Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Något ligger och lurar, får udda popups i IE, tidigare ransomware.

sabelstrom

Startad av sabelstrom,
i Virus, skadliga program & botemedel

Rekommendera Poster

sabelstrom

sabelstrom

Postad
Postad

Hej

 

Jag har lite udda popups fortfarande efter att jag trott att jag fått bort allt från ransomware anfallet jag hade för någon månad sen.

 

Spybot S&D hittar inget.

Avg antivirus free hittar inget.

SUPERantispyware hittar inget

Malwarebytes Anti-Maleware hittar inget.

 

Men det känns inte rent ändå, får tex popups på svenska i IE som inte går att stänga utan måste avsluta alla IE processer.

 

Kan även se massa under: Processes (Whitelisted) med hjälp av FRST som jag inte använder, finns det någon länk till hur man gör att vissa processer inte startar, tex devolo, nero, apple osv?

 

Har kört Farbar Recovery Scan Tool (FRST) och följer rekomendatrionerna från: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Bone Crunsher (administrator) on BONECRUNSHER (29-05-2018 10:20:04)
Running from C:\Users\Bone Crunsher\Desktop\Hämtade Filer
Loaded Profiles: Bone Crunsher (Available Profiles: Bone Crunsher & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Engelska (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Corsair) C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Users\Bone Crunsher\AppData\Local\Hisuite\userdata\hwtools\hdbtransport.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Bone Crunsher\Desktop\Hämtade Filer\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-05-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\Run: [uTorrent] => C:\Users\Bone Crunsher\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: K - K:\OriginSetup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {34bc7fe5-0cfc-11e5-9a75-3085a9499842} - K:\setup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {6ebd9cdb-8850-11e5-a308-3085a9499842} - E:\setup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {6ebd9ce6-8850-11e5-a308-3085a9499842} - E:\DisneySplash.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {988723ac-b4c9-11e7-8aab-3085a9499842} - F:\setup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {a5e643ff-ae23-11e7-9465-3085a9499842} - F:\setup.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {be6cf0e7-e32b-11e6-84f8-3085a9499842} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\MountPoints2: {be6cf0fe-e32b-11e6-84f8-3085a9499842} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CBFF6B8E-0AA7-481E-9D1A-C932D15EA516}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1421669938-1728691434-4040978051-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D7DC50A3-5771-493B-9C18-3EF338B02D91}&mid=2d966a0e721547d2aa1be1ccefad71b1-2ac3ceb7bfebc85bb172a126d7f157b6f10e4f19&lang=en&ds=AVG&coid=avgtbavg&cmpid=0916av&pr=fr&d=2016-09-14 07:42:30&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1421669938-1728691434-4040978051-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-02] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default [2018-05-29]
FF NewTab: Mozilla\Firefox\Profiles\35roblrf.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\35roblrf.default -> is enabled.
FF HomepageOverride: Mozilla\Firefox\Profiles\35roblrf.default -> Enabled: homepage@mail.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\35roblrf.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\35roblrf.default -> Enabled: search@mail.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\35roblrf.default -> Enabled: homepage@mail.ru
FF Extension: (20-20 3D Viewer - IKEA) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-05-27] [Legacy]
FF Extension: (United States English Spellchecker) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18] [Legacy]
FF Extension: (AdBlock) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-05-24]
FF Extension: (Adblock Plus) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-24]
FF Extension: (DownThemAll!) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Bone Crunsher\AppData\Roaming\Mozilla\Firefox\Profiles\35roblrf.default\features\{619aa69b-3e4d-4948-90f2-9c9e40e5cacf}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1421669938-1728691434-4040978051-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bone Crunsher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default [2018-05-29]
CHR Extension: (Presentationer) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-20]
CHR Extension: (Dokument) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-20]
CHR Extension: (Google Drive) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-20]
CHR Extension: (YouTube) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-20]
CHR Extension: (Adblock Plus) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-25]
CHR Extension: (Kalkylark) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-20]
CHR Extension: (Google Dokument Offline) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-20]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-20]
