Hjälp att tyda loggar från frst och ev rensning

[cybertears]

Hej!

 

En kompis till mig upplever sin dator som seg. 

Skulle behöva ha hjälp att gå igenom loggarna. men det som jag hittade när jag kollade lite själv är detta:

Task: {FF306DF0-8821-4CD9-B1B1-12B6EE1E4C84} - System32\Tasks\SweetLabs App Platform => C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
Task: {EA6BD4DD-D792-4D57-B45B-3C9A4DC51272} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED4322CC-2A33-4830-8ED0-F124C9D4032A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EF6EB806-FDF0-4775-8ECE-EDDA18E2D0BF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E2293F50-199C-4D57-874D-A6E327F061F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B15A1FD0-E110-4709-9D75-94CDB6D50D43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81EEF8F7-91AC-4F44-81F5-525A384F8E68} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6E5A71C4-1B61-4262-ABD8-4C489ADB8155} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {48893A73-8F0A-4B82-AED8-188987E8A6D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4BD30E15-2AD6-464B-AAD1-8518D1452CDD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1D2C5C41-34BE-4B4B-8B5D-D23F07CA0FB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {20CFE4E6-6FB5-4732-9FF6-0A83DEF88BB4} - \WPD\SqmUpload_S-1-5-21-3555444716-2126158775-438063825-1001 -> No File <==== ATTENTION
Task: {259298AC-53D7-4681-A706-D0FD8FA1C0A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {03CE8565-C7D6-4455-8763-60F7EEC8EE92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0470F25E-F6C0-4A22-B086-26A16B980B95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {09983D34-F242-4DF0-A123-71801CA36CC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
WarThunder (HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\WarThunder) (Version:  - WarThunder) <==== ATTENTION
SalePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
Pokki Start Menu (HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.114 - Pokki)
Host App Service (HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\SweetLabs_AP) (Version: 0.269.8.114 - Pokki)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
ShortcutWithArgument: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=2&click_id=3211cdcce8e6e3b043da21f6815ea2061d8f8409
ShortcutWithArgument: C:\Users\Emmie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=2&click_id=3211cdcce8e6e3b043da21f6815ea2061d8f8409
(Pokki) C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe

HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\RunOnce: [Application Restart #7] => C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7873512 2016-11-16] (Pokki)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
2016-11-16 01:02 - 2016-11-16 01:02 - 00569856 _____ () C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2016-11-16 01:02 - 2016-11-16 01:02 - 01400846 _____ () C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2016-11-16 01:02 - 2016-11-16 01:02 - 00151054 _____ () C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2016-11-16 01:02 - 2016-11-16 01:02 - 00222734 _____ () C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2016-09-23 04:47 - 2016-09-23 04:47 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKLM -> {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://se.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://se.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxps://se.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dse%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyB0A0CzyyD0F0B0AtD0BtN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByCtDtDtB0ByByEtGtCzy0BzytGtA0EtAyDtGtAtCyDzztGyDzzyCyBtDyBzz0FyD0AtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDyD0E0E0D0EzztG0E0A0B0AtGyE0CtByEtG0A0FzyzytGyCtCzztBtCtBtD0F0C0CtByC2QtN0A0LzuyE%26cr%3D1593372019%26a%3Dwbf_dwndlm_16_16%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://se.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
CHR DefaultSearchURL: Default -> hxxps://se.search.yahoo.com/search?fr=mcafee&type=C211SE0D20150306&p={searchTerms}

Jag vet inte om jag ska be henne kolla och försöka avinstallera dessa:

SalePlus
WarThunder
Pokki Start Menu
bestadblocker

 

innan en fixlogg skickas till henne senare.

Jag misstänker att allt som är ovan ska bort, jag är osäker på om jag missat något.

 

jag är osäker på denna processen: det står ju att den tillhör MS ifs men jag är osäker när jag hittade detta

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe

 

 

 

Loggarna:

FRST.txt

Addition.txt

 

 

Tack på förhand!

 

 

[Cecilia]

Hej!

 

Du har ju varit med förr så jag föreslår att du hjälper kompisen att köra AdwCleaner för det kommer nog att ta bort de där olämpliga programmen du har sett i loggen.

