLM-x32\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 sv-SE)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
OpenOffice 4.0.1 (HKLM-x32\...\{46BCB691-9148-4FCB-B215-CCDF70B5D95A}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version:  - Samsung Electronics Co., Ltd.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.1 - CrystalIDEA Software, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {122BD712-3F37-4F25-BCA2-5747980B7B2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {140BD5B3-A197-4F36-97B7-CD2B749ECB53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1C916510-5DD3-4BD8-9909-98A7AD26885E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CE70A1A-EE47-4862-B78B-EB14A391AE66} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {22A2CBA0-F3E9-4693-8D20-8A0424A7220F} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {2B7CCFBB-9C9F-466F-8B99-737C132A50E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3D7EE298-A789-41C3-84BA-D3C6F8BA41DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B79246F-4270-4B71-9870-DA723E2277C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4C58D7FE-D62B-4B69-8C93-11C118A19035} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53044686-EAA3-4366-8007-218C16EE7344} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {53744A2F-9DF4-493B-A792-B7ECCC0430D7} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6AFF8D56-8B75-4006-A70F-F7CDC93CA6D0} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78B5ED53-6DF1-41E8-B790-25A6C89E6E97} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {796A49C0-189F-4E00-B328-FC4D90E56DDB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7ACD98E3-26F2-4CC5-B638-0DB457DC5615} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7F8BE006-F26A-467F-83AC-D2975D326826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {866CF4C2-45B8-4773-BD46-AABE7474748B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A} - System32\Tasks\SmartArrange => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AF5A66D2-5C44-4025-B1B2-BCBCA102C37D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B52AE49C-BCD7-478D-A52C-80D344A1144F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C246002D-BFCB-4336-B158-B6DFB461BD59} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C554F9A0-CF77-4594-BA78-7B35A3443DF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7BEBA1D-039E-41BA-9E0A-0D4D7EEC2C26} - System32\Tasks\RunUninstallTool_SkipUac => C:\Program Files (x86)\Uninstall Tool\UninstallTool.exe [2016-09-16] (CrystalIDEA Software)
Task: {C9D4EB9D-5BFE-4FE2-850A-2938603DB24A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB081C6C-D446-47FC-BB58-38A7526C68AD} - System32\Tasks\{9D884FE4-356F-4356-B0D4-A85617614A39} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D3465022-E707-40B6-ABEA-7E3ADEF02016} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E44A3189-2338-4DF5-B75B-68C71AD3B01C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E4B201C5-B035-4314-BA80-9CE23AE7058E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E86C8CC7-6C9E-44EC-942A-E804CDA378A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC747D05-48D2-48C4-9AEF-F0EE9A17EB0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SmartArrange.job => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 08:27 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-04-14 02:41 - 2011-04-14 02:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2016-09-30 08:27 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-30 13:29 - 2016-11-30 13:29 - 01864384 _____ () C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-21 21:29 - 2016-09-21 21:29 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 12:38 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 12:37 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 12:37 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 12:37 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 12:37 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 12:37 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-30 13:28 - 2016-11-30 13:28 - 01383616 _____ () C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-30 13:28 - 2016-11-30 13:28 - 00118976 _____ () C:\Users\Admin.Erik-HP.000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin.Erik-HP.000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DraftSight API Service => 3
MSCONFIG\Services: FPLService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk => C:\Windows\pss\BankID säkerhetsprogram.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SCX3200_Scan2Pc => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{1BA2F78B-221F-4F2E-8E51-567974D20576}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9E8DE7EB-8A39-470B-AE31-801B976A6629}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{79241B97-4FD5-4B59-AC80-6158D6959C73}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF15DFA3-47FC-4AD5-BA66-291BA8C57E79}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{440C3228-66B8-43A6-A58F-00D1C738C898}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3E693EF-A524-40B7-842F-EF762C57D606}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{F252461B-0117-4B8C-95FE-61FDD07EC05B}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{9738CF79-84B5-482D-929D-0B03EF770751}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6830C9ED-C93F-45CF-A830-6C05E7A480CA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E6D23DD-58E8-4C2C-AB36-CC12CE6EC8C8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{733A1D3F-9930-4412-BA50-44F9A4228B4B}] => C:\Program Files (x86)\Avira\Scout\Application\scout.exe

==================== Restore Points =========================

16-11-2016 21:33:16 Schemalagd kontrollpunkt
23-11-2016 23:02:44 Schemalagd kontrollpunkt
29-11-2016 16:22:13 Återställningsåtgärd
01-12-2016 10:56:31 Removed Avira Software Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2016 10:56:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Åtkomst nekad.
.

