MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Guide: Hur man blir av med "Polisen har blockerat din dator!"
Skrivet av Uttern90:
Då var de två filerna borttagna.
Bör jag göra en sökning med Eset, HitmanPro och Malware för att vara helt 100% de är borta?
TACK för all hjälp CeciliaB!
Ja, det skadar ju aldrig.
Bara trevligt att kunna hjälpa till
Citera flera
Citera
Polisviruset
Hej, jag blev drabbad av detta virus igår för första gången genom att uppgradera mitt "screen capture" program från NCH som jag använt i massor av år.
Antagligen har viruset smitit in i programvaran krypterat så den inte upptäcktes av mitt virusskydd som var SpyBot och Windows egna skydd.
Jag läste igenom denna tråd från start och den gängse metoden verkar vara att starta datorn i "Safe Mode". Problemet med det här nya muterade polisviruset är att det inte går att starta i "Safe Mode" för datorn bara bootar om. Jag provade med Kapersky Rescue disk 10 men glöm det. Den hittar inte detta nya virus även med uppdaterade parametrar. Testade med AdAware och det funkade inte heller. Spybot är helt väck och ser inget av dessa.
Så här löste jag till slut saken:
1. Kopplade ur datorn från Internet
2. Starta om datorn som vanligt och loggade in. Nu har man ca 1.5-2 sek på sig innan "Ransom" skärmen visas. Under det tiden måste du starta notepad och skriva in minst ett tecken.
3. När "Ransom" skärmen visas, gör ctrl-alt-del och välj restart. Om du lyckades starta notepad och har minst ett tecken i filen så kommer datorn fråga "VIll du spara innan avslut".
4. Nu har du köpt dig lite tid. Viruset är stoppat (temporärt) och du kan slå på Internet. Surfa till Pandas Virusskydd och ladda ner/installera "Panda Internet Security 2015".
5. Scanna med Panda och efter nån minut kommer Panda hitta de filer som är infekterade.
6. Jag valde att ta bort dem och starta om datorn.
7. Nu när datorn bootar om får du upp ett felmeddelande att ett hexadecimal file typ: 6d4c2b3a56f..dll eller liknande inte kan startas. Då får man gå in under User Appdata och ta bort denna under autostart.
8. Sen bootade jag om och körde deep scan med Panda och inget spår av skiten.
Det funkar säkert med andra virusskydd oxo. Men Kapersky som sagt hittade den inte.
Kelly
Citera flera
Citera
(1)
Hej, jag skulle också jättegärna vilja ha hjälp,
Här är min logg:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by SYSTEM on MININT-FSD00Q7 on 21-11-2014 14:23:57
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\Wilson\...\Run: [uTorrent] => C:\Users\Wilson\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\Wilson\...\Run: [Spotify] => C:\Users\Wilson\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-22] (Spotify Ltd)
HKU\Wilson\...\Run: [AdobeBridge] => [X]
HKU\Wilson\...\Run: [Spotify Web Helper] => C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)
HKU\Wilson\...\CurrentVersion\Windows: [Run] C:\Users\Wilson\AppData\Roaming\Fontcore\Fontcore.pif <===== ATTENTION
HKU\Wilson\...\Winlogon: [Shell] C:\Users\Wilson\AppData\Roaming\Other.res [182272 2013-08-29] (Symantec Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2013-03-21] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [772224 2012-03-26] (Line 6)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 swmidi; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 14:23 - 2014-11-21 14:23 - 00000000 ____D () C:\FRST
2014-11-19 21:03 - 2014-11-19 20:27 - 36172929 ____N () C:\Users\Wilson\Desktop\CAM00063.mp4
2014-11-19 21:03 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 21:03 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 16:27 - 2014-11-13 16:27 - 00000000 __SHD () C:\Users\Wilson\AppData\Local\EmieBrowserModeList
2014-11-12 17:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 17:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 17:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 17:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 17:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 17:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 17:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 17:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 17:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 17:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 17:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 17:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 17:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 17:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 17:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 17:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 17:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 17:08 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 17:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 17:08 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 17:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 17:08 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 17:08 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 17:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 17:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 17:08 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 17:08 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 17:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 17:08 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 17:08 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 17:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 17:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 17:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 17:07 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 17:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 17:07 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 17:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 17:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-10 23:45 - 2014-11-10 23:45 - 00044457 _____ () C:\Users\Wilson\Desktop\Judas Priest - Green Manalishi (Pro).gp5
2014-11-10 22:26 - 2014-11-10 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 18:26 - 2014-11-09 18:26 - 00113200 _____ () C:\Users\Wilson\Desktop\Led Zeppelin - Stairway To Heaven (Pro)-1.gp5
2014-10-26 12:33 - 2014-10-26 12:33 - 00955991 _____ () C:\Users\Wilson\Desktop\avatar.psd
2014-10-22 15:45 - 2014-11-21 12:26 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Spotify
2014-10-22 15:45 - 2014-11-18 22:23 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Spotify
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 12:26 - 2013-03-21 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-21 12:26 - 2013-03-05 23:49 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 12:26 - 2013-01-23 17:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\uTorrent
2014-11-21 12:26 - 2013-01-23 17:07 - 00000364 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job
2014-11-21 12:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 12:25 - 2009-07-14 05:51 - 00028014 _____ () C:\Windows\setupact.log
2014-11-21 12:20 - 2013-01-19 16:10 - 01814354 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 12:15 - 2011-04-12 15:28 - 00666722 _____ () C:\Windows\System32\perfh01D.dat
2014-11-21 12:15 - 2011-04-12 15:28 - 00143462 _____ () C:\Windows\System32\perfc01D.dat
2014-11-21 12:15 - 2009-07-14 06:13 - 01588446 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-21 11:34 - 2013-01-21 16:18 - 00000000 ___RD () C:\Users\Wilson\Dropbox
2014-11-21 11:34 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 11:34 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 11:29 - 2013-01-21 16:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Dropbox
2014-11-21 11:24 - 2013-03-05 23:49 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 10:52 - 2013-01-21 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 22:27 - 2013-02-15 01:22 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000UA.job
2014-11-17 22:57 - 2014-06-26 18:20 - 00000000 ____D () C:\Users\Wilson\Documents\Cubase Projects
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\w3data.vss
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\msocreg32.dat
2014-11-17 01:27 - 2013-02-15 01:22 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000Core.job
2014-11-16 03:19 - 2013-03-05 23:49 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:19 - 2013-03-05 23:49 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 11:00 - 2010-11-21 04:47 - 00331844 _____ () C:\Windows\PFRO.log
2014-11-15 02:19 - 2014-08-19 13:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-13 16:26 - 2009-07-14 05:45 - 03026736 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-13 16:25 - 2014-06-02 02:56 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-13 00:31 - 2013-01-28 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 00:30 - 2014-06-02 02:06 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-13 00:29 - 2013-03-10 23:10 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-12 17:02 - 2013-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:36 - 2013-01-20 22:58 - 00000000 ____D () C:\Users\Wilson\AppData\Local\CrashDumps
2014-11-09 14:35 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\Wilson\Documents\MelodynePlugin
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-26 12:27 - 2014-06-02 13:15 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Adobe
2014-10-26 12:27 - 2013-01-20 20:04 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Adobe
2014-10-22 15:45 - 2013-03-30 11:45 - 00001814 _____ () C:\Users\Wilson\Desktop\Spotify.lnk
Files to move or delete:
====================
C:\Users\Wilson\Superior Installer.exe
Some content of TEMP:
====================
C:\Users\Wilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0arczx.dll
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Wilson\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Wilson\AppData\Local\Temp\L6GPInst.dll
C:\Users\Wilson\AppData\Local\Temp\mtf4IA5.exe
C:\Users\Wilson\AppData\Local\Temp\nsw7246.exe
C:\Users\Wilson\AppData\Local\Temp\nsw8B44.exe
C:\Users\Wilson\AppData\Local\Temp\PlaySound.dll
C:\Users\Wilson\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Wilson\AppData\Local\Temp\stuprt.exe
C:\Users\Wilson\AppData\Local\Temp\tbedrs.dll
C:\Users\Wilson\AppData\Local\Temp\utt2CEB.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\uttF5FC.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Wilson\AppData\Local\Temp\_is8278.exe
C:\Users\Wilson\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_7387.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8109.12 MB
Available physical RAM: 7293.03 MB
Total Pagefile: 8107.32 MB
Available Pagefile: 7303.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:0.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (WILSONS USB) (Removable) (Total:14.42 GB) (Free:14.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:931.51 GB) (Free:906.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7C621371)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 335.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6192F889)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 14.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-11-16 13:24
==================== End Of Log ============================
Dold text
Senast redigerat
Visa signatur
Citera flera
Citera
Skrivet av Wilsi:
Hej, jag skulle också jättegärna vilja ha hjälp,
Här är min logg:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
...
==================== End Of Log ============================
Hej!
1. Starta Anteckningar.
Kopiera alla rader i rutan:
HKU\Wilson\...\CurrentVersion\Windows: [Run] C:\Users\Wilson\AppData\Roaming\Fontcore\Fontcore.pif <===== ATTENTION
HKU\Wilson\...\Winlogon: [Shell] C:\Users\Wilson\AppData\Roaming\Other.res [182272 2013-08-29] (Symantec Corporation) <==== ATTENTION
C:\Users\Wilson\AppData\Roaming\Fontcore
C:\Users\Wilson\AppData\Roaming\Other.res
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på USB-minnet med namnet fixlist.txt.
På den infekterade datorn starta FRST på samma sätt som sist.
Klicka på knappen "Fix".
Vänta tills programmet är klart.
Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.
2. Om datorn startar normalt, flytta FRST till skrivbordet och låt det skanna därifrån.
Klistra in FRST.txt och Addtion.txt i ditt svar.
OBS! Använd SPOILER-taggen/funktionen runt loggar för att inte irritera andra.
Citera flera
Citera
Wow, datorn startade normalt nu! Tack så sjukt mycket Cecilia!
Jag klistrar in svaret och det senare, måste iväg nu, sorry för att loggen blev så stor, jag letade efter spoiler-knappen innan, men hittade den ej, hittade den du dock. Tror det berodde på min stress över datorn. Använder den nästa gång
Tack.
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by SYSTEM at 2014-11-21 15:19:58 Run:1
Running from f:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\Wilson\...\CurrentVersion\Windows: [Run] C:\Users\Wilson\AppData\Roaming\Fontcore\Fontcore.pif <===== ATTENTION
HKU\Wilson\...\Winlogon: [Shell] C:\Users\Wilson\AppData\Roaming\Other.res [182272 2013-08-29] (Symantec Corporation) <==== ATTENTION
C:\Users\Wilson\AppData\Roaming\Fontcore
C:\Users\Wilson\AppData\Roaming\Other.res
*****************
HKU\Wilson\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Run => value deleted successfully.
HKU\Wilson\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\Wilson\AppData\Roaming\Fontcore => Moved successfully.
C:\Users\Wilson\AppData\Roaming\Other.res => Moved successfully.
==== End of Fixlog ====
Dold text
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Wilson (administrator) on WILSON-DATOR on 22-11-2014 00:15:47
Running from C:\Users\Wilson\Desktop
Loaded Profile: Wilson (Available profiles: Wilson)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Search Protect) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Wilson\AppData\Roaming\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Line 6, Inc.) C:\Program Files (x86)\Line6\GearBox\GearBox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Wilson\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [uTorrent] => C:\Users\Wilson\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [Spotify] => C:\Users\Wilson\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-11-21] (Spotify Ltd)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\MountPoints2: {839d03c3-6249-11e2-ad42-806e6f6e6963} - F:\Run.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=f82722e1-6576-11e2-8b31-50e549...
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE6F7378214F8CD01
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=f82722e1-6576-11e2-8b31-50e549...
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=f82722e1-6576-11e2-8b31-50e549...
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> {784DF7CC-41E9-4DDD-A207-0BAE2B91921C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program\bin\ssv.dll (Oracle Corporation)
BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CT...
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Privitize VPN
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S:
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CT...
FF Keyword.URL: hxxp://searchab.com/?aff=7&uid=f82722e1-6576-11e2-8b31-50e549...
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> G:\Program\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1733162776-2084631968-1138856860-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Wilson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\searchplugins\trovi-search.xml
FF Extension: Media Hint - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\mediahint@jetpack.xpi [2013-02-01]
FF Extension: Save Session - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\savesession@noasobi.net.xpi [2013-02-25]
FF Extension: YouTube High Definition - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-09-22]
FF Extension: Adblock Plus - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-11-10]
FF Extension: 카스퍼스키 URL 분석기 - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2013-03-21]
Chrome:
=======
CHR Profile: C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-01-23]
CHR Extension: (Zoomex) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj [2013-01-23]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Wilson\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2013-03-21] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [772224 2012-03-26] (Line 6)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 swmidi; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 00:15 - 2014-11-22 00:15 - 00017144 _____ () C:\Users\Wilson\Desktop\FRST.txt
2014-11-22 00:15 - 2014-11-21 14:09 - 02117632 _____ (Farbar) C:\Users\Wilson\Desktop\FRST64.exe
2014-11-21 21:46 - 2014-11-21 21:46 - 00001814 _____ () C:\Users\Wilson\Desktop\Spotify.lnk
2014-11-21 21:46 - 2014-11-21 21:46 - 00001800 _____ () C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-21 21:46 - 2014-11-21 21:46 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Spotify
2014-11-21 14:23 - 2014-11-22 00:15 - 00000000 ____D () C:\FRST
2014-11-19 21:03 - 2014-11-19 20:27 - 36172929 ____N () C:\Users\Wilson\Desktop\CAM00063.mp4
2014-11-19 21:03 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 21:03 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 16:27 - 2014-11-13 16:27 - 00000000 __SHD () C:\Users\Wilson\AppData\Local\EmieBrowserModeList
2014-11-12 17:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 17:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 17:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 17:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 17:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 17:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 17:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 17:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 17:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 17:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 17:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 17:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 17:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 17:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 17:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 17:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 17:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 17:08 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 17:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:08 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 17:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 17:08 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 17:08 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 17:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 17:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 17:08 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 17:08 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 17:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 17:08 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 17:08 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 17:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 17:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 17:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 17:07 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 17:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 17:07 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 17:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 17:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-10 23:45 - 2014-11-10 23:45 - 00044457 _____ () C:\Users\Wilson\Desktop\Judas Priest - Green Manalishi (Pro).gp5
2014-11-10 22:26 - 2014-11-10 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 18:26 - 2014-11-09 18:26 - 00113200 _____ () C:\Users\Wilson\Desktop\Led Zeppelin - Stairway To Heaven (Pro)-1.gp5
2014-10-26 12:33 - 2014-10-26 12:33 - 00955991 _____ () C:\Users\Wilson\Desktop\avatar.psd
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 00:14 - 2013-01-23 17:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\uTorrent
2014-11-21 23:52 - 2013-01-21 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 23:24 - 2013-03-05 23:49 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 22:27 - 2013-02-15 01:22 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000UA.job
2014-11-21 21:49 - 2013-01-21 16:18 - 00000000 ___RD () C:\Users\Wilson\Dropbox
2014-11-21 21:49 - 2013-01-21 16:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Dropbox
2014-11-21 21:46 - 2014-10-22 15:45 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Spotify
2014-11-21 21:44 - 2013-01-19 16:10 - 01821458 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 21:40 - 2011-04-12 15:28 - 00666722 _____ () C:\Windows\system32\perfh01D.dat
2014-11-21 21:40 - 2011-04-12 15:28 - 00143462 _____ () C:\Windows\system32\perfc01D.dat
2014-11-21 21:40 - 2009-07-14 06:13 - 01588446 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 21:40 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 21:40 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 21:34 - 2013-03-21 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-21 21:34 - 2013-03-05 23:49 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 21:34 - 2013-01-23 17:07 - 00000364 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job
2014-11-21 21:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 21:33 - 2009-07-14 05:51 - 00028238 _____ () C:\Windows\setupact.log
2014-11-17 22:57 - 2014-06-26 18:20 - 00000000 ____D () C:\Users\Wilson\Documents\Cubase Projects
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\w3data.vss
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\msocreg32.dat
2014-11-17 01:27 - 2013-02-15 01:22 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000Core.job
2014-11-16 03:19 - 2013-03-05 23:49 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:19 - 2013-03-05 23:49 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 03:08 - 2013-01-21 16:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 11:00 - 2010-11-21 04:47 - 00331844 _____ () C:\Windows\PFRO.log
2014-11-15 02:19 - 2014-08-19 13:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-13 16:26 - 2009-07-14 05:45 - 03026736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 16:25 - 2014-06-02 02:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 00:31 - 2013-01-28 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 00:30 - 2014-06-02 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 00:29 - 2013-03-10 23:10 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 17:02 - 2013-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:36 - 2013-01-20 22:58 - 00000000 ____D () C:\Users\Wilson\AppData\Local\CrashDumps
2014-11-09 14:35 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\Wilson\Documents\MelodynePlugin
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 12:27 - 2014-06-02 13:15 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Adobe
2014-10-26 12:27 - 2013-01-20 20:04 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Adobe
Files to move or delete:
====================
C:\Users\Wilson\Superior Installer.exe
Some content of TEMP:
====================
C:\Users\Wilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzzysbq.dll
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Wilson\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Wilson\AppData\Local\Temp\L6GPInst.dll
C:\Users\Wilson\AppData\Local\Temp\mtf4IA5.exe
C:\Users\Wilson\AppData\Local\Temp\nsw7246.exe
C:\Users\Wilson\AppData\Local\Temp\nsw8B44.exe
C:\Users\Wilson\AppData\Local\Temp\PlaySound.dll
C:\Users\Wilson\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Wilson\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Wilson\AppData\Local\Temp\stuprt.exe
C:\Users\Wilson\AppData\Local\Temp\tbedrs.dll
C:\Users\Wilson\AppData\Local\Temp\utt2CEB.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\uttF5FC.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Wilson\AppData\Local\Temp\_is8278.exe
C:\Users\Wilson\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_7387.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 13:24
==================== End Of Log ============================
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Wilson at 2014-11-22 00:16:03
Running from C:\Users\Wilson\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Disabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.09) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.3 - IK Multimedia)
AmpliTube Fender (HKLM-x32\...\{B178BACA-880B-4D20-85F9-522F7F2DECBE}) (Version: 1.1.0 - IK Multimedia)
AmpliTube Metal (HKLM-x32\...\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}) (Version: 1.0.3 - IK Multimedia)
AmpliTube X-GEAR (HKLM-x32\...\{21E77392-C30A-4AA2-8CA7-5728316939D6}) (Version: 1.1.0 - IK Multimedia)
Analog Factory 2.5 (HKLM-x32\...\Analog Factory_is1) (Version: - Arturia)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
ARP2600 V2 2.0 (HKLM-x32\...\ARP2600 V2_is1) (Version: - Arturia)
Avid 002 Rack and 003 Rack Driver (x64) (HKLM\...\{8B78288C-1474-49D3-8DB7-A776F588D85C}) (Version: 9.0.2 - Avid Technology, Inc.)