[cybertears]

Ja, allt för många gånger, okej så det är inget jag behöver ta bort med FRST sedan tro?

[Cecilia]

Det får man se efteråt för eftersom AdwCleaner uppdateras hela tiden går det inte att hålla reda på allt det kan ta bort.

[cybertears]

# AdwCleaner v6.046 - Logfile created 16/05/2017 at 14:49:36
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-15.1 [server]
# Operating System : Windows 10 Home (X64)
# Username : Emmie - EMMIE
# Running from : C:\Users\Emmie\Desktop\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\ProgramData\1116434060992826878
Folder Found: C:\ProgramData\eikdpboalaoaoofjiikmfoabfpdllghc
Folder Found: C:\ProgramData\{8af05124-098c-1eab-8af0-051240984490}
Folder Found: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found: C:\Program Files\Booking.com
Folder Found: C:\Users\Public\Pokki

***** [ Files ] *****

File Found: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aliexpress .lnk
File Found: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk
File Found: C:\WINDOWS\SysNative\roboot64.exe
File Found: C:\Users\Public\Desktop\Booking.com.lnk
File Found: C:\Users\Emmie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

Shortcut infected: C:\Users\Emmie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk ( --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=2&click_id=3211cdcce8e6e3b043da2

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Classes\pokki
Key Found: HKCU\Software\Classes\pokki
Key Found: [x64] HKCU\Software\Classes\pokki
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Key Found: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\darwendlm
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\PRODUCTSETUP
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\SecuredDownload
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\csastats
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\ICSW1.20
Key Found: HKCU\Software\darwendlm
Key Found: HKCU\Software\PRODUCTSETUP
Key Found: HKCU\Software\SecuredDownload
Key Found: HKCU\Software\csastats
Key Found: HKCU\Software\ICSW1.20
Key Found: [x64] HKCU\Software\darwendlm
Key Found: [x64] HKCU\Software\PRODUCTSETUP
Key Found: [x64] HKCU\Software\SecuredDownload
Key Found: [x64] HKCU\Software\csastats
Key Found: [x64] HKCU\Software\ICSW1.20
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
Key Found: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Emmie\AppData\Local\Google\Chrome\User Data\Default\Web data] - se.yhs4.search.yahoo.com

*************************

C:\AdwCleaner\AdwCleaner[s0].txt - [4670 Bytes] - [16/05/2017 14:49:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4743 Bytes] ##########

[cybertears]

# AdwCleaner v6.046 - Logfile created 16/05/2017 at 14:51:31
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-15.1 [server]
# Operating System : Windows 10 Home (X64)
# Username : Emmie - EMMIE
# Running from : C:\Users\Emmie\Desktop\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\1116434060992826878
[#] Folder deleted on reboot: C:\ProgramData\eikdpboalaoaoofjiikmfoabfpdllghc
[-] Folder deleted: C:\ProgramData\{8af05124-098c-1eab-8af0-051240984490}
[-] Folder deleted: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Program Files\Booking.com
[-] Folder deleted: C:\Users\Public\Pokki

***** [ Files ] *****

[-] File deleted: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aliexpress .lnk
[-] File deleted: C:\Users\Emmie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk
[-] File deleted: C:\WINDOWS\SysNative\roboot64.exe
[-] File deleted: C:\Users\Public\Desktop\Booking.com.lnk
[-] File deleted: C:\Users\Emmie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Emmie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\darwendlm
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\SecuredDownload
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\ICSW1.20
[#] Key deleted on reboot: HKCU\Software\darwendlm
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SecuredDownload
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ICSW1.20
[#] Key deleted on reboot: [x64] HKCU\Software\darwendlm
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SecuredDownload
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.20
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
[-] Key deleted: HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Web browsers ] *****

[-] [C:\Users\Emmie\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: se.yhs4.search.yahoo.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4934 Bytes] - [16/05/2017 14:51:31]
C:\AdwCleaner\AdwCleaner[s0].txt - [4866 Bytes] - [16/05/2017 14:49:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5080 Bytes] ##########

[Cecilia]

Vad bra att så mycket försvann. Hittar du något mer som ska bort i nya FRST-loggar?