Error: (11/30/2016 10:05:37 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: DLL-filen rdyboost för en utökningsbar prestandaräknare kunde inte läsas in. Felkoden anges av datasektionens första fyra byte (DWORD).

Error: (11/30/2016 10:05:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Öppningsproceduren BITS i DLL-filen C:\Windows\System32\bitsperf.dll kunde inte utföras. Prestandadata för den här tjänsten kommer inte att vara tillgängliga. Felkoden anges av datasektionens första fyra byte (DWORD).

Error: (11/30/2016 07:55:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: firefox.exe, version 50.0.1.6171, tidsstämpel 0x58366d90
, felet uppstod i modulen med namn: mozglue.dll, version 50.0.1.6171, tidsstämpel 0x58366d59
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed4b
Process-ID: 0x1a40
Programmets starttid: 0x01d24b2f689cd7de
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: dc2c8cb0-43ff-4a72-8be5-78335ac26a2c
Fullständigt namn på felaktigt paket:
Program-ID relativt till felaktigt paket:

Error: (11/30/2016 07:55:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet firefox.exe, version 50.0.1.6171, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken i Säkerhet och underhåll på Kontrollpanelen.

Process-ID: 1340

Starttid: 01d24b2f672627fd

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-ID: 80807099-b72e-11e6-a654-2c41389b48ed

Fullständigt namn på felaktigt paket:

Program-ID relativt till felaktigt paket:

Error: (11/30/2016 07:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 50.0.1.6171, tidsstämpel 0x58367404
, felet uppstod i modulen med namn: mozglue.dll, version 50.0.1.6171, tidsstämpel 0x58366d59
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed4b
Process-ID: 0x137c
Programmets starttid: 0x01d24b30c4517156
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: ebad77ad-07f2-48c7-be53-f04887b30faf
Fullständigt namn på felaktigt paket:
Program-ID relativt till felaktigt paket:

Error: (11/30/2016 07:17:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet explorer.exe, version 10.0.14393.447, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken i Säkerhet och underhåll på Kontrollpanelen.

Process-ID: f9c

Starttid: 01d24b2c138435e4

Avslutningstid: 25

Programsökväg: C:\Windows\explorer.exe

Rapport-ID: 41533639-b729-11e6-a654-2c41389b48ed

Fullständigt namn på felaktigt paket:

Program-ID relativt till felaktigt paket:

Error: (11/30/2016 06:18:40 PM) (Source: MsiInstaller) (EventID: 11609) (User: Erik-HP)
Description: Product: HP Customer Experience Enhancements -- Error 1609.An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/30/2016 06:17:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen QueryFullProcessImageNameW anropades. hr = 0x80070006, Referensen (handle) är felaktig.
.


Åtgärd:
   Utför asynkron åtgärd

Kontext:
   Aktuell status: DoSnapshotSet

Error: (11/30/2016 06:17:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Åtkomst nekad.
.


System errors:
=============
Error: (12/01/2016 02:37:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten eapihdrv kunde inte startas på grund av följande fel:
Den här drivrutinen har blockerats för inläsning

Error: (12/01/2016 02:37:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINE~1.000\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2016 02:37:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten eapihdrv kunde inte startas på grund av följande fel:
Den här drivrutinen har blockerats för inläsning

Error: (12/01/2016 02:37:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINE~1.000\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2016 02:37:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten eapihdrv kunde inte startas på grund av följande fel:
Den här drivrutinen har blockerats för inläsning

Error: (12/01/2016 02:37:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINE~1.000\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2016 02:37:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten eapihdrv kunde inte startas på grund av följande fel:
Den här drivrutinen har blockerats för inläsning

Error: (12/01/2016 02:37:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINE~1.000\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2016 02:37:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINE~1.000\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2016 02:37:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten eapihdrv kunde inte startas på grund av följande fel:
Den här drivrutinen har blockerats för inläsning


==================== Memory info ===========================

Processor: Intel® Core i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 4000.81 MB
Available physical RAM: 2049.83 MB
Total Virtual: 6000.81 MB
Available Virtual: 3988.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683 GB) (Free:613.49 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0F4527AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Avinstallera SUPERAntiSpyware.