Band-in-a-Box 2014 (Build 375) (HKLM-x32\...\BB_is1) (Version: - PG Music Inc.)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version: - PG Music Inc.)
BBE Sonic Maximizer Plugin (HKLM-x32\...\BBE Sonic Maximizer Plugin) (Version: 1.0.0.0 - BBE Sound)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Celemony Melodyne Plugin VST RTAS v1.0 (HKLM-x32\...\Celemony Melodyne Plugin_is1) (Version: - )
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version: - Coyote Electronics Inc.)
CS-80V2 2.0 (HKLM-x32\...\CS-80V2_is1) (Version: - Arturia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
db audioware Sidechain Compressor VST v1.1.0 (HKLM-x32\...\db audioware Sidechain Compressor VST v1.1.0) (Version: - )
Dropbox (HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.7.1.8149 - Steinberg Media Technologies GmbH)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.8.1 - )
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0.2 - Toontrack)
EZmix 64 bit (HKLM\...\{BF5872A6-66E4-4854-851D-EF36B6321F2E}) (Version: 1.0.2 - Toontrack)
EZmix 64-bit (HKLM\...\{3D83CC9F-E2E1-47AE-B1AF-F6D3A8825196}) (Version: 2.0.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXDfh (HKLM-x32\...\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Jupiter-8V2 2.0 (HKLM-x32\...\Jupiter-8V2_is1) (Version: - Arturia)
Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Internet Security 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
M-Audio USB MIDI Series Driver 5.0.1 (x64) (HKLM\...\{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}) (Version: 5.0.1 - M-Audio)
Metal EZmix pack (HKLM-x32\...\{B232052F-1339-42DB-85A6-178CAA8E73A7}) (Version: 1.0.0 - Toontrack)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Moog Modular V 2.2 (HKLM-x32\...\Moog Modular V 2_is1) (Version: - Arturia)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
PCM Native Reverb VST Plug-in (HKLM-x32\...\PCM Native Reverb VST Plug-in) (Version: - Lexicon)
PCM Native Reverb VST Plug-in (x32 Version: 1.0.0 - Lexicon) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version: - PG Music Inc.)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
ReValver Mk III (HKLM-x32\...\ReValver Mk III_is1) (Version: - )
Rock EZmix pack (HKLM-x32\...\{038B2DB1-2B9C-45C6-A55F-17B60D80C9D2}) (Version: 1.0.0 - Toontrack)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Sidechain Compressor 1.1.0 (HKLM-x32\...\db-audioware-Sidechain Compressor-1.1.0) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steinberg Cubase 7.5 64bit (HKLM\...\{C75E8AD9-C89F-4505-5E87-CFCCEBE284FA}) (Version: 7.5.20 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg EDM Toolbox MIDI Loops (HKLM-x32\...\{8C9B2EA8-9A30-4347-95E9-10E919C4F32E}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.2 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.2.1 - Toontrack)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.11.2.6 - uTorrentControl_v2) <==== ATTENTION
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01F046E0-0F12-4F0D-B24C-A4A2BDE92EEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17] (Adobe Systems Incorporated)
Task: {1AC5C216-556E-4252-926C-6714322580DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000Core => C:\Users\Wilson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {54CB1A09-9034-442D-AEF1-C537E91C9DDB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000UA => C:\Users\Wilson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {6AE7292A-62C6-473E-B2CC-CCA479F981D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-05] (Google Inc.)
Task: {891D0FAB-2DAF-43F7-B5EE-68361C233086} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-05] (Google Inc.)
Task: {E1A9477F-7FA7-4D45-816A-EF4D0B23A1CB} - System32\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000Core.job => C:\Users\Wilson\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000UA.job => C:\Users\Wilson\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-01-20 19:03 - 2011-06-10 03:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-21 21:46 - 2014-11-21 21:46 - 00613944 _____ () C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 21:34 - 2014-11-21 21:34 - 00043008 _____ () c:\users\wilson\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzzysbq.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Wilson\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-21 21:46 - 2014-11-21 21:46 - 36966968 _____ () C:\Users\Wilson\AppData\Roaming\Spotify\Data\libcef.dll
2014-11-21 21:46 - 2014-11-21 21:46 - 00867896 _____ () C:\Users\Wilson\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-11-21 21:46 - 2014-11-21 21:46 - 00886840 _____ () C:\Users\Wilson\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-11-21 21:46 - 2014-11-21 21:46 - 00108600 _____ () C:\Users\Wilson\AppData\Roaming\Spotify\Data\libegl.dll
2014-11-10 22:26 - 2014-11-10 22:26 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-17 11:30 - 2014-09-17 11:30 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft:Sz7If05f2tW4kIth5KF
AlternateDataStreams: C:\ProgramData\Microsoft:ybB1F83wjbCS9Qw5xzNK8jt0
AlternateDataStreams: C:\Users\Wilson\AppData\Local\Temporary Internet Files:JAf2EkSC2vU9scQppexgqoy2Pb
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Facebook Update => "C:\Users\Wilson\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "G:\Program\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
========================= Accounts: ==========================
Administratör (S-1-5-21-1733162776-2084631968-1138856860-500 - Administrator - Disabled)
Gäst (S-1-5-21-1733162776-2084631968-1138856860-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1733162776-2084631968-1138856860-1002 - Limited - Enabled)
Wilson (S-1-5-21-1733162776-2084631968-1138856860-1000 - Administrator - Enabled) => C:\Users\Wilson
==================== Faulty Device Manager Devices =============
Name: HID Non-User Input Data Filter
Description: HID Non-User Input Data Filter
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
Name: HID Non-User Input Data Filter
Description: HID Non-User Input Data Filter
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/22/2014 00:15:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
Error: (11/22/2014 00:15:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
Error: (11/21/2014 09:35:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 07:27:05 PM) (Source: Google Update) (EventID: 20) (User: Wilson-Dator)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (11/21/2014 04:27:05 PM) (Source: Google Update) (EventID: 20) (User: Wilson-Dator)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (11/21/2014 03:23:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 00:26:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
Error: (11/21/2014 00:26:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
Error: (11/21/2014 00:26:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
Error: (11/21/2014 00:26:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1. Det finns ett fel i manifest- eller principfilen WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2 på rad WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition är WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
System errors:
=============
Error: (11/21/2014 10:26:18 PM) (Source: volsnap) (EventID: 35) (User: )
Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa.
Error: (11/21/2014 09:33:56 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Drivrutinen NuidFltr.sys har blockerats för inläsning
Error: (11/21/2014 09:33:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 21:31:07 den 2014-11-21 skedde oväntat.
Error: (11/21/2014 03:21:12 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Drivrutinen NuidFltr.sys har blockerats för inläsning
Error: (11/21/2014 00:25:57 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Drivrutinen NuidFltr.sys har blockerats för inläsning
Error: (11/21/2014 00:20:07 PM) (Source: volsnap) (EventID: 35) (User: )
Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa.
Error: (11/21/2014 00:19:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (11/21/2014 00:11:18 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Drivrutinen NuidFltr.sys har blockerats för inläsning
Error: (11/21/2014 00:11:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
AFD
CSC
DfsC
discache
kl2
KLIF
KLIM6
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SCDEmu
spldr
tdx
Wanarpv6
WfpLwf
Error: (11/21/2014 00:11:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten Network Location Awareness är beroende av tjänsten Network Store Interface Service. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Microsoft Office Sessions:
=========================
Error: (11/02/2014 08:22:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13633 seconds with 1200 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-01 17:30:36.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8109.12 MB
Available physical RAM: 5210.31 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 13214.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:0.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:931.51 GB) (Free:906.93 GB) NTFS
Drive h: (WILSONS USB) (Removable) (Total:14.42 GB) (Free:14.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7C621371)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 335.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6192F889)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 14.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av Wilsi:
Addition:
Avinstallera:
uTorrentControl_v2 Toolbar pga http://www.systemlookup.com/CLSID/76050-tbuTor_dll_tbuTo0_dll...
Avinstallera eller uppdatera:
Adobe Flash Player 14 ActiveX
Adobe Flash Player 15 Plugin
Java 7 Update 13
Det är gamla programversioner med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida. Polistrojanen kommer normalt in i datorn via säkerhetshål i en gammal Java-version. De flesta behöver inte ha Java installerat överhuvudtaget, men om du måste är det mycket viktigt att alltid ha senaste versionen. Det är därför olämpligt att inaktivera uppdateringsprogrammen för Flash och Java i msconfig som du har gjort.
Kaspersky Anti-Virus 2011 är en mycket gammal programversion. I varje ny version/årsmodell av antivirusprogrammen har det tillkommit nya funktioner för att bättre upptäcka och ta bort de senaste typerna av skadliga program. Det är därför viktigt att varje år uppgradera till den senaste versionen.
Du har annonsprogram i datorn och behöver rensa med AdwCleaner: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Se till att alla program är avstängda när du kör det. Det händer att falsklarm förekommer så granska resultatet innan du klickar på Clean-knappen. Om du vill att jag ska kolla också, så klicka på Report-knappen och klistra in rapporten i ditt svar.
Efter rensningen med AdwCleaner får du köra FRST igen och klistra in den nya FRST.txt så att jag kan se om det är ändå mer som ska bort.
Citera flera
Citera
Skrivet av CeciliaB:
Kaspersky Anti-Virus 2011 är en mycket gammal programversion. I varje ny version/årsmodell av antivirusprogrammen har det tillkommit nya funktioner för att bättre upptäcka och ta bort de senaste typerna av skadliga program. Det är därför viktigt att varje år uppgradera till den senaste versionen.
