Just nu i M3-nätverket
Gå till innehåll

Seg och märklig dator


nokia9800

Rekommendera Poster

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01.12.2018 01
Ran by Andreas (administrator) on ANDREAS-PC (03-12-2018 16:08:54)
Running from C:\Users\Andreas\Downloads\IDG Eforum Virus
Loaded Profiles: Andreas (Available Profiles: Andreas)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Engelska (USA)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
() C:\Program Files\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Logitech Inc.) C:\Program Files\Squeezebox\SqueezeTray.exe
(Sling Media Inc.) C:\Program Files\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Sling Media Inc.) C:\Program Files\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:Program FilesAndroidandroid-sdktools;C:Program FilesAndroidandroid-sdkplatform-tools -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:Program FilesAndroidandroid-sdktools;C:Program FilesAndroidandroid-sdkplatform-tools) <==== Repaired successfully
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-11-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\...\MountPoints2: L - L:\AutoRun.exe
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\...\MountPoints2: {f7efceb8-bf0c-11e8-914b-001a922f9a96} - L:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server-systemfältsverktyg.lnk [2018-10-20]
ShortcutTarget: Logitech Media Server-systemfältsverktyg.lnk -> C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2018-01-14]
ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.2.1
Tcpip\..\Interfaces\{38323E5E-36E6-47DB-AF50-04D794792A2C}: [DhcpNameServer] 8.8.8.8 192.168.2.1
Tcpip\..\Interfaces\{9DF6B22D-36CE-44CF-9F66-B7C72A64D0BB}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKU\S-1-5-21-2498203895-1612221955-3877281351-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/sv-se/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2498203895-1612221955-3877281351-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2498203895-1612221955-3877281351-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2498203895-1612221955-3877281351-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}