[cybertears]

Ja det var en hel del, verktygen blir bättre och bättre

 

Jag hitta lite, bifogar nya men gör ett utdrag av vad jag tror ska bort.

Eftersom att hon inte ska ha Mcafee så körde jag avinstallationsverktyget som dom har på sin sida, men allt verkar ändå inte ha försvunnit helt.

HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\Run: [GoogleChromeAutoLaunch_3EEE5D67C54577612920332B6D3A8FB6] => C:\Users\Emmie\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\RunOnce: [Application Restart #7] => C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKLM -> {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxps://se.search.yahoo.com/search?fr=mcafee&type=C211SE0D20150306&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McBootDelayStartSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
Task: {03CE8565-C7D6-4455-8763-60F7EEC8EE92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0470F25E-F6C0-4A22-B086-26A16B980B95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {09983D34-F242-4DF0-A123-71801CA36CC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1D2C5C41-34BE-4B4B-8B5D-D23F07CA0FB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {20CFE4E6-6FB5-4732-9FF6-0A83DEF88BB4} - \WPD\SqmUpload_S-1-5-21-3555444716-2126158775-438063825-1001 -> No File <==== ATTENTION
Task: {259298AC-53D7-4681-A706-D0FD8FA1C0A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {48893A73-8F0A-4B82-AED8-188987E8A6D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4BD30E15-2AD6-464B-AAD1-8518D1452CDD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6E5A71C4-1B61-4262-ABD8-4C489ADB8155} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {81EEF8F7-91AC-4F44-81F5-525A384F8E68} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B15A1FD0-E110-4709-9D75-94CDB6D50D43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E2293F50-199C-4D57-874D-A6E327F061F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E2D80CD5-752A-4ECB-8CBC-314D15D0AB2E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {EA6BD4DD-D792-4D57-B45B-3C9A4DC51272} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED4322CC-2A33-4830-8ED0-F124C9D4032A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EF6EB806-FDF0-4775-8ECE-EDDA18E2D0BF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
FirewallRules: [{EABCC5D8-0162-448D-84ED-1D5534C2A904}] => (Allow) C:\Users\Emmie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{7961E600-7464-45E6-ACAC-F4F4AE6418F1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D771FE87-2B3C-4D88-B2DF-168FDEC39CC5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

Jag är osäker på denna: (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe

Men den kan man ju kontrollera via virustotal.

 

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]

Är det något konstigt att den är osignerad?

 

FRST.txt

Addition.txt

[Cecilia]

Man kan ju använda Bing om man vill, så de raderna kan ju vara kvar om det inte är så att kompisen vill bli av med dem. Samma sak med Yahoo. Eftersom Google Chrome är installerad skulle jag låta Chromium/Chrome-raderna vara kvar.

 

McAfee-raderna kan du ta bort och sen köra MCPR för en sista koll när inga av deras drivrutiner är installerade längre.

 

De där två osäkra kan du låta vara kvar. Det är rätt osannolikt att Intel-tjänsten skulle vara något annat än det ser ut för eftersom den är från 2013. Det var rätt vanligt med osignerade filer på den tiden.

 

Om kompisen inte brukar besöka USA (Denver?) kan du ta bort:

Tcpip\..\Interfaces\{61132ed1-76d4-434a-ae84-97a88816f38f}: [DhcpNameServer] 30.30.1.1 30.30.1.2
 

[cybertears]

Okej  

I see, problemet som hon gjorde återkoppling på var att hon omdirigeras till konstiga sidor när nya flikar öppnas, är det bara att göra en återställning utav alla inställningar tro? vad rekommenderar du? 

 

Okej

[cybertears]

Rekommenderar du att hon kör en scan med eset online? 

[Cecilia]

Okej  

 

I see, problemet som hon gjorde återkoppling på var att hon omdirigeras till konstiga sidor när nya flikar öppnas, är det bara att göra en återställning utav alla inställningar tro? vad rekommenderar du? 

 

Okej

Fortfarande efter AdwCleaner?

Då kan det vara bra att rensa lite hårdare med Bing och Yahoo, samt om det inte hjälper återställa webbläsarna.

 

 

Rekommenderar du att hon kör en scan med eset online? 

Ja, det är alltid bra att få en extra koll med den.

[cybertears]

Fortfarande efter AdwCleaner?