CHR Extension: (Chrome Media Router) - C:\Users\Bone Crunsher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-10-18] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-09-14] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-09-14] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-09-14] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2014-09-14] (ASUSTeK Computer Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-05-17] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-05-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-03-20] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 CorsairSSDToolBox; C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe [1864808 2014-08-12] (Corsair)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3885592 2017-03-03] (devolo AG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-10-24] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 Origin Client Service; D:\spel\Origin\OriginClientService.exe [2104840 2015-12-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-11-25] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S2 BubbleUPnP Server; "\\NAS-1\Media\Program\BubbleUPnP Server\BubbleUPnPServer.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16877 2002-07-17] (Adaptec)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-05-17] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-05-17] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-05-17] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-05-17] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-05-17] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-05-17] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-05-17] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-05-17] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-05-17] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-10-18] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-10-18] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2017-01-05] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\hw_cdcacm.sys [127360 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2018-05-02] (Malwarebytes)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2016-10-19] (Riverbed Technology, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2017-03-03] (Riverbed Technology, Inc.)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
S3 WinRing0_1_2_0; G:\Program\Overclock\CPU 3770K\RealTemp 370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R3 ALSysIO; \??\C:\Users\BONECR~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S3 GPU-Z; \??\C:\Users\BONECR~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 TRIXX; \??\C:\Users\BONECR~1\AppData\Local\Temp\TRIXX.sys [X] <==== ATTENTION
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-29 10:20 - 2018-05-29 10:20 - 000000000 ____D C:\FRST
2018-05-27 18:33 - 2018-05-27 18:33 - 000094221 _____ C:\Users\Bone Crunsher\Downloads\Faktura_7549455.pdf
2018-05-25 01:06 - 2018-05-25 01:10 - 000000000 ____D C:\Users\Bone Crunsher\Desktop\Ny mapp (3)
2018-05-22 20:46 - 2018-05-22 20:46 - 000000167 _____ C:\Users\Bone Crunsher\Desktop\advancedsettings.xml
2018-05-22 20:43 - 2018-05-22 20:43 - 000000000 _____ C:\Users\Bone Crunsher\Desktop\Nytt textdokument (2).txt
2018-05-20 22:02 - 2018-05-20 22:02 - 000000382 _____ C:\Users\Bone Crunsher\Desktop\Beställning Rockauto.txt
2018-05-20 21:38 - 2018-05-20 21:38 - 000000000 _____ C:\Users\Bone Crunsher\Desktop\Nytt textdokument.txt
2018-05-17 15:31 - 2018-05-17 15:31 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-05-17 15:31 - 2018-05-17 15:31 - 000001928 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-05-17 15:31 - 2018-05-17 15:31 - 000001928 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2018-05-11 20:05 - 2018-05-11 20:35 - 000000000 ____D C:\Users\Bone Crunsher\Desktop\Ny mapp (2)
2018-05-03 19:45 - 2018-05-03 19:45 - 000313232 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-03 10:28 - 2018-05-03 10:28 - 000000929 _____ C:\Users\Bone Crunsher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2018-05-03 10:28 - 2018-05-03 10:28 - 000000000 ____D C:\Program Files\MediaInfo
2018-05-02 20:58 - 2017-06-11 20:53 - 000000000 ____D C:\Users\Bone Crunsher\Desktop\AvisynthRepository
2018-05-02 20:50 - 2018-05-02 20:51 - 000000000 ____D C:\Users\Bone Crunsher\Desktop\eac3to
2018-05-02 11:47 - 2018-05-02 11:47 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-02 11:29 - 2018-05-09 01:52 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-02 11:28 - 2018-05-02 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-02 11:28 - 2018-05-02 11:28 - 000000000 ____D C:\Program Files\iTunes
2018-05-02 11:28 - 2018-05-02 11:28 - 000000000 ____D C:\Program Files\iPod
2018-05-02 11:27 - 2018-05-02 11:27 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-05-02 11:27 - 2018-05-02 11:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-04-30 20:33 - 2018-04-30 20:33 - 000012865 _____ C:\Users\Bone Crunsher\Downloads\Lönespecifikation_2018-03-27 (1).pdf
2018-04-30 20:32 - 2018-04-30 20:32 - 000013249 _____ C:\Users\Bone Crunsher\Downloads\Lönespecifikation_2018-04-27.pdf
2018-04-30 20:31 - 2018-04-30 20:31 - 000012865 _____ C:\Users\Bone Crunsher\Downloads\Lönespecifikation_2018-03-27.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-29 10:20 - 2014-09-14 15:58 - 000000000 ____D C:\Users\Bone Crunsher\Desktop\Hämtade Filer