FireFox:
========
FF DefaultProfile: 55o1kjm1.default
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\55o1kjm1.default [2018-12-03]
FF Homepage: Mozilla\Firefox\Profiles\55o1kjm1.default -> hxxps://www.tradera.com/item/220302/331035101/11-sedlar-1921-2000-bla-kotia-blandad-kvalitet|hxxps://www.tradera.com/item/220302/331020751/sedel-100kr|hxxps://www.tradera.com/item/220302/331622676/500kr|hxxps://www.flashback.org/t2931681p21|hxxps://www.dermosil.se/se/calendar/#/lottery|hxxps://event.synology.com/sv-se/christmas2018/game|hxxps://www.fz.se/julkalender|hxxps://web.hemmetsjournal.se/julkalender
FF NewTab: Mozilla\Firefox\Profiles\55o1kjm1.default -> about:newtab
FF Extension: (Refunder) - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\55o1kjm1.default\Extensions\Refunder@Refunder.se.xpi [2018-11-11]
FF Extension: (Adblock Plus utvecklingsversion) - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\55o1kjm1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-15]
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\55o1kjm1.default\searchplugins\bing-lavasoft-ff59.xml [2018-09-23]
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\55o1kjm1.default\searchplugins\google-avg.xml [2018-11-04]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default [2018-11-25]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2018-10-22]
CHR Extension: (Dokument) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-13]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-22]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-13]
CHR Extension: (Adblock Plus) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-25]
CHR Extension: (Kalkylark) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-13]
CHR Extension: (Google Dokument Offline) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-23]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [324048 2018-11-16] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6848016 2018-11-16] (AVG Technologies CZ, s.r.o.)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-09-10] (Freemake)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 ProtonVPN Service; C:\Program Files\Proton Technologies\ProtonVPN\ProtonVPNService.exe [38664 2018-10-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WsDrvInst; C:\Program Files\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [167728 2018-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [189344 2018-11-16] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [165944 2018-11-16] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [284304 2018-11-16] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [57952 2018-11-16] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [42984 2018-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [40936 2018-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [135440 2018-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [101232 2018-11-16] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [73040 2018-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [784800 2018-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [398232 2018-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [157184 2018-11-16] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [310248 2018-11-16] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [195200 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2012-05-11] (MBB Incorporated)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-30] (Malwarebytes)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [193192 2017-10-30] (Prolific Technology Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [32184 2018-06-01] (The OpenVPN Project)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [134144 2012-05-11] (ZTE Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-03 16:08 - 2018-12-03 16:08 - 000000000 ____D C:\FRST
2018-12-03 16:07 - 2018-12-03 16:08 - 000000000 ____D C:\Users\Andreas\Downloads\IDG Eforum Virus
2018-12-03 14:36 - 2018-12-03 14:36 - 000000000 _____ C:\Users\Andreas\Desktop\Kupong.pdf
2018-11-30 20:13 - 2018-11-30 20:17 - 000000000 ____D C:\Users\Andreas\Downloads\MAG 254
2018-11-30 18:29 - 2018-11-30 18:29 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-30 18:20 - 2018-11-30 18:25 - 000000000 ____D C:\AdwCleaner
2018-11-30 18:19 - 2018-11-30 18:19 - 007321808 _____ (Malwarebytes) C:\Users\Andreas\Downloads\adwcleaner_7.2.5.0.exe
2018-11-19 21:13 - 2018-11-19 21:13 - 002014873 _____ C:\Users\Andreas\Downloads\tv_channels_YL10012.m3u
2018-11-19 09:45 - 2018-11-19 09:46 - 000000067 _____ C:\Users\Andreas\AppData\Roaming\Bobrikloader.ini
2018-11-19 09:43 - 2018-11-19 09:45 - 000002057 _____ C:\Users\Andreas\Desktop\BobrikLoader.lnk
2018-11-19 09:43 - 2018-11-19 09:43 - 000000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BobrikLoader
2018-11-19 09:37 - 2018-11-19 09:37 - 000000000 ____D C:\Program Files\AD-Teknik
2018-11-19 09:33 - 2018-11-19 09:33 - 000000000 ____D C:\Users\Andreas\Downloads\Active Gps
2018-11-16 19:47 - 2018-11-16 19:47 - 000323344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-11-14 09:19 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-11-14 09:19 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 09:19 - 2018-11-11 02:14 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-11-14 09:19 - 2018-11-11 02:13 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-11-14 09:19 - 2018-11-11 02:13 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-14 09:19 - 2018-11-11 02:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-14 09:19 - 2018-11-11 02:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-14 09:19 - 2018-11-11 02:12 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-14 09:19 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-14 09:19 - 2018-11-11 02:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-14 09:19 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-14 09:19 - 2018-11-11 02:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-14 09:19 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-14 09:19 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-14 09:19 - 2018-11-11 01:46 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-14 09:19 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-14 09:19 - 2018-11-11 01:43 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-14 09:19 - 2018-11-11 01:43 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-14 09:19 - 2018-11-11 01:43 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-14 09:19 - 2018-11-11 01:41 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-14 09:19 - 2018-11-11 01:41 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-14 09:19 - 2018-11-11 01:40 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-14 09:19 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-14 09:19 - 2018-11-11 01:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-14 09:19 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 09:19 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 09:19 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 09:19 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 09:19 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 09:19 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-14 09:19 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 09:19 - 2018-10-27 04:00 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 09:19 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-14 09:19 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 09:19 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 09:19 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 09:19 - 2018-10-12 21:13 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 09:19 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 09:19 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 09:19 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-14 09:19 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 09:19 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 09:19 - 2018-10-06 16:47 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 09:19 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 09:19 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 09:19 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 09:19 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 09:19 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 09:19 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 09:19 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 09:19 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-14 09:18 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-14 09:18 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-14 09:18 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-14 09:18 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-14 09:18 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-14 09:18 - 2018-11-11 01:46 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 09:18 - 2018-11-11 01:46 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-14 09:18 - 2018-11-11 01:46 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 09:18 - 2018-11-11 01:40 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-14 09:18 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 09:18 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 09:18 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-14 09:18 - 2018-10-12 21:35 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-14 09:18 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-14 09:18 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-14 09:18 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-14 09:18 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-14 09:18 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-14 09:18 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-14 09:18 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 09:18 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 09:18 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-14 09:18 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-14 09:18 - 2018-10-12 21:17 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-14 09:18 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-14 09:18 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-14 09:18 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-14 09:18 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 09:18 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-14 09:18 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-14 09:18 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-14 09:18 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-14 09:18 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 09:18 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 09:18 - 2018-10-12 20:56 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 09:18 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-14 09:18 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 09:18 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 09:18 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 09:18 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-14 09:18 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-14 09:18 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 09:18 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-13 21:51 - 2018-11-13 21:51 - 005580740 _____ C:\Users\Andreas\Downloads\1539946091-hbonordicexe.zip
2018-11-13 21:51 - 2018-11-13 21:51 - 005579912 _____ C:\Users\Andreas\Downloads\1540196574-hbonordicexe.zip
2018-11-13 21:50 - 2018-11-13 21:50 - 005577878 _____ C:\Users\Andreas\Downloads\1539873330-hbonordicexe.zip
2018-11-13 21:37 - 2018-11-13 21:37 - 005268905 _____ C:\Users\Andreas\Downloads\1539010716-SF-subs-dl.zip
2018-11-13 21:36 - 2018-11-13 21:36 - 005273216 _____ C:\Users\Andreas\Downloads\1538004433-SF-subs-dl.zip
2018-11-13 21:34 - 2018-11-13 21:35 - 026501731 _____ C:\Users\Andreas\Downloads\Svemoplay.zip
2018-11-13 21:32 - 2018-11-13 21:32 - 011041656 _____ C:\Users\Andreas\Downloads\1542098744-blockexe.zip
2018-11-13 21:30 - 2018-11-13 21:30 - 005577975 _____ C:\Users\Andreas\Downloads\1539359858-blockexe.zip
2018-11-13 21:29 - 2018-11-13 21:29 - 005576003 _____ C:\Users\Andreas\Downloads\1539274359-blockexe.zip
2018-11-12 19:47 - 2018-11-12 12:33 - 000458265 _____ C:\Users\Andreas\Documents\siptv9.m3u
2018-11-12 19:47 - 2018-11-12 12:33 - 000458265 _____ C:\Users\Andreas\Documents\siptv8.m3u
2018-11-12 19:47 - 2018-11-12 12:33 - 000458265 _____ C:\Users\Andreas\Documents\siptv10.m3u
2018-11-12 19:47 - 2018-11-12 12:32 - 000458265 _____ C:\Users\Andreas\Documents\siptv7.m3u
2018-11-12 19:47 - 2018-11-12 12:32 - 000458265 _____ C:\Users\Andreas\Documents\siptv6.m3u
2018-11-12 19:47 - 2018-11-12 10:16 - 000458265 _____ C:\Users\Andreas\Documents\siptv5.m3u
2018-11-12 19:47 - 2018-11-12 10:14 - 000458265 _____ C:\Users\Andreas\Documents\siptv4.m3u
2018-11-12 19:47 - 2018-11-12 10:12 - 000458265 _____ C:\Users\Andreas\Documents\siptv3.m3u
2018-11-12 19:47 - 2018-11-12 10:09 - 000458265 _____ C:\Users\Andreas\Documents\siptv2.m3u
2018-11-12 19:47 - 2018-11-12 10:04 - 000458265 _____ C:\Users\Andreas\Documents\siptv1.m3u
2018-11-11 18:21 - 2018-11-11 18:23 - 000000000 ____D C:\Users\Andreas\Downloads\Proton VPN
2018-11-11 18:04 - 2018-11-11 18:05 - 000000000 ____D C:\Users\Andreas\AppData\Local\ProtonVPN
2018-11-11 18:02 - 2018-11-11 18:05 - 000000000 ____D C:\ProgramData\ProtonVPN
2018-11-11 18:01 - 2018-11-11 18:01 - 000001115 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2018-11-11 18:01 - 2018-11-11 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2018-11-11 18:00 - 2018-11-11 18:01 - 000000000 ____D C:\Program Files\Proton Technologies
2018-11-11 17:58 - 2018-11-11 18:00 - 000000000 ____D C:\Users\Andreas\AppData\Roaming\ProtonVPN AG
2018-11-11 17:57 - 2018-11-11 17:57 - 014148088 _____ (ProtonVPN AG) C:\Users\Andreas\Downloads\ProtonVPN_win_v1.6.4.exe
2018-11-10 20:35 - 2018-11-10 20:57 - 000000000 ____D C:\Program Files\Minimal ADB and Fastboot
2018-11-10 20:35 - 2018-11-10 20:35 - 000001069 _____ C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
2018-11-10 20:35 - 2018-11-10 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2018-11-05 19:30 - 2018-11-05 19:30 - 000000000 ____D C:\Program Files\DIFX
2018-11-04 17:12 - 2018-11-17 17:12 - 000000254 __RSH C:\Users\Andreas\ntuser.pol