Efter rensningen med AdwCleaner får du köra FRST igen och klistra in den nya FRST.txt så att jag kan se om det är ändå mer som ska bort.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by Wilson (administrator) on WILSON-DATOR on 23-11-2014 13:34:03
Running from C:\Users\Wilson\Desktop
Loaded Profile: Wilson (Available profiles: Wilson)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Wilson\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Wilson\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [uTorrent] => C:\Users\Wilson\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [Spotify] => C:\Users\Wilson\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-11-21] (Spotify Ltd)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\Run: [Spotify Web Helper] => C:\Users\Wilson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-21] (Spotify Ltd)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\...\MountPoints2: {839d03c3-6249-11e2-ad42-806e6f6e6963} - F:\Run.exe
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE6F7378214F8CD01
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Privitize VPN
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S:
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1733162776-2084631968-1138856860-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Wilson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Media Hint - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\mediahint@jetpack.xpi [2013-02-01]
FF Extension: Save Session - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\savesession@noasobi.net.xpi [2013-02-25]
FF Extension: YouTube High Definition - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-09-22]
FF Extension: Adblock Plus - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\jmidf0p9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-11-10]
FF Extension: 카스퍼스키 URL 분석기 - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2013-03-21]
Chrome:
=======
CHR Profile: C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Zoomex) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj [2013-01-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2013-03-21] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [772224 2012-03-26] (Line 6)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 swmidi; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 13:33 - 2014-11-23 13:33 - 00000000 ____D () C:\Users\Wilson\Desktop\FRST-OlderVersion
2014-11-23 13:29 - 2014-11-23 13:31 - 00000000 ____D () C:\AdwCleaner
2014-11-23 13:28 - 2014-11-23 13:28 - 02140160 _____ () C:\Users\Wilson\Downloads\adwcleaner_4.101.exe
2014-11-23 13:25 - 2014-11-23 13:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 13:25 - 2014-11-23 13:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-23 13:24 - 2014-11-23 13:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-23 13:24 - 2014-11-23 13:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-23 13:24 - 2014-11-23 13:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 13:24 - 2014-11-23 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-22 00:16 - 2014-11-22 00:16 - 00038936 _____ () C:\Users\Wilson\Desktop\Addition.txt
2014-11-22 00:15 - 2014-11-23 13:34 - 00014543 _____ () C:\Users\Wilson\Desktop\FRST.txt
2014-11-22 00:15 - 2014-11-23 13:33 - 02118144 _____ (Farbar) C:\Users\Wilson\Desktop\FRST64.exe
2014-11-21 21:46 - 2014-11-23 13:32 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Spotify
2014-11-21 21:46 - 2014-11-21 21:46 - 00001814 _____ () C:\Users\Wilson\Desktop\Spotify.lnk
2014-11-21 21:46 - 2014-11-21 21:46 - 00001800 _____ () C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-21 14:23 - 2014-11-23 13:34 - 00000000 ____D () C:\FRST
2014-11-19 21:03 - 2014-11-19 20:27 - 36172929 ____N () C:\Users\Wilson\Desktop\CAM00063.mp4
2014-11-19 21:03 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 21:03 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 21:03 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 16:27 - 2014-11-13 16:27 - 00000000 __SHD () C:\Users\Wilson\AppData\Local\EmieBrowserModeList
2014-11-12 17:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 17:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 17:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 17:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 17:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 17:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 17:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 17:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 17:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 17:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 17:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 17:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 17:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 17:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 17:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 17:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 17:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 17:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 17:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 17:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 17:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 17:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 17:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 17:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 17:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 17:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 17:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 17:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 17:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 17:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 17:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 17:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 17:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 17:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 17:08 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 17:08 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 17:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:08 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 17:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 17:08 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 17:08 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 17:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 17:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 17:08 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 17:08 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 17:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 17:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 17:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 17:08 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 17:08 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 17:08 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 17:08 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 17:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 17:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 17:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 17:07 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 17:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 17:07 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 17:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 17:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-10 23:45 - 2014-11-10 23:45 - 00044457 _____ () C:\Users\Wilson\Desktop\Judas Priest - Green Manalishi (Pro).gp5
2014-11-10 22:26 - 2014-11-10 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 18:26 - 2014-11-09 18:26 - 00113200 _____ () C:\Users\Wilson\Desktop\Led Zeppelin - Stairway To Heaven (Pro)-1.gp5
2014-10-26 12:33 - 2014-10-26 12:33 - 00955991 _____ () C:\Users\Wilson\Desktop\avatar.psd
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 13:32 - 2013-03-21 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-23 13:32 - 2013-03-05 23:49 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 13:32 - 2013-01-23 17:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\uTorrent
2014-11-23 13:32 - 2013-01-23 17:07 - 00000364 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job
2014-11-23 13:32 - 2013-01-21 16:18 - 00000000 ___RD () C:\Users\Wilson\Dropbox
2014-11-23 13:32 - 2013-01-21 16:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Dropbox
2014-11-23 13:32 - 2013-01-21 12:16 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 13:32 - 2010-11-21 04:47 - 00332162 _____ () C:\Windows\PFRO.log
2014-11-23 13:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 13:32 - 2009-07-14 05:51 - 00028574 _____ () C:\Windows\setupact.log
2014-11-23 13:31 - 2013-01-19 16:10 - 01864269 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 13:27 - 2013-02-15 01:22 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000UA.job
2014-11-23 13:24 - 2013-03-05 23:49 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 13:24 - 2013-01-20 22:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 13:19 - 2014-06-02 13:15 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Adobe
2014-11-23 13:19 - 2013-01-21 12:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-23 13:19 - 2013-01-21 12:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 13:19 - 2013-01-21 12:16 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-23 12:22 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:22 - 2009-07-14 05:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:19 - 2011-04-12 15:28 - 00666722 _____ () C:\Windows\system32\perfh01D.dat
2014-11-23 12:19 - 2011-04-12 15:28 - 00143462 _____ () C:\Windows\system32\perfc01D.dat
2014-11-23 12:19 - 2009-07-14 06:13 - 01588446 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 01:27 - 2013-02-15 01:22 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733162776-2084631968-1138856860-1000Core.job
2014-11-22 14:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-21 21:46 - 2014-10-22 15:45 - 00000000 ____D () C:\Users\Wilson\AppData\Local\Spotify
2014-11-17 22:57 - 2014-06-26 18:20 - 00000000 ____D () C:\Users\Wilson\Documents\Cubase Projects
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\w3data.vss
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-11-17 16:00 - 2014-08-12 14:48 - 00000080 _____ () C:\Windows\msocreg32.dat
2014-11-16 03:19 - 2013-03-05 23:49 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 03:19 - 2013-03-05 23:49 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 03:08 - 2013-01-21 16:17 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 16:26 - 2009-07-14 05:45 - 03026736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 16:25 - 2014-06-02 02:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 00:31 - 2013-01-28 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 00:30 - 2014-06-02 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 00:29 - 2013-03-10 23:10 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 17:02 - 2013-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:36 - 2013-01-20 22:58 - 00000000 ____D () C:\Users\Wilson\AppData\Local\CrashDumps
2014-11-09 14:35 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\Wilson\Documents\MelodynePlugin
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 12:27 - 2013-01-20 20:04 - 00000000 ____D () C:\Users\Wilson\AppData\Roaming\Adobe
Files to move or delete:
====================
C:\Users\Wilson\Superior Installer.exe
Some content of TEMP:
====================
C:\Users\Wilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcz_4mt.dll
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Wilson\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Wilson\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Wilson\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Wilson\AppData\Local\Temp\L6GPInst.dll
C:\Users\Wilson\AppData\Local\Temp\mtf4IA5.exe
C:\Users\Wilson\AppData\Local\Temp\nsw7246.exe
C:\Users\Wilson\AppData\Local\Temp\nsw8B44.exe
C:\Users\Wilson\AppData\Local\Temp\PlaySound.dll
C:\Users\Wilson\AppData\Local\Temp\Quarantine.exe
C:\Users\Wilson\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Wilson\AppData\Local\Temp\sqlite3.dll
C:\Users\Wilson\AppData\Local\Temp\stuprt.exe
C:\Users\Wilson\AppData\Local\Temp\tbedrs.dll
C:\Users\Wilson\AppData\Local\Temp\tbuTo0.dll
C:\Users\Wilson\AppData\Local\Temp\utt2CEB.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\uttF5FC.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Wilson\AppData\Local\Temp\_is8278.exe
C:\Users\Wilson\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_7387.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 13:24
==================== End Of Log ============================
Dold text
Jag var faktiskt inte medveten om att jag har inaktiverat uppdateringsprogrammen för Flash och Java. Hur aktiverar jag dem igen?
Har du tips på något bra virusskydd som är up to date? Jag vill ha något som inte tar bort filer automatiskt, jag vet att Kaspersky eller Norton ibland automatiskt tog bort filer jag som ville ha..
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
1. Starta msconfig och sätt tillbaks bockarna för Flash och Java.
Senaste Java är version 8 men du verkar ha version 7: https://www.java.com/sv/download/manual.jsp
2. I alla fall i förra versionen av Avast gick det att konfigurera att en fråga alltid skulle visas i stället för att programmet tog bort något automatiskt.
3. Har du själv ställt in att Firefox ska använda en proxy via mediahint.com?
4. Starta Anteckningar.
Kopiera alla rader i rutan:
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Privitize VPN
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S:
CHR Extension: (Zoomex) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj [2013-01-23]
2014-11-23 13:32 - 2013-01-23 17:07 - 00000364 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
5. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.