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF Extension: (SafeFinder Smartbar) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} [2014-09-25] [not signed]
FF Extension: (Site Counselor) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-25] [not signed]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S2 scupdate; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /svc [X]
S3 scupdatem; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /medsvc [X]
U3 idsvc; no ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
2016-11-29 20:23 - 2016-10-12 21:28 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk
Task: {08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1C916510-5DD3-4BD8-9909-98A7AD26885E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22A2CBA0-F3E9-4693-8D20-8A0424A7220F} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {2B7CCFBB-9C9F-466F-8B99-737C132A50E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B79246F-4270-4B71-9870-DA723E2277C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4C58D7FE-D62B-4B69-8C93-11C118A19035} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53044686-EAA3-4366-8007-218C16EE7344} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {78B5ED53-6DF1-41E8-B790-25A6C89E6E97} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {866CF4C2-45B8-4773-BD46-AABE7474748B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A} - System32\Tasks\SmartArrange => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION
Task: {AF5A66D2-5C44-4025-B1B2-BCBCA102C37D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B52AE49C-BCD7-478D-A52C-80D344A1144F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C9D4EB9D-5BFE-4FE2-850A-2938603DB24A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB081C6C-D446-47FC-BB58-38A7526C68AD} - System32\Tasks\{9D884FE4-356F-4356-B0D4-A85617614A39} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D3465022-E707-40B6-ABEA-7E3ADEF02016} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E44A3189-2338-4DF5-B75B-68C71AD3B01C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E4B201C5-B035-4314-BA80-9CE23AE7058E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E86C8CC7-6C9E-44EC-942A-E804CDA378A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SmartArrange.job => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION
FirewallRules: [{1BA2F78B-221F-4F2E-8E51-567974D20576}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9E8DE7EB-8A39-470B-AE31-801B976A6629}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{440C3228-66B8-43A6-A58F-00D1C738C898}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3E693EF-A524-40B7-842F-EF762C57D606}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{733A1D3F-9930-4412-BA50-44F9A4228B4B}] => C:\Program Files (x86)\Avira\Scout\Application\scout.exe
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Avinstallera SUPERAntiSpyware.

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search
FF Extension: (SafeFinder Smartbar) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} [2014-09-25] [not signed]
FF Extension: (Site Counselor) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-25] [not signed]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S2 scupdate; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /svc [X]
S3 scupdatem; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /medsvc [X]
U3 idsvc; no ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
2016-11-29 20:23 - 2016-10-12 21:28 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk
Task: {08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1C916510-5DD3-4BD8-9909-98A7AD26885E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22A2CBA0-F3E9-4693-8D20-8A0424A7220F} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {2B7CCFBB-9C9F-466F-8B99-737C132A50E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B79246F-4270-4B71-9870-DA723E2277C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4C58D7FE-D62B-4B69-8C93-11C118A19035} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53044686-EAA3-4366-8007-218C16EE7344} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {78B5ED53-6DF1-41E8-B790-25A6C89E6E97} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: {866CF4C2-45B8-4773-BD46-AABE7474748B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A} - System32\Tasks\SmartArrange => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION
Task: {AF5A66D2-5C44-4025-B1B2-BCBCA102C37D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B52AE49C-BCD7-478D-A52C-80D344A1144F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C9D4EB9D-5BFE-4FE2-850A-2938603DB24A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB081C6C-D446-47FC-BB58-38A7526C68AD} - System32\Tasks\{9D884FE4-356F-4356-B0D4-A85617614A39} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D3465022-E707-40B6-ABEA-7E3ADEF02016} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E44A3189-2338-4DF5-B75B-68C71AD3B01C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E4B201C5-B035-4314-BA80-9CE23AE7058E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E86C8CC7-6C9E-44EC-942A-E804CDA378A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SmartArrange.job => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION
FirewallRules: [{1BA2F78B-221F-4F2E-8E51-567974D20576}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9E8DE7EB-8A39-470B-AE31-801B976A6629}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{440C3228-66B8-43A6-A58F-00D1C738C898}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3E693EF-A524-40B7-842F-EF762C57D606}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{733A1D3F-9930-4412-BA50-44F9A4228B4B}] => C:\Program Files (x86)\Avira\Scout\Application\scout.exe
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

 

Det är problem med att ta bort SuperAntiSpyware. I Kontrollpanelen visades: "uninstall failed - error reading uninstall data".