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-03 16:09 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-03 16:09 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-03 14:12 - 2018-10-03 07:53 - 000663444 _____ C:\Windows\system32\perfh01D.dat
2018-12-03 14:12 - 2018-10-03 07:53 - 000142258 _____ C:\Windows\system32\perfc01D.dat
2018-12-03 14:12 - 2018-01-13 21:23 - 001579154 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 14:12 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-12-01 17:31 - 2018-10-22 21:26 - 000000000 ____D C:\Users\Andreas\Downloads\IPTV World, Films, Webcams, XXX,
2018-11-30 18:53 - 2018-02-14 20:30 - 000000000 ____D C:\Users\Andreas\AppData\LocalLow\Mozilla
2018-11-30 18:28 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-30 18:25 - 2018-09-23 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-11-27 19:57 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-11-20 09:26 - 2018-03-02 20:16 - 000000000 ____D C:\Users\Andreas\AppData\Roaming\vlc
2018-11-19 20:38 - 2018-02-14 20:29 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-19 20:38 - 2018-02-14 20:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-17 17:54 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Registration
2018-11-17 17:12 - 2018-01-13 21:18 - 000000000 ____D C:\Users\Andreas
2018-11-16 19:47 - 2018-10-19 20:33 - 000040936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000784800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000398232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000310248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000167728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000157184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000135440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000101232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000073040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-11-16 19:47 - 2018-01-13 21:41 - 000042984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-11-16 19:46 - 2018-01-13 21:41 - 000284304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-11-16 19:46 - 2018-01-13 21:41 - 000189344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-11-16 19:46 - 2018-01-13 21:41 - 000165944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-11-16 19:46 - 2018-01-13 21:41 - 000057952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys

Hej,

 

Datorn är periodvis seg och märklig.

Varje gång det "krånglar" kollar jag aktivitetshanteraren och firefox.exe tar mycket minne.

Hade varit jättesnällt om någon ville kolla min "FRST"

 

2018-11-15 04:28 - 2018-10-03 09:45 - 000000000 ____D C:\Windows\rescache
2018-11-15 03:37 - 2009-07-14 05:33 - 000269568 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-13 21:44 - 2018-10-24 17:44 - 000000000 ____D C:\Users\Andreas\Downloads\uwtd_20181015
2018-11-13 14:38 - 2018-09-19 18:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-12 10:02 - 2018-09-23 11:01 - 000000000 ____D C:\Users\Andreas\AppData\Roaming\uTorrent Web
2018-11-05 19:52 - 2018-11-01 19:08 - 000000000 ____D C:\Users\Andreas\Downloads\Huawei Y635
2018-11-04 19:56 - 2018-11-02 21:19 - 000000000 _____ C:\Users\Andreas\adb
2018-11-04 18:12 - 2018-02-14 20:29 - 000001097 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-11-04 18:12 - 2018-02-14 20:29 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories =======

2018-11-19 09:45 - 2018-11-19 09:46 - 000000067 _____ () C:\Users\Andreas\AppData\Roaming\Bobrikloader.ini
2018-10-30 18:48 - 2018-10-30 18:48 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\Andreas\AppData\Roaming\cexplorer.exe
2018-10-30 18:47 - 2018-10-30 18:47 - 000140800 _____ () C:\Users\Andreas\AppData\Local\installer.dat

Some files in TEMP:
====================
2018-11-19 09:45 - 2018-11-19 09:45 - 005984072 _____ () C:\Users\Andreas\AppData\Local\Temp\BobrikLoaderSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-11-24 00:28

==================== End of FRST.txt ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser

Jag kan inte se något direkt skadligt i dina loggfiler. Har AVG och/eller MBAM hittat något?

 

En seg dator kan ibland bero på en dålig hårddisk så se till att ha säkerhetskopior på allt viktigt och kan ominstallera Windows på en ny hårddisk utifall att den plötsligt skulle sluta fungera helt. Särskilt med tanke på att du har en del felmeddelanden som kan tyda på att Filhistorik inte fungerar:

Citat

Error: (12/03/2018 02:54:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Skuggkopiorna för volymen ? avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa på grund av en begränsning som angetts av användaren.

 

Hur länge har du haft dessa problem med seghet?

Är det bara när du använder Firefox som det är segt?

Är Firefox-tillägget Refunder pålitligt?

Har segheten något samband med när uTorrent eller ProtonVPN är igång?

 

32 minuter sedan, skrev nokia9800:

Varje gång det "krånglar" kollar jag aktivitetshanteraren och firefox.exe tar mycket minne.

Har du många flikar i Firefox?

Tar den mycket CPU också?

 

Det ser ut som att det bara är 2 GB RAM i datorn och det betraktas nog som lite väl lite numera och då får man vara försiktigt med hur många program man har öppna samtidigt och hur mycket RAM man låter dem använda.

 

Det är nog bra om du går igenom brandväggsinställningarna och tar bort de regler som gäller program som du inte längre använder, det skulle kunna vara möjligt att någon av dem kan användas som en bakdörr till datorn.