2018-05-29 10:17 - 2018-03-14 11:49 - 000000000 ____D C:\Users\Bone Crunsher\AppData\LocalLow\uTorrent
2018-05-29 10:17 - 2014-09-14 18:47 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\uTorrent
2018-05-29 03:51 - 2009-07-14 06:45 - 000024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-29 03:51 - 2009-07-14 06:45 - 000024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-27 02:31 - 2014-09-14 14:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-27 01:00 - 2018-03-20 23:04 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Local\ElevatedDiagnostics
2018-05-26 09:29 - 2014-09-14 15:52 - 001345996 _____ C:\Windows\system32\perfh01D.dat
2018-05-26 09:29 - 2014-09-14 15:52 - 000373136 _____ C:\Windows\system32\perfc01D.dat
2018-05-26 09:29 - 2009-07-14 07:13 - 000006228 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-25 03:32 - 2017-05-18 07:14 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-05-24 23:20 - 2017-08-08 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-24 23:20 - 2016-11-20 13:54 - 000000000 ____D C:\Users\Bone Crunsher\AppData\LocalLow\Mozilla
2018-05-24 23:20 - 2014-09-20 13:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-24 12:32 - 2014-11-10 10:36 - 000000000 ____D C:\Users\Bone Crunsher\.thumbnails
2018-05-24 12:31 - 2016-08-31 11:54 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Local\CrashDumps
2018-05-24 11:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-24 11:30 - 2016-08-11 13:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-05-24 11:27 - 2017-12-30 16:44 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-24 11:27 - 2014-09-14 14:27 - 000000000 ____D C:\ProgramData\FanXpert2
2018-05-23 23:33 - 2015-06-03 09:21 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Local\Avg
2018-05-23 23:32 - 2016-03-26 20:34 - 000000000 ____D C:\ProgramData\Avg
2018-05-23 23:32 - 2014-09-14 15:07 - 000000000 ____D C:\Program Files (x86)\AVG
2018-05-21 21:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2018-05-20 17:06 - 2016-09-16 12:58 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\LibreELEC
2018-05-17 21:46 - 2018-03-20 21:34 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 15:31 - 2017-11-27 21:20 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-05-17 15:31 - 2017-05-18 07:14 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-05-17 11:40 - 2014-09-14 15:34 - 000003428 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 11:40 - 2014-09-14 15:34 - 000003300 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 03:06 - 2015-07-13 12:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 03:06 - 2015-07-06 08:41 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-10 03:06 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-10 03:05 - 2014-09-14 15:27 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 03:03 - 2017-10-11 03:10 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 03:03 - 2014-09-19 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-10 03:03 - 2014-09-14 15:27 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-09 01:52 - 2017-11-14 21:54 - 000004362 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-09 01:52 - 2014-09-14 19:11 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-09 01:52 - 2014-09-14 19:11 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-09 01:52 - 2014-09-14 19:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-03 19:45 - 2018-03-20 22:05 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-05-03 19:45 - 2014-09-17 10:16 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-03 19:45 - 2014-09-14 14:52 - 000000000 ____D C:\Program Files\WinRAR
2018-05-03 19:44 - 2018-03-20 22:05 - 001059781 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-05-03 19:43 - 2017-12-30 16:44 - 000002814 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-03 12:02 - 2014-09-14 17:51 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\vlc
2018-05-03 11:29 - 2016-10-03 22:07 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\AMT_Workdir
2018-05-02 11:42 - 2016-06-27 22:00 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-02 11:42 - 2014-09-17 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-02 11:41 - 2016-06-27 21:59 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-02 11:36 - 2018-03-20 22:05 - 000830623 _____ C:\Windows\ZAM.krnl.trace
2018-05-02 11:29 - 2014-09-14 14:52 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-02 11:29 - 2014-09-14 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-02 11:27 - 2014-09-14 16:01 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-02 11:27 - 2014-09-14 16:01 - 000000000 ____D C:\ProgramData\Apple
2018-05-02 11:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-05-02 11:25 - 2014-09-14 18:46 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\MPC-HC
2018-05-02 11:16 - 2014-11-30 11:42 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Roaming\avidemux
2018-05-02 11:16 - 2014-09-17 10:09 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-05-02 11:16 - 2014-09-14 16:31 - 000000000 ____D C:\Users\Bone Crunsher\AppData\Local\Battle.net
2018-05-02 11:16 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\sysprep