Då kan det vara bra att rensa lite hårdare med Bing och Yahoo, samt om det inte hjälper återställa webbläsarna.

 

 

Ja, det är alltid bra att få en extra koll med den.

Ja :/ 

 

Då gör jag det  

[cybertears]

chromium öppnas upp automtatiskt så fort datorn startas om.

bla denna sidan öppnar den

http://www.bing.com/search?FORM=INCOH2&PC=&PTAG=ICO-5ce77397&q=viafree&uref=chmm

fixlist loggen:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Emmie (16-05-2017 18:01:11) Run:1
Running from C:\Users\Emmie\Desktop
Loaded Profiles: Emmie (Available Profiles: Emmie)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\...\RunOnce: [Application Restart #7] => C:\Users\Emmie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-5ce77397
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKLM -> {44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3555444716-2126158775-438063825-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5ce77397&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxps://se.search.yahoo.com/search?fr=mcafee&type=C211SE0D20150306&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McBootDelayStartSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Task: {03CE8565-C7D6-4455-8763-60F7EEC8EE92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0470F25E-F6C0-4A22-B086-26A16B980B95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {09983D34-F242-4DF0-A123-71801CA36CC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1D2C5C41-34BE-4B4B-8B5D-D23F07CA0FB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {20CFE4E6-6FB5-4732-9FF6-0A83DEF88BB4} - \WPD\SqmUpload_S-1-5-21-3555444716-2126158775-438063825-1001 -> No File <==== ATTENTION
Task: {259298AC-53D7-4681-A706-D0FD8FA1C0A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {48893A73-8F0A-4B82-AED8-188987E8A6D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4BD30E15-2AD6-464B-AAD1-8518D1452CDD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6E5A71C4-1B61-4262-ABD8-4C489ADB8155} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {81EEF8F7-91AC-4F44-81F5-525A384F8E68} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B15A1FD0-E110-4709-9D75-94CDB6D50D43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E2293F50-199C-4D57-874D-A6E327F061F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E2D80CD5-752A-4ECB-8CBC-314D15D0AB2E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {EA6BD4DD-D792-4D57-B45B-3C9A4DC51272} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED4322CC-2A33-4830-8ED0-F124C9D4032A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EF6EB806-FDF0-4775-8ECE-EDDA18E2D0BF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
FirewallRules: [{EABCC5D8-0162-448D-84ED-1D5534C2A904}] => (Allow) C:\Users\Emmie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{7961E600-7464-45E6-ACAC-F4F4AE6418F1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D771FE87-2B3C-4D88-B2DF-168FDEC39CC5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
EmptyTemp:
*****************
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #7 => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} => key removed successfully
HKCR\CLSID\{44571B8B-DA9D-4DBB-B893-F8EE2C6BF976} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key removed successfully
HKCR\CLSID\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key not found.
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3555444716-2126158775-438063825-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
HKLM\System\CurrentControlSet\Services\HomeNetSvc => key removed successfully
HomeNetSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\McBootDelayStartSvc => key removed successfully
McBootDelayStartSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\mccspsvc => key removed successfully
mccspsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\McProxy => key removed successfully
McProxy => service removed successfully
HKLM\System\CurrentControlSet\Services\mfemms => key removed successfully
mfemms => service removed successfully
HKLM\System\CurrentControlSet\Services\ModuleCoreService => key removed successfully
ModuleCoreService => service removed successfully
HKLM\System\CurrentControlSet\Services\MSK80Service => key removed successfully
MSK80Service => service removed successfully
HKLM\System\CurrentControlSet\Services\HipShieldK => key removed successfully
HipShieldK => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeaack => key removed successfully
mfeaack => service removed successfully
HKLM\System\CurrentControlSet\Services\mfencrk => key removed successfully
mfencrk => service removed successfully
HKLM\System\CurrentControlSet\Services\mfesapsn => key removed successfully
mfesapsn => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03CE8565-C7D6-4455-8763-60F7EEC8EE92} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03CE8565-C7D6-4455-8763-60F7EEC8EE92} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0470F25E-F6C0-4A22-B086-26A16B980B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0470F25E-F6C0-4A22-B086-26A16B980B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09983D34-F242-4DF0-A123-71801CA36CC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09983D34-F242-4DF0-A123-71801CA36CC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D2C5C41-34BE-4B4B-8B5D-D23F07CA0FB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2C5C41-34BE-4B4B-8B5D-D23F07CA0FB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20CFE4E6-6FB5-4732-9FF6-0A83DEF88BB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CFE4E6-6FB5-4732-9FF6-0A83DEF88BB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3555444716-2126158775-438063825-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{259298AC-53D7-4681-A706-D0FD8FA1C0A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{259298AC-53D7-4681-A706-D0FD8FA1C0A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48893A73-8F0A-4B82-AED8-188987E8A6D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48893A73-8F0A-4B82-AED8-188987E8A6D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BD30E15-2AD6-464B-AAD1-8518D1452CDD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD30E15-2AD6-464B-AAD1-8518D1452CDD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E5A71C4-1B61-4262-ABD8-4C489ADB8155} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5A71C4-1B61-4262-ABD8-4C489ADB8155} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81EEF8F7-91AC-4F44-81F5-525A384F8E68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81EEF8F7-91AC-4F44-81F5-525A384F8E68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B15A1FD0-E110-4709-9D75-94CDB6D50D43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15A1FD0-E110-4709-9D75-94CDB6D50D43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2293F50-199C-4D57-874D-A6E327F061F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2293F50-199C-4D57-874D-A6E327F061F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2D80CD5-752A-4ECB-8CBC-314D15D0AB2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2D80CD5-752A-4ECB-8CBC-314D15D0AB2E} => key removed successfully
C:\WINDOWS\System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Auto Maintenance Task Agent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA6BD4DD-D792-4D57-B45B-3C9A4DC51272} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA6BD4DD-D792-4D57-B45B-3C9A4DC51272} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED4322CC-2A33-4830-8ED0-F124C9D4032A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED4322CC-2A33-4830-8ED0-F124C9D4032A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF6EB806-FDF0-4775-8ECE-EDDA18E2D0BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF6EB806-FDF0-4775-8ECE-EDDA18E2D0BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EABCC5D8-0162-448D-84ED-1D5534C2A904} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7961E600-7464-45E6-ACAC-F4F4AE6418F1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D771FE87-2B3C-4D88-B2DF-168FDEC39CC5} => value removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 110178797 B
Java, Flash, Steam htmlcache => 14229483 B
Windows/system/drivers => 27395549 B
Edge => 40194094 B
Chrome => 508510884 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 294139 B
systemprofile32 => 0 B
LocalService => 864754 B
NetworkService => 24226 B
Emmie => 717396842 B
RecycleBin => 2348851427 B
EmptyTemp: => 3.5 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 18:01:56 ====

