Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Omstartad dator har "tappat" allt gammalt...

Euro

Startad av Euro,
i Virus, skadliga program & botemedel

Rekommendera Poster

Euro

Euro

Postad
Postad

Hej,

Har en gammal dator, bärbar Windows XP, som jag arbetar med varje dag utan några större bekymmer. Den är lite seg men det har jag skyllt åldern på.

Nyss kom det upp ett fönster nere i högra hörnet, typ en varning från antivirusprogrammet (Norman?) att det var nån fil i karantän och den skulle tas bort vid nästa omstart. Jag brydde mig inte om det först men efter ett tag så tänkte jag att jag kanske skulle starta om ändå för det var ju ett tag sen sist. 

Efter omstart så är skrivbordet helt rent, typ som första gången man startar en ny dator. HP's egen bakgrund och bara några standardikoner på skrivbordet. När jag kollar hårddisken så är den lika full som tidigare så jag antar att alla filer finns kvar men någonting har ju hänt.

Nu när jag tänker efter lite så funderar jag på om jag inte klickade på det där "antivirusfönstret" för omstart istället för att som vanligt gå via Windowsmenyn. Kan det ha varit nån luring och att jag nu har installerat något skadligt?

Och vad gör jag nu? Ska jag börja göra enligt Cecilias instruktioner eller är det något annat jag ska prova först? Det första som kom upp var att återställa till senaste återställningspunkten i systemåterställningen men det är kanske inte så man gör.

Alla tips och råd mottages...