==================== Files in the root of some directories =======

2017-11-22 11:11 - 2017-11-22 11:11 - 025894856 _____ (AMD Inc.) C:\Users\AMD\radeon-crimson-relive-17.11.1-minimalsetup-171109_64bit.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Program Files (x86)\EiwdOgEiHjEst.exe
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\yISHhoy.exe
2015-02-21 19:21 - 2015-02-21 19:24 - 000000893 _____ () C:\Users\Bone Crunsher\AppData\Roaming\isomaster.ini
2014-12-11 09:32 - 2017-06-24 09:58 - 000000134 _____ () C:\Users\Bone Crunsher\AppData\Roaming\Mouse Monitor_Counters.ini
2014-11-20 14:30 - 2017-06-29 05:20 - 000000250 _____ () C:\Users\Bone Crunsher\AppData\Roaming\Mouse Monitor_Settings.ini
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Bone Crunsher\AppData\Local\ciEUauOob.exe
2016-07-11 20:13 - 2017-11-25 10:13 - 001065984 _____ () C:\Users\Bone Crunsher\AppData\Local\file__0.localstorage
2015-11-02 06:19 - 2015-11-02 06:19 - 000000000 ___SH () C:\Users\Bone Crunsher\AppData\Local\LumaEmu
2016-01-25 17:25 - 2018-04-17 21:21 - 000000600 _____ () C:\Users\Bone Crunsher\AppData\Local\PUTTY.RND
2014-11-25 12:26 - 2014-11-25 12:26 - 000009079 _____ () C:\Users\Bone Crunsher\AppData\Local\recently-used.xbel
2015-08-24 21:43 - 2018-03-29 10:57 - 000007612 _____ () C:\Users\Bone Crunsher\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Bone Crunsher\AppData\Local\setup.txt
2017-11-19 22:25 - 2017-11-19 22:26 - 000000125 _____ () C:\Users\Bone Crunsher\AppData\Local\uts.ini
2018-03-20 12:30 - 2018-03-20 12:30 - 000000002 _____ () C:\Users\Bone Crunsher\AppData\Local\WMI.ini

Some files in TEMP:
====================
2018-05-02 11:36 - 2018-03-20 22:07 - 011605440 _____ (SurfRight B.V.) C:\Users\Bone Crunsher\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 00:50

==================== End of FRST.txt ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad
Citat

HKU\S-1-5-21-1421669938-1728691434-4040978051-1000\...\Run: [uTorrent] => C:\Users\Bone Crunsher\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-05-18] (BitTorrent Inc.)

Nyare versioner av uTorrent brukar väl vara reklamfinansierade.

Annars kan jag inte se något som skulle generera reklam i popuper, men man kan ju få sådana vid besök på vissa webbplatser där det alltså bestämts av de som är ansvariga för webbplatserna. Adblock hjälper ju inte mot all reklam.

 

Citat

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Ovanstående inställningar är normalt 5, 3 respektive 1. Det är säkerhetsinställningar relaterade till Användarkontroll (UAC) som är sänkta till en nivå som gör det lätt att infektera datorn utan att du märker det. Jag rekommenderar att du återställer till rekommenderade värden.

 

2 timmar sedan, skrev sabelstrom:

Kan även se massa under: Processes (Whitelisted) med hjälp av FRST som jag inte använder, finns det någon länk till hur man gör att vissa processer inte startar, tex devolo, nero, apple osv?

Avinstallera programmen eller hitta inställningar i dem som gör att de inte startas automatiskt.

Om du själv inaktiverar t ex Devolos tjänst så kommer antagligen inte det programmet att fungera efteråt.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...