[Cecilia]

Hur mår datorn efter det?

[cybertears]

Vet inte än, men bett henne köra Eset online scanner så inväntar resultat därifrån.

 

Hon kan inte se att chromium skulle ligga som ett program som går att avinstallera, men den finns ju där eftersom att den öppnas upp automatiskt så fort datorn startas.

 

Tips på hur man kan lösa de problemet?  

[Cecilia]

Chrome är baserad på Chromium: https://sv.wikipedia.org/wiki/Chromium

så jag är inte säker på att det ska bort. Jag har inte Chrome så jag vet inte om det är normalt att det finns Chromium-mappar efter en installation av Chrome.

[cybertears]

Chrome är baserad på Chromium: https://sv.wikipedia.org/wiki/Chromium

så jag är inte säker på att det ska bort. Jag har inte Chrome så jag vet inte om det är normalt att det finns Chromium-mappar efter en installation av Chrome.

emsisoft tog hand om Chromium, och JRT tog oxå bort lite skit, kollade med en ny FRST logg och kan inte se något mer som skulle vara skadligt.

 

Tack för din insats Cecilia  

[cybertears]

Eset hittade bara installationsfilen för utorrent och jag valde att ta bort den filen bara. 

[Cecilia]

Inte mycket att tacka för eftersom du gjort i stort sett allt själv.

Bra jobbat!

[cybertears]

Du har lärt mig mycket Cecilia

Övning ger ju färdighet, du har varit till mycket stor hjälp  

[Cecilia]

Tack!