Jag har försökt ta bort det i C:/ProgramFiles genom att byta namn, men jag har inte raderat i registereditorn. Hur tar jag bort resterna?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016

Ran by Admin (01-12-2016 18:46:22) Run:1

Running from C:\Users\Admin.Erik-HP.000\Desktop

Loaded Profiles: Admin (Available Profiles: Erik & Admin & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

 

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\96pmbcrn.default -> SafeFinder Search

FF Extension: (SafeFinder Smartbar) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} [2014-09-25] [not signed]

FF Extension: (Site Counselor) - C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-25] [not signed]

FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]

FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.5\npScoutUpdate3.dll [No File]

S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]

S2 scupdate; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /svc [X]

S3 scupdatem; "C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe" /medsvc [X]

U3 idsvc; no ImagePath

S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]

S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]

2016-11-29 20:23 - 2016-10-12 21:28 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk

Task: {08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

Task: {1C916510-5DD3-4BD8-9909-98A7AD26885E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {22A2CBA0-F3E9-4693-8D20-8A0424A7220F} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION

Task: {2B7CCFBB-9C9F-466F-8B99-737C132A50E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {4B79246F-4270-4B71-9870-DA723E2277C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {4C58D7FE-D62B-4B69-8C93-11C118A19035} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {53044686-EAA3-4366-8007-218C16EE7344} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {78B5ED53-6DF1-41E8-B790-25A6C89E6E97} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION

Task: {866CF4C2-45B8-4773-BD46-AABE7474748B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION

Task: {92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A} - System32\Tasks\SmartArrange => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION

Task: {AF5A66D2-5C44-4025-B1B2-BCBCA102C37D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {B52AE49C-BCD7-478D-A52C-80D344A1144F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {C9D4EB9D-5BFE-4FE2-850A-2938603DB24A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {CB081C6C-D446-47FC-BB58-38A7526C68AD} - System32\Tasks\{9D884FE4-356F-4356-B0D4-A85617614A39} => pcalua.exe -a E:\setup.exe -d E:\

Task: {D3465022-E707-40B6-ABEA-7E3ADEF02016} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {E44A3189-2338-4DF5-B75B-68C71AD3B01C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {E4B201C5-B035-4314-BA80-9CE23AE7058E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {E86C8CC7-6C9E-44EC-942A-E804CDA378A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: C:\WINDOWS\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe

Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\SmartArrange.job => c:\programdata\{8268f900-0dfb-bf26-8268-8f9000dfe400}\group 1 - yanmar.exe <==== ATTENTION

FirewallRules: [{1BA2F78B-221F-4F2E-8E51-567974D20576}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{9E8DE7EB-8A39-470B-AE31-801B976A6629}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{440C3228-66B8-43A6-A58F-00D1C738C898}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{C3E693EF-A524-40B7-842F-EF762C57D606}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{733A1D3F-9930-4412-BA50-44F9A4228B4B}] => C:\Program Files (x86)\Avira\Scout\Application\scout.exe

Reboot:

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-3119383209-2459362220-190218579-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-3119383209-2459362220-190218579-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{3f2244ac-098e-61de-808f-f7a26e54ac80} => moved successfully

C:\Users\Admin.Erik-HP.000\AppData\Roaming\Mozilla\Firefox\Profiles\96pmbcrn.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} => moved successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=3" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=9" => key removed successfully

!SASCORE => service removed successfully

scupdate => service removed successfully

scupdatem => service removed successfully

idsvc => service removed successfully

SASDIFSV => service removed successfully

SASKUTIL => service removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Scout.lnk => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E2163B-9EBD-4B5A-9AE7-B5C8EA91E0B2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C916510-5DD3-4BD8-9909-98A7AD26885E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C916510-5DD3-4BD8-9909-98A7AD26885E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22A2CBA0-F3E9-4693-8D20-8A0424A7220F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A2CBA0-F3E9-4693-8D20-8A0424A7220F}" => key removed successfully

C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineCore => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AviraScoutUpdateTaskMachineCore" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B7CCFBB-9C9F-466F-8B99-737C132A50E3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7CCFBB-9C9F-466F-8B99-737C132A50E3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B79246F-4270-4B71-9870-DA723E2277C2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B79246F-4270-4B71-9870-DA723E2277C2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C58D7FE-D62B-4B69-8C93-11C118A19035}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C58D7FE-D62B-4B69-8C93-11C118A19035}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53044686-EAA3-4366-8007-218C16EE7344}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53044686-EAA3-4366-8007-218C16EE7344}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78B5ED53-6DF1-41E8-B790-25A6C89E6E97}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78B5ED53-6DF1-41E8-B790-25A6C89E6E97}" => key removed successfully