Länk till kommentar
Dela på andra webbplatser
Euro

Euro

Postad
  • Trådskapare
Postad

Nu har jag kört FRST:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2017
Ran by Cricke (administrator) on CRICKE-HP (02-06-2017 11:47:40)
Running from C:\Users\TEMP\Desktop
Loaded Profiles: Cricke (Available Profiles: Cricke & William & Pappa & Gäst A) <==== ATTENTION (Temporary Profile?)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: Svenska (Sverige)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nfservice.exe
(Norman Safeground AS) C:\Program Files\Norman\Nse\Bin\nseupdatesvc.exe
(Norman Safeground AS) C:\Program Files\Norman\nvc\bin\nvcsvc.exe
(Norman AS) C:\Program Files\Norman\Npm\Bin\nvoy.exe
(Norman Safeground AS) C:\Program Files\Norman\Ngs\Bin\nnf.exe
(Norman Safeground AS) C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
(Norman Safeground AS) C:\Program Files\Norman\Ngs\Bin\nprosec.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nwscmon2.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zanda.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\AEstSrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
() C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
() C:\ProgramData\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Norman\Npm\Bin\njeeves2.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\scheduler.exe
() C:\Program Files\Norman\Npc\Bin\nuaa.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alcor Micro, Corp.) C:\Program Files\Multimedia Card Reader\readericon10.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlh.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
() C:\Program Files\Topro\tppoll.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Norman AS) C:\Program Files\Norman\Npf\Bin\npfuser.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [253952 2008-05-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [uCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-25] (CyberLink Corp.)
HKLM\...\Run: [readericon10] => C:\Program Files\Multimedia Card Reader\readericon10.exe [131072 2007-11-22] (Alcor Micro, Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Norman ZANDA] => C:\Program Files\Norman\Npm\Bin\ZLH.EXE [88536 2014-08-21] (Norman Safeground AS)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-11] (IDT, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKLM\...\Run: [TPPOLL] => C:\Program Files\TOPRO\TPPOLL.EXE [36864 2007-07-31] ()
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [brMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (Avast Antivirus/Software) <==== ATTENTION
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2009-02-03]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-10-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-02-17]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-01-30]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-02-02]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk [2010-03-09]
ShortcutTarget: Personal.lnk -> C:\Program Files\Personal\bin\Personal.exe (No File)
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{245E89A1-B4E1-4697-BF78-3C9FEEC15A9B}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{27064E32-5C7B-4AD0-B24B-78BCFFC43FD7}: [DhcpNameServer] 130.244.127.161 130.244.127.169
Tcpip\..\Interfaces\{2CDF8592-3B1A-4640-85D0-1EBEDAF22FDD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{31CC5287-1B95-45DD-AE41-1C5F2B6F9002}: [DhcpNameServer] 130.244.127.161 130.244.127.169
Tcpip\..\Interfaces\{32AA6E2D-CA02-44CD-ACB3-1EDE3DD04B37}: [DhcpNameServer] 195.67.199.27 195.67.199.28
Tcpip\..\Interfaces\{44412726-591D-48B3-8955-FD5B4E029290}: [DhcpNameServer] 130.244.127.161 130.244.127.169
Tcpip\..\Interfaces\{557B8083-2C52-4B0B-A8C9-A0FFE1167510}: [DhcpNameServer] 130.244.127.161 130.244.127.169
Tcpip\..\Interfaces\{5BBB6559-E46E-4C69-82D7-C6514FB46CB4}: [DhcpNameServer] 130.244.127.161 130.244.127.169
Tcpip\..\Interfaces\{C7A677EC-EE98-4553-8721-19B144432E3B}: [DhcpNameServer] 130.244.127.161 130.244.127.169
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2223298635-2595870890-1169053488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-2223298635-2595870890-1169053488-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> {2C7F3627-FDE2-41EB-8C79-8A40A613F487} URL = hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
SearchScopes: HKLM -> {685D10E5-B21D-44BB-AE0F-F7BC9A1A2FD0} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcnnbie7-sv-se