För bästa kontroll:
Välj alternativet Enable detection of potentially unwanted applications.
Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Klicka på Start
När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet.
Antingen går du igenom resultatet själv och tar bort de filer som behövs eller så kan jag gå igenom resultatet.
Citera flera
Citera
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014
Ran by Wilson at 2014-11-23 19:35:34 Run:2
Running from C:\Users\Wilson\Desktop
Loaded Profile: Wilson (Available profiles: Wilson)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733162776-2084631968-1138856860-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Privitize VPN
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S:
CHR Extension: (Zoomex) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj [2013-01-23]
2014-11-23 13:32 - 2013-01-23 17:07 - 00000364 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-1733162776-2084631968-1138856860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj => Moved successfully.
C:\Windows\Tasks\ZoomExUpdaterTask{339DF397-BC08-4CD8-ADC4-29768565B051}.job => Moved successfully.
==== End of Fixlog ====
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av CeciliaB:
3. Har du själv ställt in att Firefox ska använda en proxy via mediahint.com?
.
Nä.. Det var något jag laddade ner för längesedan för att få tillgång til mer film på Netflix..
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av Wilsi:
Nä.. Det var något jag laddade ner för längesedan för att få tillgång til mer film på Netflix..
Om du vill ta bort proxyn:
Starta Anteckningar.
Kopiera alla rader i rutan:
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.
Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Gör en kontroll med Esets onlineskanner http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.
För noggrannast kontroll:
Välj alternativet Enable detection of potentially unwanted applications.
Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Klicka på Start
När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet.
Antingen går du igenom filen och tar bort de filer den hittar om du tycker att de ska bort (falsklarm förekommer) eller så klistar du in den här så tittar jag på den.
Citera flera
Citera
Skrivet av CeciliaB:
Gör en kontroll med Esets onlineskanner http://www.eset.com/onlinescan/
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.
För noggrannast kontroll:
Välj alternativet Enable detection of potentially unwanted applications.
Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Klicka på Start
När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet.
Antingen går du igenom filen och tar bort de filer den hittar om du tycker att de ska bort (falsklarm förekommer) eller så klistar du in den här så tittar jag på den.
Här är listan på found threats. Jag förstår inte så mycket av dethär, så du får jättegärna kolla igenom den.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj\1\51001057efedd2.32293708.js Win32/Adware.MultiPlug.H application
C:\FRST\Quarantine\C\Users\Wilson\AppData\Roaming\Other.res.xBAD a variant of Win32/Kryptik.CQVT trojan
C:\FRST\Quarantine\C\Users\Wilson\AppData\Roaming\Fontcore\Fontcore.pif Win32/Zlader.F trojan
C:\Users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9HWNLI6\7b4261982415a58a8fad248e5a7eace0[1].swf SWF/Agent.C trojan
C:\Users\Wilson\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Wilson\AppData\Local\Temp\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ef72693-4e397488 Java/Exploit.Agent.RRI trojan
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\4ecc23b7-51008b20 a variant of Java/Obfus.CE trojan
C:\Users\Wilson\Downloads\OS_X_10.8_Mountain_Lion_VMWare_Image_-_With_InstaSign_-_RegMyUDi_secure.exe Win32/TopMedia.B potentially unwanted application
C:\Windows\AppPatch\AppPatch64\VCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av Wilsi:
Här är listan på found threats. Jag förstår inte så mycket av dethär, så du får jättegärna kolla igenom den.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcnhipbjeadfjjkehbdcocmhkfpffnj\1\51001057efedd2.32293708.js Win32/Adware.MultiPlug.H application
C:\FRST\Quarantine\C\Users\Wilson\AppData\Roaming\Other.res.xBAD a variant of Win32/Kryptik.CQVT trojan
C:\FRST\Quarantine\C\Users\Wilson\AppData\Roaming\Fontcore\Fontcore.pif Win32/Zlader.F trojan
C:\Users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9HWNLI6\7b4261982415a58a8fad248e5a7eace0[1].swf SWF/Agent.C trojan
C:\Users\Wilson\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Wilson\AppData\Local\Temp\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ef72693-4e397488 Java/Exploit.Agent.RRI trojan
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\4ecc23b7-51008b20 a variant of Java/Obfus.CE trojan
C:\Users\Wilson\Downloads\OS_X_10.8_Mountain_Lion_VMWare_Image_-_With_InstaSign_-_RegMyUDi_secure.exe Win32/TopMedia.B potentially unwanted application
C:\Windows\AppPatch\AppPatch64\VCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application
Dold text
Det allra mesta där ligger i AdwCleaners och FRST:s karantäner och därmed redan oskadliggjorda.
C:\Users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9HWNLI6\7b4261982415a58a8fad248e5a7eace0[1].swf SWF/Agent.C trojan
Det där är en infekterad flash-fil (eller i alla fall något som påstår sig vara en flash-fil.
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ef72693-4e397488 Java/Exploit.Agent.RRI trojan
Java-fil som utnyttjar säkerhetshål i gammal Java-version.
C:\Users\Wilson\Downloads\OS_X_10.8_Mountain_Lion_VMWare_Image_-_With_InstaSign_-_RegMyUDi_secure.exe Win32/TopMedia.B potentially unwanted application
Innehåller adware, ligger i mappen "Hämtade filer" så du kan ta bort den själv om du vill.
Starta Anteckningar.
Kopiera alla rader i rutan:
File: C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
Folder: C:\Windows\AppPatch\AppPatch64
EmptyTemp:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.
Avsluta alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Datorn kommer att startas om.
Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Citera flera
Citera
Skrivet av CeciliaB:
Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014
Ran by Wilson at 2014-11-26 00:14:59 Run:4
Running from C:\Users\Wilson\Desktop
Loaded Profile: Wilson (Available profiles: Wilson)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
File: C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
Folder: C:\Windows\AppPatch\AppPatch64
EmptyTemp:
*****************
========================= File: C:\Windows\AppPatch\AppPatch64\VCLdr64.dll ========================
MD5: 43D93CF6F9BF25801E11634C2CE6C836
Creation and modification date: 2014-11-10 10:46 - 2014-11-10 10:46
Size: 0233280
Attributes: ----A
Company Name: Search Protect
Internal Name: Unknown
Original Name: Search Protect Search (R)
Product Name: Search Protect
Description: Search Protect
File Version: 2.18.20.209
Product Version: 2.18.20.209
Copyright:
====== End Of File: ======
========================= Folder: C:\Windows\AppPatch\AppPatch64 ========================
2013-05-16 02:40 - 2013-04-13 06:49 - 0308736 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcGenral.dll
2013-05-16 02:40 - 2013-04-13 06:49 - 0350208 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcLayers.dll
2013-05-16 02:40 - 2013-04-13 06:49 - 0111104 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\acspecfc.dll
2013-05-16 02:40 - 2013-04-13 06:49 - 0135168 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcXtrnal.dll
2009-07-14 00:32 - 2009-07-14 02:40 - 0052736 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\apihex64.dll
2013-05-16 02:40 - 2013-04-13 00:31 - 0125346 _____ () C:\Windows\AppPatch\AppPatch64\sysmain.sdb
2014-11-10 10:46 - 2014-11-10 10:46 - 0233280 _____ (Search Protect) C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
====== End of Folder: ======
EmptyTemp: => Removed 1.6 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av Wilsi:
Fixlog:
Starta Anteckningar.
Kopiera alla rader i rutan:
C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Hur fungerar datorn numera?
Några fler frågor innan jag skriver hur AdwCleaner och FRST ska avinstalleras.
Citera flera
Citera
Skrivet av CeciliaB:
Hur fungerar datorn numera?
Några fler frågor innan jag skriver hur AdwCleaner och FRST ska avinstalleras.
Datorn verkar fungera bra. Har inte haft tid att använda den så mycket, men ett problem som uppstod igår var att när jag kommer till inloggningsskärmen när jag startat datorn tar det en liten stund innan mus och tangentbord börjar fungera (trådlöst). Inget stort problem, men ganska störigt. Vet du vad det kan bero på?
Sedan vet jag att den senaste tiden har jag haft problem att installera ny maskinvara via usb. Eller rättare sagt, jag har inte fått det till att fungera alls. Har inte testat sedan innan jag fick din hjälp. Ska testa igen till helgen och se om det har löst sig. Vet inte om det är något du kan hjälpa till med, annars gör jag en annan tråd i forumet.
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014
Ran by Wilson at 2014-11-26 10:53:50 Run:5
Running from C:\Users\Wilson\Desktop
Loaded Profile: Wilson (Available profiles: Wilson)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Windows\AppPatch\AppPatch64\VCLdr64.dll
*****************
C:\Windows\AppPatch\AppPatch64\VCLdr64.dll => Moved successfully.
==== End of Fixlog ====
Dold text
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Skrivet av Wilsi:
Datorn verkar fungera bra. Har inte haft tid att använda den så mycket, men ett problem som uppstod igår var att när jag kommer till inloggningsskärmen när jag startat datorn tar det en liten stund innan mus och tangentbord börjar fungera (trådlöst). Inget stort problem, men ganska störigt. Vet du vad det kan bero på?
Sedan vet jag att den senaste tiden har jag haft problem att installera ny maskinvara via usb. Eller rättare sagt, jag har inte fått det till att fungera alls. Har inte testat sedan innan jag fick din hjälp. Ska testa igen till helgen och se om det har löst sig. Vet inte om det är något du kan hjälpa till med, annars gör jag en annan tråd i forumet.
1. Du kan pröva med att ominstallera drivrutinen om det fortsätter för det kan ju ha hänt något med den under rensningen.
2. Nog bättre att ta det i en ny tråd.
3. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.
4. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.
5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.
Citera flera
Citera
Tack så extremt sjukt mycket för all hjälp! Verkligen! Supersnällt.
Ha det bäst!!
Visa signatur
MacBook Pro 16" M1 Max (2021) | UAD Apollo Twin MKII
www.intagram.com/guenna.music
www.instagram.com/wilsontjernell
Citera flera
Citera
Ni som har problem måste även testa med adwcleaner.
Supersmidigt program som rensar ändringar i register, webläsare etc etc. Hittade massa skit som aldrig hittades med olika antivirusprogram samt antispyware.
Det är nerladdat mer än 50.000.000 ggr.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
"AdwCleaner is a free removal tool for :
Adware (ads softwares)
PUP/LPI (Potentially Undesirable Program)
Toolbars
Hijacker (Hijack of the browser's homepage)
It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".
It's compatible with Windows XP, Vista, 7, 8, 8.1 in 32 & 64 bits."
Citera flera
Citera
Skrivet av Yorgo_:
Ni som har problem måste även testa med adwcleaner.
Supersmidigt program som rensar ändringar i register, webläsare etc etc. Hittade massa skit som aldrig hittades med olika antivirusprogram samt antispyware.
Det är nerladdat mer än 50.000.000 ggr.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
"AdwCleaner is a free removal tool for :
Adware (ads softwares)
PUP/LPI (Potentially Undesirable Program)
Toolbars
Hijacker (Hijack of the browser's homepage)
It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".
It's compatible with Windows XP, Vista, 7, 8, 8.1 in 32 & 64 bits."
Visst är AdwCleaner väldigt bra och det tipsas om det i många trådar, men det hjälper ju inte mot polistrojanen som blockerar så man inte kan göra något alls.
Citera flera
Citera
Hallå, fick någon slags version utav "polisviruset" idag. Eller fick jag? Det som hände var att jag kikade runt på en sida med lättklädda tjejer och så dök skiten upp i en ny flik i chrome och låste webläsaren. Kunde fortfarande använda datorn som normalt och gick in i aktivitetshanteraren och stängde alla chrome-processer, startade om datorn i felsäkert och sökte igenom med malwarebytes antimalware, men den hittade inte ett smack så jag gjorde en systemåterställning från tidigare idag innan incidenten. Polismeddelandet har inte dykt upp igen, allt verkar vara som vanligt. Jag trodde det hela skulle vara betydligt mer besvärligt att bli av med, kan jag vara lugn eller är det möjligt skiten fortfarande finns kvar någonstans och gömmer sig?
Visa signatur
Gigabyte GA-P55A-UD4 ♦ Intel Core i5-750 ♦ Corsair XMS3 DDR3 1600MHz 2x2 Gb ♦ XFX Radeon HD 5850 Black Edition ♦ Samsung Spinpoint F3 1Tb ♦ Corsair TX Series 650W PSU ♦ Windows 7 Home Premium 64bit eng ♦ Asus VW222U 22" ♦ Pioneer DVR-116D
Citera flera
Citera
Skrivet av The Tall Man:
Hallå, fick någon slags version utav "polisviruset" idag. Eller fick jag? Det som hände var att jag kikade runt på en sida med lättklädda tjejer och så dök skiten upp i en ny flik i chrome och låste webläsaren. Kunde fortfarande använda datorn som normalt och gick in i aktivitetshanteraren och stängde alla chrome-processer, startade om datorn i felsäkert och sökte igenom med malwarebytes antimalware, men den hittade inte ett smack så jag gjorde en systemåterställning från tidigare idag innan incidenten. Polismeddelandet har inte dykt upp igen, allt verkar vara som vanligt. Jag trodde det hela skulle vara betydligt mer besvärligt att bli av med, kan jag vara lugn eller är det möjligt skiten fortfarande finns kvar någonstans och gömmer sig?
Du hade väl tur och upptäckte vad som var på gång innan du startade om datorn. Det är först efter minst en omstart som datorn blir låst.
Du bör kolla upp datorn med minst två antivirusprogram, ett som är installerat och en online-scan eller ett som finns på en Rescue-skiva.
Tillägg:
Sen bör du förstås undersöka vad du har för säkerhetshål i datorn eftersom det normalt är via något sådant som polistrojanen tar sig in. Oftast är det en gammal Java-version som utnyttjas.
Secunias Software Inspector kan kolla upp datorn och http://www.bleepingcomputer.com/tutorials/detect-vulnerable-p... beskriver hur man installerar och använder programmet.
Senast redigerat
Citera flera
Citera
Skrivet av CeciliaB:
Om du har Vista eller Windows 7 kan det här vara en bra början:
Ladda ner Farbar Recovery Scan Tool (FRST) och spara på ett USB-minne.
För 64-bitars Windows:http://download.bleepingcomputer.com/farbar/FRST64.exe
För 32-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST.exe
Sedan ska du starta om datorn och utan att starta hela Windows få igång en Kommandotolk. Det finns två alternativ att göra detta. Vilket du ska använda beror på om du har en installationsskiva för Vista/Windows 7.
Alternativ 1 utan Windows-skiva
När datorn startar börjar du trycka på F8-tangenten upprepade gånger till sidan "Advanced Boot Options" visas (kan även vara något på svenska) med en meny.
I menyn använder du piltangenterna för att välja "Repair your computer" (Reparera datorn på svenska kanske).
Välj rätt tangentbord och klicka på "Next"/"Nästa".
Välj vilket operativsystem du vill reparera. Om där finns flera så ska du välja det som är det infekterade Windows. Klicka på "Next"/"Nästa".
Välj ditt användarkonto och klicka på "Next"/"Nästa".
Alternativ 2 med Windows-skiva
Stoppa i installationsskivan.
Starta datorn.
När det kommer upp en fråga om du vill starta datorn från installationsskivan så tryck på någon tangent.
Om frågan inte kommer upp utan datorn startas från hårddisken som vanligt, behöver du ändra en BIOS-inställning för att starta från skivan.
När menyn på installationsskivan kommer upp klicka på "Repair your computer" (Reparera datorn på svenska kanske).
Välj rätt tangentbord och klicka på "Next"/"Nästa".
Välj vilket operativsystem du vill reparera. Om där finns flera så ska du välja det som är det infekterade Windows. Klicka på "Next"/"Nästa".
Välj ditt användarkonto och klicka på "Next"/"Nästa".
För båda alternativen
Nu visas menyn "System Recovery Options" (kanske Systemåterställningsalternativ på svenska).
Den börjar med "Startup Repair" och avslutas med "Command Prompt" (Kommandotolken).
Välj Kommandotolken.
Skriv in:
notepad
Tryck på Enter-tangenten.
Programmet Anteckningar startas.
Välj: Arkiv - Öppna
Välj: Dator
Leta upp ditt USB-minne och skriv upp vilken enhetsbokstav det har, t ex g:.
Stäng Anteckningar.
I Kommandotolken skriver du in:
32-bitars Windows: g:\frst.exe
64-bitars Windows: g:\frst64.exe
men ersätt g med enhetsbokstaven USB-minnet har.
Programmet FRST börjar köra.
Läs villkoren för programmet.
Klicka på Yes för att acceptera.
Klicka på Scan-knappen.
När det är klart kommer det att ha skapats en log FRST.txt på USB-minnet.
Kopiera innehållet i loggen och klistra in i ditt svar.
Jag kommer då att gå igenom loggen som visar vad som hänt i datorn och kan ge vidare rekommendationer om vad som bör göras. Men det är inte alltid som det går att få datorn ren utan det behövs en ominstallation av Windows.
Dold text
Då var det dags igen. Har gått igenom din guide och det här är loggen jag fick. Hoppas du har tid att ta en titt Datorn i fråga går inte att starta i något av de felsäkra lägena (startas om automatiskt direkt när man kommer in i windows).
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by SYSTEM on MININT-BL08I2A on 25-01-2015 19:08:49
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\KB\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk
ShortcutTarget: 07260DF36.lnk -> C:\ProgramData\63FD06270.cpp ()
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-03] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-19] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\07260DF36.zot [356864 2015-01-24] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-03] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-22] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-29] (Todos Data System AB)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 19:08 - 2015-01-25 19:08 - 00000000 ____D () C:\FRST
2015-01-24 13:42 - 2015-01-24 13:42 - 00356864 ____T () C:\ProgramData\07260DF36.zot
2015-01-24 13:38 - 2015-01-24 13:38 - 00208896 _____ () C:\ProgramData\63FD06270.cpp
2015-01-14 04:26 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 04:26 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 04:26 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-14 04:26 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-14 04:26 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-14 04:26 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-14 04:26 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:26 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:26 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:26 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-14 04:26 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-14 04:26 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 04:26 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 09:12 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 09:12 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 09:11 - 2014-08-12 02:34 - 01159182 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 09:10 - 2014-11-08 08:15 - 00189840 _____ () C:\Windows\SysWOW64\debug.log
2015-01-25 09:06 - 2013-08-12 12:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 09:00 - 2011-04-26 08:22 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 09:00 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 13:36 - 2011-04-26 08:22 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 13:28 - 2012-12-03 09:38 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 12:01 - 2014-06-15 06:27 - 00003912 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD231F50-5376-4DD8-A4BA-14BAA10EF0BB}
2015-01-22 12:56 - 2012-12-03 09:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 12:56 - 2012-12-03 09:38 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 12:56 - 2011-11-08 08:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 02:21 - 2012-12-03 09:39 - 00002151 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 02:53 - 2013-08-14 05:32 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-15 02:53 - 2010-12-24 10:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-14 10:06 - 2010-12-24 10:56 - 00000000 ____D () C:\Users\KB\AppData\Roaming\Spotify
2015-01-13 07:12 - 2010-12-24 10:56 - 00000000 ____D () C:\Users\KB\AppData\Local\Spotify
Files to move or delete:
====================
C:\Users\KB\AppData\Roaming\cache.ini
Some content of TEMP:
====================
C:\Users\KB\AppData\Local\Temp\0q8H.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-12-26 04:05:04
Restore point made on: 2015-01-02 04:21:20
Restore point made on: 2015-01-10 02:22:31
Restore point made on: 2015-01-15 02:51:46
Restore point made on: 2015-01-23 17:32:58
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 1977.98 MB
Available physical RAM: 1346.75 MB
Total Pagefile: 1977.98 MB
Available Pagefile: 1340.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:219.79 GB) (Free:113.73 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.85 GB) NTFS
Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FD0A3FD2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2015-01-23 17:29
==================== End Of Log ============================
Dold text
Visa signatur
Stationär: Meshify C Vit TG || ROG B550-F || 5800X+NH-D15 || 4070ti || Vengeance LPX 32GB || KC3000 M.2 || FD Newton R3 600W Ljud: RX-V781, Dynavoice LCR-5, FX-4, Velodyne SPL-1000 Ultra || DacPort Slim || Tennmak IEM
Citera flera
Citera
Skrivet av Tinardirith:
Då var det dags igen. Har gått igenom din guide och det här är loggen jag fick. Hoppas du har tid att ta en titt Datorn i fråga går inte att starta i något av de felsäkra lägena (startas om automatiskt direkt när man kommer in i windows).