C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineUA => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AviraScoutUpdateTaskMachineUA" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{866CF4C2-45B8-4773-BD46-AABE7474748B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{866CF4C2-45B8-4773-BD46-AABE7474748B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92DF16ED-4D24-4BA7-A9E3-AC9FF0AB135A}" => key removed successfully

C:\WINDOWS\System32\Tasks\SmartArrange => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartArrange" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF5A66D2-5C44-4025-B1B2-BCBCA102C37D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF5A66D2-5C44-4025-B1B2-BCBCA102C37D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B52AE49C-BCD7-478D-A52C-80D344A1144F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B52AE49C-BCD7-478D-A52C-80D344A1144F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9D4EB9D-5BFE-4FE2-850A-2938603DB24A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9D4EB9D-5BFE-4FE2-850A-2938603DB24A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB081C6C-D446-47FC-BB58-38A7526C68AD}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB081C6C-D446-47FC-BB58-38A7526C68AD}" => key removed successfully

C:\WINDOWS\System32\Tasks\{9D884FE4-356F-4356-B0D4-A85617614A39} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D884FE4-356F-4356-B0D4-A85617614A39}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3465022-E707-40B6-ABEA-7E3ADEF02016}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3465022-E707-40B6-ABEA-7E3ADEF02016}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E44A3189-2338-4DF5-B75B-68C71AD3B01C}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44A3189-2338-4DF5-B75B-68C71AD3B01C}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4B201C5-B035-4314-BA80-9CE23AE7058E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B201C5-B035-4314-BA80-9CE23AE7058E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E86C8CC7-6C9E-44EC-942A-E804CDA378A1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E86C8CC7-6C9E-44EC-942A-E804CDA378A1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully

C:\WINDOWS\Tasks\1015avUpdateInfo.job => moved successfully

C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineCore.job => moved successfully

C:\WINDOWS\Tasks\AviraScoutUpdateTaskMachineUA.job => moved successfully

C:\WINDOWS\Tasks\SmartArrange.job => moved successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BA2F78B-221F-4F2E-8E51-567974D20576} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E8DE7EB-8A39-470B-AE31-801B976A6629} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{440C3228-66B8-43A6-A58F-00D1C738C898} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3E693EF-A524-40B7-842F-EF762C57D606} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{733A1D3F-9930-4412-BA50-44F9A4228B4B} => value removed successfully

 

 

The system needed a reboot.

 

==== End of Fixlog 18:46:27 ====

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Kör FRST igen och bifoga en ny FRST.txt (inte Addition.txt) så kollar jag om det finns något kvar av SuperAntispyware.

Du bifogar filer genom att först klicka på knappen "Använd fullständig editor" och sen bläddra fram filen och slutligen bifoga den.

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Kör FRST igen och bifoga en ny FRST.txt (inte Addition.txt) så kollar jag om det finns något kvar av SuperAntispyware.

Du bifogar filer genom att först klicka på knappen "Använd fullständig editor" och sen bläddra fram filen och slutligen bifoga den.

För att skydda datorn gjordes i går kväll installation av F-Safe igen och denna gång slutfördes den.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Utmärkt!

Men det är inte så bra om det ligger kvar rester av SuperAntiSpyware som kan störa datorn framöver.

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Utmärkt!

Men det är inte så bra om det ligger kvar rester av SuperAntiSpyware som kan störa datorn framöver.

 

 

Jag misslyckade tydligen att bifoga log-filen från FRST i morse. Jag gör nytt försök.FRST.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Inget SuperAntiSpyware men en liten rest av Smartbar hittade jag.

 

Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
 

 

För att avinstallera specialprogrammen vi använt för att rensa datorn behöver du göra följande:

Spara Delfix på Skrivbordet: http://www.bleepingcomputer.com/download/delfix/
Starta programmet.

Se till att det finns bockar framför dessa, men inga andra:
* Remove disinfection tools
* Create registry backup

Klicka på Run-knappen.
 

Länk till kommentar
Dela på andra webbplatser
gest

gest

Postad
  • Trådskapare
Postad

Inget SuperAntiSpyware men en liten rest av Smartbar hittade jag.

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

 

För att avinstallera specialprogrammen vi använt för att rensa datorn behöver du göra följande:

 

Spara Delfix på Skrivbordet: http://www.bleepingcomputer.com/download/delfix/

Starta programmet.

 

Se till att det finns bockar framför dessa, men inga andra:

* Remove disinfection tools

* Create registry backup

 

Klicka på Run-knappen.

 

 

Nu har städat på skrivbordet.

 

Stort TACK för hjälpen!

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...