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01] (DigitalPersona, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://62.181.87.189/activex/AxisCamControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-29] [not signed]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-03-09] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKU\S-1-5-21-2223298635-2595870890-1169053488-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files\BankID\npBispBrowser.dll [2014-05-12] (Finansiell ID-Teknik BID AB)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @dymo.com/DymoLabelFramework -> C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2013-12-03] (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default [2017-06-02]
CHR Extension: (Google Presentationer) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-02]
CHR Extension: (Google Dokument) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-02]
CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02]
CHR Extension: (Google Kalkylark) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-02]
CHR Extension: (Google Dokument Offline) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-02]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-02]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\aestsrv.exe [77824 2008-06-27] (Andrea Electronics Corporation) [File not signed]
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-12-01] (DigitalPersona, Inc.) [File not signed]
R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 gupdate1c9d98d99b56d70; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [17408 2007-11-21] () [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nfservice; C:\Program Files\Norman\npm\bin\nfservice.exe [196072 2015-02-17] (Norman Safeground AS)
R3 NJeeves2; C:\Program Files\Norman\Npm\Bin\Njeeves2.exe [179080 2014-11-27] ()
R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [312576 2016-06-01] (Norman Safeground AS)
R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [461888 2016-05-18] (Norman Safeground AS)
R2 NPFSvc32; C:\Program Files\Norman\npf\bin\npfsvc32.exe [408344 2014-08-05] (Norman Safeground AS)
R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [140032 2014-10-15] (Norman Safeground AS)
R2 nseupdatesvc; C:\Program Files\Norman\nse\bin\nseupdatesvc.exe [258720 2016-05-27] (Norman Safeground AS)
R3 NUAA; C:\Program Files\Norman\npc\bin\nuaa.exe [127152 2014-03-25] ()
R2 nvcsvc; C:\Program Files\Norman\nvc\bin\nvcsvc.exe [379936 2015-06-22] (Norman Safeground AS)
R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [222864 2013-06-27] (Norman AS)
R2 NWSCMON2; C:\Program Files\Norman\Npm\Bin\nwscmon2.exe [232008 2015-09-15] (Norman Safeground AS)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QPCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [292216 2008-07-24] ()
R2 QPSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116080 2008-07-24] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-08-07] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [241734 2008-04-29] () [File not signed]
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [177008 2014-06-30] (Norman Safeground AS)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\STacSV.exe [225362 2008-08-11] (IDT, Inc.) [File not signed]
S2 Tele2 Mobile Partner. RunOuc; C:\Program Files\Tele2 Mobile Partner\UpdateDog\ouc.exe [218624 2011-09-05] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ALE_NF; C:\Windows\system32\drivers\ale_nf.sys [129688 2016-06-01] (Norman Safeground AS)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 DCamUSBIntel; C:\Windows\System32\Drivers\TP6800.sys [210924 2007-08-31] (Microsoft Corporation)
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [66560 2009-05-13] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [107520 2009-05-13] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2009-05-13] (Option N.V.)
R3 gzflt; C:\Program Files\Norman\nvc\bin\gzflt.sys [169992 2015-02-17] (BitDefender LLC)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-19] (Hewlett-Packard Development Company, L.P.) [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. ) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R2 Ndiskio; C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [22880 2010-12-09] (Norman ASA)
R1 NGS; c:\program files\norman\ngs\bin\ngs.sys [37656 2016-06-01] (Norman Safeground AS)
R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec.sys [117144 2016-06-01] (Norman Safeground AS)