FRST.txt
1. Starta Anteckningar.
Kopiera alla rader i rutan:
Startup: C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk
ShortcutTarget: 07260DF36.lnk -> C:\ProgramData\63FD06270.cpp ()
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk
C:\ProgramData\63FD06270.cpp
S2 Winmgmt; C:\ProgramData\07260DF36.zot [356864 2015-01-24] ()
C:\ProgramData\07260DF36.zot
C:\Users\KB\AppData\Roaming\cache.ini
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på USB-minnet med namnet fixlist.txt.
Starta FRST-programmet i den infekterade datorn på samma sätt som sist.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.
2. Pröva om datorn kan startas normalt nu.
I så fall flytta FRST-programmet från USB-minnet till skrivbordet.
Starta FRST.
Klicka på Scan-knappen.
När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.
Klistra in innehållet i dem i ditt svar för fortsatt rensnng.
3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.
Välj alternativet Enable detection of potentially unwanted applications.
Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Klicka på Start
När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.
Citera flera
Citera
Skrivet av CeciliaB:
Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.
Tack! Datorn startar som vanligt.
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-25 20:54:46 Run:1
Running from h:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk
ShortcutTarget: 07260DF36.lnk -> C:\ProgramData\63FD06270.cpp ()
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk
C:\ProgramData\63FD06270.cpp
S2 Winmgmt; C:\ProgramData\07260DF36.zot [356864 2015-01-24] ()
C:\ProgramData\07260DF36.zot
C:\Users\KB\AppData\Roaming\cache.ini
*****************
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk => Moved successfully.
C:\ProgramData\63FD06270.cpp => Moved successfully.
"C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\07260DF36.lnk" => File/Directory not found.
"C:\ProgramData\63FD06270.cpp" => File/Directory not found.
Winmgmt => Service restored successfully.
C:\ProgramData\07260DF36.zot => Moved successfully.
C:\Users\KB\AppData\Roaming\cache.ini => Moved successfully.
==== End of Fixlog 20:54:47 ====
Dold text
File/Directory not found på två rader. Är det ett problem eller är det bra nog?
Edit: En kvart senare är datorn fortfarande normal så ja det fungerade. Scannar nu, tar en evighet på den här gamla segproppen.
Nya frst.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by KB (administrator) on KB-DATOR on 25-01-2015 21:15:42
Running from C:\Users\KB\Desktop
Loaded Profiles: KB (Available profiles: KB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {45c2637f-29b4-4c20-80d9-095d8eeeb2a7} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
SearchScopes: HKLM-x32 -> {FAE51769-12DC-404A-8814-E1C0B3D52F35} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {4672EAA0-A9C7-446E-B7F3-A1BF5D141BA8} URL = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=10286...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {747C55D2-DF96-4904-85C0-61C0C7BE276A} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EEED32FC-E7BA-48FC-AECB-... 17:15:09&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {45C2637F-29B4-4C20-80D9-095D8EEEB2A7} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw...
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 195.67.199.33 195.67.199.34
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1714336835-4238330309-3966115506-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - c:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files (x86)\2YourFace\2YourFace.xpi
Chrome:
=======
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&gct=ds&appid=115&sys...
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (vshare plugin) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-12-03]
CHR Extension: (Skype Click to Call) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - C:\Program Files (x86)\2YourFace\2YourFace.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 04:08 - 2015-01-25 21:16 - 00000000 ____D () C:\FRST
2015-01-25 21:15 - 2015-01-25 21:17 - 00020372 _____ () C:\Users\KB\Desktop\FRST.txt
2015-01-25 21:14 - 2015-01-25 19:07 - 02129920 _____ (Farbar) C:\Users\KB\Desktop\FRST64.exe
2015-01-25 20:57 - 2015-01-25 20:57 - 00000056 _____ () C:\Windows\setupact.log
2015-01-25 20:57 - 2015-01-25 20:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 13:26 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:26 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:26 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:26 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:26 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:26 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:26 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:26 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:26 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:26 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:26 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:26 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:26 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 21:16 - 2010-10-24 04:49 - 00668266 _____ () C:\Windows\system32\perfh01D.dat
2015-01-25 21:16 - 2010-10-24 04:49 - 00145158 _____ () C:\Windows\system32\perfc01D.dat
2015-01-25 21:16 - 2009-07-14 06:13 - 01594346 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 21:15 - 2014-08-12 11:34 - 01208792 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 21:08 - 2013-08-12 21:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 21:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 21:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 20:58 - 2011-04-26 17:22 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 20:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 18:10 - 2014-11-08 17:15 - 00189840 _____ () C:\Windows\SysWOW64\debug.log
2015-01-24 22:36 - 2011-04-26 17:22 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 22:28 - 2012-12-03 18:38 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 21:01 - 2014-06-15 15:27 - 00003912 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD231F50-5376-4DD8-A4BA-14BAA10EF0BB}
2015-01-22 21:56 - 2012-12-03 18:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 21:56 - 2012-12-03 18:38 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 21:56 - 2011-11-08 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 11:21 - 2012-12-03 18:39 - 00002151 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 12:18 - 2013-08-14 14:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 11:53 - 2010-12-24 19:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:06 - 2010-12-24 19:56 - 00000000 ____D () C:\Users\KB\AppData\Roaming\Spotify
2015-01-13 16:12 - 2010-12-24 19:56 - 00000000 ____D () C:\Users\KB\AppData\Local\Spotify
==================== Files in the root of some directories =======
2014-02-11 20:35 - 2014-02-11 20:35 - 49940480 _____ () C:\Program Files (x86)\GUT9716.tmp
2014-02-11 21:16 - 2014-02-11 21:16 - 0000048 _____ () C:\Users\KB\AppData\Roaming\mbam.context.scan
2011-06-27 19:24 - 2011-06-27 19:24 - 0000000 _____ () C:\Users\KB\AppData\Local\{770D77C2-D384-46AA-879C-FE7BCC4EB99F}
Some content of TEMP:
====================
C:\Users\KB\AppData\Local\Temp\0q8H.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 02:29
==================== End Of Log ============================
Dold text
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by KB at 2015-01-25 21:18:47
Running from C:\Users\KB\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
ffdshow x64 v1.1.3631 [2010-11-15] (HKLM\...\ffdshow64_is1) (Version: 1.1.3631.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Football Manager 2011 Demo (HKLM-x32\...\Football Manager 2011 Demo) (Version: 11.0.0.0 - Sports Interactive)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - )
Free YouTube to MP3 Converter version 3.10.815 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd..)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klicka-och-kör 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - svenska (HKLM-x32\...\{90140011-0066-041D-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional med FrontPage (HKLM-x32\...\{9028041D-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nero 9 Essentials (HKLM-x32\...\{0e385e0a-0c88-4934-b221-c220a7adf5cc}) (Version: - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nordea NCR1 Installationspaket (HKLM-x32\...\{CD9A35D4-8A81-4188-98AF-14D759083FB4}) (Version: 1.00.000 - Todos Data System AB)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.0 - )
Spotify (HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.9947 - TeamViewer GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.137.706 - Chicony Electronics Co.,Ltd.)