Länk till kommentar
Dela på andra webbplatser

9 minuter sedan, skrev Cecilia:

Jag kan inte se något direkt skadligt i dina loggfiler. Har AVG och/eller MBAM hittat något? AVG har hittat 35 threats som finns i quarantine och/ MBAM har hittat 9 som finns i karantän

 

En seg dator kan ibland bero på en dålig hårddisk så se till att ha säkerhetskopior på allt viktigt och kan ominstallera Windows på en ny hårddisk utifall att den plötsligt skulle sluta fungera helt. Särskilt med tanke på att du har en del felmeddelanden som kan tyda på att Filhistorik inte fungerar:

 

Hur länge har du haft dessa problem med seghet? Ca 1 månad

Är det bara när du använder Firefox som det är segt? Ja

Är Firefox-tillägget Refunder pålitligt? Jag vet inte

Har segheten något samband med när uTorrent eller ProtonVPN är igång? Nej

 

Har du många flikar i Firefox? 1 nu och ibland flera men det blir samma

Tar den mycket CPU också? Nej

 

Det ser ut som att det bara är 2 GB RAM i datorn och det betraktas nog som lite väl lite numera och då får man vara försiktigt med hur många program man har öppna samtidigt och hur mycket RAM man låter dem använda.

 

Det är nog bra om du går igenom brandväggsinställningarna och tar bort de regler som gäller program som du inte längre använder, det skulle kunna vara möjligt att någon av dem kan användas som en bakdörr till datorn.

 

Länk till kommentar
Dela på andra webbplatser

Om det går segt med Firefox så kanske det är en "enklare" lösning att byta till en annan webbläsare?

Om inte annat för att testa.

Länk till kommentar
Dela på andra webbplatser

39 minuter sedan, skrev nokia9800:

Är Firefox-tillägget Refunder pålitligt? Jag vet inte

Då tycker jag att du tar bort det eller inaktiverar det i Firefox.

 

40 minuter sedan, skrev nokia9800:

AVG har hittat 35 threats som finns i quarantine och/ MBAM har hittat 9 som finns i karantän

Kan du hitta någon logg/rapport i programmen som visar vad de har hittat?

Kan göra det lättare att se var någonstans det kan finnas mer.

Länk till kommentar
Dela på andra webbplatser

Har inaktiverat refunder

 

Vet inte vart jag hittar logg fil för AVG som jag kan bifoga

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-11-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-30-2018
# Duration: 00:00:30
# OS:       Windows 7 Ultimate
# Scanned:  32232
# Detected: 20


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Windows\System32\C2MP
PUP.Optional.LookupPro          C:\Users\Andreas\AppData\Roaming\LookupPro
PUP.Optional.SmartBar           C:\Windows\Temp\Smartbar
PUP.Optional.WebCompanion       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WhiteClick         C:\Users\Andreas\AppData\Local\WhiteClick

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.DNSUnlocker              HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.NeoBar                   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{586E89A6-A5B5-4B36-9440-4C12FF9C74E4}
PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.WeatherAlerts      HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.MailSearchBandObject
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Installer
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy             suggestqueries.google.com

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Länk till kommentar
Dela på andra webbplatser

2 timmar sedan, skrev nokia9800:

Vet inte vart jag hittar logg fil för AVG som jag kan bifoga

Testa att klicka på Help och därefter på Review your scan results

1428984056_AVGHelp.png.a6de0194a3092b567fc2390fd05dca5f.png

Länk till kommentar
Dela på andra webbplatser

Eftersom AVG hittade så många olika skadliga program i datorn rekommenderar jag en ominstallation av Windows och alla program etc. för det är nog rätt omöjligt att hitta och kunna återställa allt de kan ha ställt till med i datorn. Vet du hur man gör det?

 

Men eftersom det i huvudsak verkar vara Firefox som är drabbad kan du ju försöka med att avinstallera det och ta bort all användardata och inställningar, innan du startar om datorn och installerar Firefox på nytt.

https://support.mozilla.org/sv/kb/uninstall-firefox-from-your-computer

Länk till kommentar
Dela på andra webbplatser

Firefox avinstallerat och användardata och inställningar borttagna.

 

Hittar inte dessa två

  • C:\Program Files\Mozilla Firefox
  • C:\Program Files (x86)\Mozilla Firefox

Så jag kan inte tabort dom

Länk till kommentar
Dela på andra webbplatser

Om du har svenskt Windows heter mapparna i Utforskaren i stället:

  • C:\Program\Mozilla Firefox
  • C:\Program (x86)\Mozilla Firefox

 

 

Länk till kommentar
Dela på andra webbplatser

Jari Karivainio

Hej!

När du fått bort allt oönskat kan du låta Adwcleaner göra en "basic repair". Eller låta den hjälpa till ta bort oönskade program/tillägg.

 

/ Jari

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...