R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec.sys [76952 2016-06-01] (Norman Safeground AS)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-06] () [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [385536 2008-08-11] (IDT, Inc.) [File not signed]
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2009-10-22] (Todos Data System AB)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-02-17] (BitDefender S.R.L.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-07-24] (Cyberlink Corp.)
U3 a5bnstkz; C:\Windows\system32\Drivers\a5bnstkz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 11:47 - 2017-06-02 11:49 - 00031110 _____ C:\Users\TEMP\Desktop\FRST.txt
2017-06-02 11:44 - 2017-06-02 11:45 - 01773568 _____ (Farbar) C:\Users\TEMP\Desktop\FRST.exe
2017-06-02 10:56 - 2017-06-02 10:56 - 00000000 ____D C:\Users\TEMP\Documents\DYMO Label
2017-06-02 10:56 - 2017-06-02 10:56 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macrovision
2017-06-02 10:55 - 2017-06-02 10:56 - 00000000 ____D C:\Users\TEMP\AppData\Local\DYMO
2017-06-02 10:55 - 2017-06-02 10:55 - 00118896 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\Documents\Bluetooth Exchange Folder
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\Bluetooth Software
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Logitech
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\DigitalPersona
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\AppData\Local\DigitalPersona
2017-06-02 10:55 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\AppData\Local\ArcSoft
2017-06-02 10:54 - 2017-06-02 10:59 - 00001927 _____ C:\Users\TEMP\Desktop\Google Chrome.lnk
2017-06-02 10:54 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\ArcSoft
2017-06-02 10:54 - 2017-06-02 10:54 - 00000909 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-02 10:54 - 2017-06-02 10:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2017-06-02 10:53 - 2017-06-02 10:53 - 00000904 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-02 10:52 - 2017-06-02 10:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2017-06-02 10:52 - 2017-06-02 10:52 - 00000875 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2017-06-02 10:52 - 2017-06-02 10:52 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Start-meny
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Skrivare
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Nätverket
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Mina dokument
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Mallar
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Documents\Mina videoklipp
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Documents\Mina bilder
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\Documents\Min musik
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2017-06-02 10:52 - 2017-06-02 10:52 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Tidigare
2017-06-02 10:51 - 2017-06-02 10:55 - 00000000 ____D C:\Users\TEMP
2017-06-02 10:51 - 2015-02-19 10:53 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Garmin
2017-06-02 10:51 - 2011-09-12 23:08 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2017-06-02 10:51 - 2009-11-05 18:51 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2017-06-02 10:51 - 2008-10-20 06:24 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2017-06-02 10:51 - 2008-10-20 06:23 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2017-06-02 10:51 - 2006-11-02 14:37 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2017-05-30 18:51 - 2017-05-30 18:55 - 00000000 ____D C:\Users\Cricke\Desktop\Cykelbilder M
2017-05-25 19:41 - 2017-05-25 19:52 - 00000000 ____D C:\Users\Cricke\Desktop\Gokarthall
2017-05-23 11:15 - 2017-05-23 11:15 - 00041984 _____ C:\Users\Cricke\Downloads\underlag_momsredovisning_2016-01-01_2016-12-31_20170523_111534.xls
2017-05-23 11:13 - 2017-05-23 11:13 - 00037888 _____ C:\Users\Cricke\Downloads\underlag_momsredovisning_2015-01-01_2015-12-31_20170523_111319.xls
2017-05-17 12:30 - 2017-05-17 12:30 - 00050488 _____ C:\Users\Cricke\Downloads\Fördjupad information om överföring (1).pdf
2017-05-17 11:00 - 2017-05-17 11:00 - 00000000 ____T C:\Windows\system32\IP_192.168.1.3-44
2017-05-17 10:26 - 2017-05-17 10:26 - 00000000 ____T C:\Windows\system32\IP_192.168.1.3-42
2017-05-16 23:27 - 2017-05-16 23:27 - 00142214 _____ C:\Users\Cricke\Downloads\Bifogade-filer-Fwd-Stenlund-SPC (3).zip
2017-05-16 23:26 - 2017-05-16 23:26 - 00142214 _____ C:\Users\Cricke\Downloads\Bifogade-filer-Fwd-Stenlund-SPC (2).zip
2017-05-16 23:24 - 2017-05-17 11:08 - 00000000 ____D C:\Users\Cricke\Desktop\NHL