WildTangent Games App (Packard Bell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Zodiac Casino (HKLM-x32\...\zodiac) (Version: 16.10.2.1587 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-12-2014 13:04:19 Schemalagd kontrollpunkt
02-01-2015 13:20:52 Schemalagd kontrollpunkt
10-01-2015 11:21:35 Schemalagd kontrollpunkt
15-01-2015 11:50:51 Windows Update
24-01-2015 02:32:05 Schemalagd kontrollpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2404FC97-C2C6-4E8F-AB93-D8E4D74EAB59} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {811E5F18-A22F-46BB-86C5-4DF50C915EBF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {83D981B1-B300-4766-91DE-8F1848DDD3ED} - System32\Tasks\{3E1D9E2C-0F73-45A9-AB4B-2084030DFE7E} => pcalua.exe -a D:\INSTALL.EXE -d D:\
Task: {B5559955-4E27-42AE-94FD-AFF5A4FCA1F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {BA6D9D6B-9EA2-4B67-8F06-234C5F683A0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB493553-B303-4275-9208-1D2C81CCD864} - System32\Tasks\4322 => Wscript.exe C:\Users\KB\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C86AAB1F-9726-4FA3-94FF-7602E6F96D95} - System32\Tasks\{9153C277-6881-426B-8455-392B5CCEF940} => pcalua.exe -a "C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C97U7J89\Bflix2[1].exe" -d C:\Users\KB\Desktop
Task: {DE9DC535-1283-45D2-AD68-5C01C25ED956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {E799B60B-0505-4B63-9FC4-65E8BA1639EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {EF3B5183-9F0B-43C4-BB0C-406ADB9BA594} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-10-24 04:16 - 2010-06-09 11:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-11-08 17:15 - 2014-11-08 17:14 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2014-11-08 17:14 - 2014-11-08 17:14 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2014-11-08 17:15 - 2014-11-08 17:14 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2010-08-27 09:39 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-18 05:00 - 2014-10-18 05:00 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-08-27 08:55 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-06-16 14:54 - 2011-06-16 14:54 - 00009504 _____ () C:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\SoftwareUpdateFilesLocalized.dll
2011-06-16 14:54 - 2011-06-16 14:54 - 00029984 _____ () C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\SoftwareUpdateLocalized.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Program Files (x86)\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administratör (S-1-5-21-1714336835-4238330309-3966115506-500 - Administrator - Disabled)
Gäst (S-1-5-21-1714336835-4238330309-3966115506-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1714336835-4238330309-3966115506-1002 - Limited - Enabled)
KB (S-1-5-21-1714336835-4238330309-3966115506-1001 - Administrator - Enabled) => C:\Users\KB
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2015 06:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
, felet uppstod i modulen med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000001e99
Process-ID: 0xf60
Programmets starttid: 0xePowerTray.exe0
Sökväg till program: ePowerTray.exe1
Sökväg till modul: ePowerTray.exe2
Rapport-ID: ePowerTray.exe3
Error: (01/25/2015 11:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
, felet uppstod i modulen med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000001e99
Process-ID: 0x9f8
Programmets starttid: 0xePowerTray.exe0
Sökväg till program: ePowerTray.exe1
Sökväg till modul: ePowerTray.exe2
Rapport-ID: ePowerTray.exe3
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Det går inte att initiera indexet.
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Det går inte att initiera programmet.
Kontext: program Windows
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Det går inte att initiera insamlingsobjektet.
Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Det går inte att initiera plugin-programmet i <Search.TripoliIndexer>.
Kontext: program Windows, katalog SystemIndex
Information:
Det gick inte att hitta elementet. (HRESULT : 0x80070490) (0x80070490)
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Det går inte att initiera plugin-programmet i <Search.JetPropStore>.
Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Det går inte att läsa in informationen i egenskapsarkivet.
Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets databas är skadad. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search-tjänsten har stoppats eftersom det finns ett problem med indexeraren The catalog is corrupt.
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:11 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Skadade datafiler har upptäckts i indexet {id=4700}. Det görs ett försök att korrigera det här problemet automatiskt genom att återskapa indexet.
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/25/2015 08:58:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
%%5.
Error: (01/25/2015 06:55:35 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT instans)
Description: Det gick inte att starta tråden för TCP/IP- eller SPX/IPX-lyssnande.
Error: (01/25/2015 06:55:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
AFD
Avgfwfd
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
Error: (01/25/2015 06:55:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Windows Management Instrumentation avbröts med följande fel:
%%127
Error: (01/25/2015 06:55:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten Client Virtualization Handler är beroende av tjänsten Application Virtualization Client. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Error: (01/25/2015 06:55:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten Network Location Awareness är beroende av tjänsten Network Store Interface Service. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Error: (01/25/2015 06:55:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten SMB 2.0 miniomdirigerare är beroende av tjänsten SMB-miniomdirigerare, adapterprogram och motor. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Error: (01/25/2015 06:55:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten SMB 1.x miniomdirigerare är beroende av tjänsten SMB-miniomdirigerare, adapterprogram och motor. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Error: (01/25/2015 06:55:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten SMB-miniomdirigerare, adapterprogram och motor är beroende av tjänsten Undersystem för buffert har omdirigerats. Den sistnämnda kunde inte starta på grund av följande fel:
%%31
Error: (01/25/2015 06:55:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjänsten IP Helper är beroende av tjänsten Network Store Interface Service. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068
Microsoft Office Sessions:
=========================
Error: (01/25/2015 06:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e99f6001d038c07e01c113C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe5eef6d13-a4b4-11e4-b495-1c75081facdb
Error: (01/25/2015 11:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e999f801d03886ab2e7a5bC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe847cf7ff-a47a-11e4-8259-1c75081facdb
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: program Windows
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: program Windows, katalog SystemIndex
Information:
Det gick inte att hitta elementet. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: program Windows, katalog SystemIndex
Information:
Innehållsindexets databas är skadad. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/25/2015 11:08:11 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
4700
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 1977.98 MB
Available physical RAM: 1270.08 MB
Total Pagefile: 3955.96 MB
Available Pagefile: 2442.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:219.79 GB) (Free:113.69 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FD0A3FD2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Dold text
Senast redigerat
Visa signatur
Stationär: Meshify C Vit TG || ROG B550-F || 5800X+NH-D15 || 4070ti || Vengeance LPX 32GB || KC3000 M.2 || FD Newton R3 600W Ljud: RX-V781, Dynavoice LCR-5, FX-4, Velodyne SPL-1000 Ultra || DacPort Slim || Tennmak IEM
Citera flera
Citera
Skrivet av Tinardirith:
Tack! Datorn startar som vanligt.
Fixlog.txt
File/Directory not found på två rader. Är det ett problem eller är det bra nog?
Edit: En kvart senare är datorn fortfarande normal så ja det fungerade. Scannar nu, tar en evighet på den här gamla segproppen.
Nya frst.txt
Addition.txt
Inget problem med "not found".
Starta programmet Anteckningar.
Kopiera alla rader i rutan:
CreateRestorePoint:
CloseProcesses:
Task: {BB493553-B303-4275-9208-1D2C81CCD864} - System32\Tasks\4322 => Wscript.exe C:\Users\KB\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {EF3B5183-9F0B-43C4-BB0C-406ADB9BA594} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {45c2637f-29b4-4c20-80d9-095d8eeeb2a7} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {4672EAA0-A9C7-446E-B7F3-A1BF5D141BA8} URL = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=10286...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
BHO-x32: No Name -> {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> No File
BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {45C2637F-29B4-4C20-80D9-095D8EEEB2A7} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files (x86)\2YourFace\2YourFace.xpi
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&gct=ds&appid=115&sys...
CHR DefaultSuggestURL: Default ->
CHR HKLM-x32\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - C:\Program Files (x86)\2YourFace\2YourFace.crx [Not Found]
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.
Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.
Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Citera flera
Citera
Hårdvara
- Igår Corsair Platform 6: För dig som inte nöjer dig med Ikea-skrivbord 11
- Igår Rykte: Switch 2 släpps i höst – OLED-variant dröjer 35
- Igår Iphones marknadsandel faller i USA 43
- 25 / 4 Airtec Pro Type1 – batteridrivet alternativ till tryckluft på burk 89
- 25 / 4 Nu stiger hårddiskpriserna med uppemot 10 procent 23
Mjukvara
Datorkomponenter
Ljud, bild och kommunikation
- Airtec Pro Type1 – batteridrivet alternativ till tryckluft på burk90
- Köpråd för ny gaming dator, runt 25k16
- Dagens fynd (bara tips, ingen diskussion) — Läs första inlägget först!18427
- Fedora 407
- Budgetburk AM4, passande beggat grafikkort?2
- Cage/Bur till Fractal Design Define R5 fråga5
- Hjälp med nyinköpt nätagg: BeQuiet Pure Power 12M. Har jag köpt fel?0
- Helgsnack: Är all reklam till ondo?67
- 32 bit Linux för Netbook som går att köra vettig webläsare på 2024? Hopplöst?15
- Samlingstråd LG OLED 2023 (A3/B3/C3/G3/Z3)711
- Säljes Säljer helt NYTT Vengeance 32GB RGB DDR5 6000Mhz
- Säljes Bärbar ASUS 4800H, RTX 2060, 512 GB SSD, 16 GB RAM
- Säljes Helt NYTT Gigabyte Z790 Aorus Elite AX.
- Säljes Valve Index VR Kit
- Köpes Playstation 4 Pro
- Säljes 2x Xeon 5365 3.0GHz + 8gb DDR2 667MHz + Nvidia GT7300 GPU
- Säljes Lian Li O11 Dynamic XL svart samt 360mm radiatorer
- Säljes Xbox Elite Wireless Series 2 handkontroll
- Bytes Ny RM750x mot SFX
- Säljes RX 6800 XT Asus Strix LC OC och Samsung Odyssey G7 27"
- Krönika: "Early access" är utstuderad girighet32
- Övergivet skadeprogram infekterar miljontals maskiner11
- Helgsnack: Är all reklam till ondo?67
- Microsoft släpper källkoden till MS‑DOS 4.0016
- Ny caps lock-symbol i Windows förbryllar HP-användare20
- Corsair Platform 6: För dig som inte nöjer dig med Ikea-skrivbord11
- Rykte: Switch 2 släpps i höst – OLED-variant dröjer35
- NetonNet varnar om läckta kunduppgifter23
- Premiär på SweClockers! Månadens drop med gamingskärm hos Elgiganten74
- IT-bolag: Teknikstrul är största tidsboven idag42