2017-05-16 23:21 - 2017-05-16 23:21 - 00544925 _____ C:\Users\Cricke\Downloads\meny va_r-sommar 2017.odt
2017-05-16 23:21 - 2017-05-16 23:21 - 00066966 _____ C:\Users\Cricke\Downloads\PastedGraphic-2.tiff
2017-05-16 10:40 - 2017-05-16 10:40 - 00142214 _____ C:\Users\Cricke\Downloads\Bifogade-filer-Fwd-Stenlund-SPC (1).zip
2017-05-16 10:39 - 2017-05-16 10:39 - 00142214 _____ C:\Users\Cricke\Downloads\Bifogade-filer-Fwd-Stenlund-SPC.zip
2017-05-15 15:36 - 2017-05-15 15:36 - 00050488 _____ C:\Users\Cricke\Downloads\Fördjupad information om överföring.pdf
2017-05-11 17:16 - 2017-05-11 17:16 - 00011264 _____ C:\Users\Cricke\Downloads\underlag_momsredovisning_2017-02-22_2017-04-05_20170511_171603.xls
2017-05-10 13:30 - 2017-05-10 13:30 - 00017057 _____ C:\Users\Cricke\Downloads\Transaktionsrapport (1).pdf
2017-05-10 10:03 - 2017-05-10 10:03 - 00000934 _____ C:\Users\Cricke\Desktop\Reseräkning.xlsx - genväg.lnk
2017-05-08 16:00 - 2017-05-29 17:55 - 00000000 ____D C:\Users\Cricke\Desktop\Möbler W
2017-05-08 14:25 - 2017-05-08 14:25 - 01546174 _____ C:\Users\Cricke\Documents\Scan0031.pdf
2017-05-08 14:17 - 2017-05-08 14:17 - 01634157 _____ C:\Users\Cricke\Documents\Scan0030.pdf
2017-05-08 14:13 - 2017-05-08 14:13 - 00470557 _____ C:\Users\Cricke\Documents\Scan0029.pdf
2017-05-06 17:45 - 2017-05-06 17:45 - 01312612 _____ C:\Users\Cricke\Downloads\Bifogade-filer-Rydsbåt.zip
2017-05-06 17:44 - 2017-05-31 10:07 - 00000000 ____D C:\Users\Cricke\Desktop\Båt
2017-05-05 13:47 - 2017-05-05 13:47 - 00013704 _____ C:\Users\Cricke\Downloads\Transaktionsrapport.pdf
2017-05-05 09:52 - 2017-05-05 09:58 - 00000000 ____D C:\Users\Cricke\Desktop\Gamla racingbilder
2017-05-03 08:38 - 2017-05-03 08:38 - 00519436 _____ C:\Users\Cricke\Downloads\returnorder-42985890.pdf
2017-05-03 08:26 - 2017-05-03 08:26 - 03870822 _____ C:\Users\Cricke\Downloads\skannat_eskatt.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 11:47 - 2014-10-26 13:24 - 00000000 ____D C:\FRST
2017-06-02 11:00 - 2013-01-05 00:11 - 00356611 _____ C:\Windows\system32\erbl.bin
2017-06-02 10:59 - 2008-09-05 07:57 - 00644450 _____ C:\Windows\system32\perfh01D.dat
2017-06-02 10:59 - 2008-09-05 07:57 - 00139466 _____ C:\Windows\system32\perfc01D.dat
2017-06-02 10:59 - 2008-09-05 07:51 - 00490454 _____ C:\Windows\system32\perfh014.dat
2017-06-02 10:59 - 2008-09-05 07:51 - 00098016 _____ C:\Windows\system32\perfc014.dat
2017-06-02 10:59 - 2008-09-05 07:45 - 00475880 _____ C:\Windows\system32\perfh00B.dat
2017-06-02 10:59 - 2008-09-05 07:45 - 00103766 _____ C:\Windows\system32\perfc00B.dat
2017-06-02 10:59 - 2008-09-05 07:40 - 00503292 _____ C:\Windows\system32\perfh006.dat
2017-06-02 10:59 - 2008-09-05 07:40 - 00099362 _____ C:\Windows\system32\perfc006.dat
2017-06-02 10:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-06-02 10:59 - 2006-11-02 12:33 - 03293876 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-02 10:54 - 2009-02-04 20:24 - 00421858 _____ C:\ProgramData\nvModes.001
2017-06-02 10:53 - 2013-03-12 22:18 - 00000340 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2017-06-02 10:53 - 2012-09-07 22:26 - 00000000 ____D C:\ProgramData\OnlineUpdate
2017-06-02 10:53 - 2009-06-23 21:57 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-02 10:52 - 2009-06-23 21:57 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-02 10:52 - 2009-02-04 20:21 - 00421858 _____ C:\ProgramData\nvModes.dat
2017-06-02 10:52 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-02 10:52 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-02 10:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 10:50 - 2009-07-29 21:52 - 00000000 ____D C:\Program Files\Norman
2017-06-02 10:48 - 2013-01-05 00:11 - 00000099 _____ C:\Windows\system32\scurlcache.bin
2017-06-02 10:48 - 2008-10-20 05:42 - 00009588 _____ C:\Windows\bthservsdp.dat
2017-06-02 10:48 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-30 18:59 - 2009-02-04 00:23 - 00000000 ___RD C:\Users\Cricke\Desktop\Cricke
2017-05-30 17:29 - 2017-02-04 13:28 - 00000326 _____ C:\Windows\Tasks\HPCeeScheduleForCricke.job
2017-05-28 19:27 - 2010-02-16 08:42 - 00000680 _____ C:\Users\Cricke\AppData\Local\d3d9caps.dat
2017-05-24 09:43 - 2009-01-10 17:23 - 00000000 ___RD C:\Users\Cricke\Documents\Bluetooth Exchange Folder
2017-05-16 16:47 - 2012-04-21 17:16 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-16 16:47 - 2011-07-10 00:55 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-16 16:47 - 2008-09-05 08:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-12 16:17 - 2017-01-23 18:42 - 00000000 ____D C:\Users\Cricke\Desktop\Stugby rallyt
 
==================== Files in the root of some directories =======
 
2014-10-21 17:13 - 2014-11-24 18:34 - 0062738 __RSH () C:\Program Files\DLS8Uninstall.log
2011-01-02 01:56 - 2011-01-02 01:56 - 0000268 ___RH () C:\ProgramData\Alerts
2011-01-02 01:59 - 2011-01-02 01:59 - 0000268 ___RH () C:\ProgramData\Ambient
2012-01-15 21:05 - 2012-01-15 21:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-01-02 01:56 - 2011-01-02 01:56 - 0000012 ___RH () C:\ProgramData\Analog Sync
2011-01-02 01:59 - 2011-01-02 01:59 - 0000012 ___RH () C:\ProgramData\Application Support
2008-09-05 09:36 - 2001-01-01 00:05 - 0000261 _____ () C:\ProgramData\hpqp.ini
2009-02-17 21:49 - 2012-09-28 07:37 - 0010159 _____ () C:\ProgramData\hpzinstall.log
2009-02-04 20:24 - 2017-06-02 10:54 - 0421858 _____ () C:\ProgramData\nvModes.001
2009-02-04 20:21 - 2017-06-02 10:52 - 0421858 _____ () C:\ProgramData\nvModes.dat
2011-01-02 01:56 - 2011-01-02 01:56 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-01-02 01:59 - 2011-01-02 01:59 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
 
Some files in TEMP:
====================
2017-03-13 18:18 - 2017-03-13 18:18 - 4147600 _____ ($Co_Name Inc.) C:\Users\Cricke\AppData\Local\Temp\dj_unifysw.exe
2014-08-06 17:48 - 2014-09-30 22:35 - 0377097 _____ () C:\Users\Gäst A\AppData\Local\Temp\Quarantine.exe
2014-08-06 17:48 - 2014-09-30 22:35 - 0377097 _____ () C:\Users\Pappa\AppData\Local\Temp\Quarantine.exe
2017-06-02 11:00 - 2017-06-02 11:00 - 0008192 _____ () C:\Users\TEMP\AppData\Local\Temp\2s9_muew.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-02 11:01
 
==================== End of FRST.txt ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Datorn har Windows Vista men även det är nu så gammalt att det inte längre får några säkerhetsuppdateringar från Microsoft och är därför sårbart.

 

Det har hänt något med din användarprofil och du har blivit inloggad med en tillfällig profil och det är därför som skrivbordet är tomt. Det går inte att veta utan att kolla vad som ligger i Normans karantän men det är möjligt att Norman flyttade dit en fil som behövs för att profilen ska fungera och därför rekommenderar jag att du gör en systemåterställning till en tidigare tidpunkt, t ex 30 maj.

 

Meddelandet i inlägg 3 innebär att Norman tycker att en nedladdad Word-fil är skadlig och den har flyttats till karantän.

Länk till kommentar
Dela på andra webbplatser
Euro

Euro

Postad
  • Trådskapare
Postad

Jag var inne på det där med tillfällig profil men det är ju min profilbild + att jag använde lösenordet. Vid omstart kom detta upp, se bif, så det är väl nåt med det att göra.

Och ja, det är klart att jag visste att det var Vista jag hade...gammalt skit som gammalt skit ;-) 

post-54543-0-97701300-1496403788_thumb.jpg

Länk till kommentar
Dela på andra webbplatser
Euro

Euro

Postad
  • Trådskapare
Postad

Tack Cecilia (som vanligt), nu verkar det fungera efter systemåterställningen.

Det var alltså något så enkelt som att en fil försvann någonstans? Jag menar om det är något annat som ser konstigt ut i loggen och behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det var så lite så :)

 

Jag gjorde inte en jättenoggrann kontroll av loggarna eftersom det inte var uppenbart att det fanns skadliga filer i datorn, men jag såg inget.

 

Du kan ju se om det syns något i Normans karantän eller i någon logg eller liknande i Norman om vad den hittade för något förutom den där nerladdade doc-filen dagen efter.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...