Virus


(osh) #21

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Ole (22-06-2018 16:24:33)
Running from C:\Users\Ole\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-18 17:48:27)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-944301883-4089375509-3149596369-500 - Administrator - Disabled)
Gæst (S-1-5-21-944301883-4089375509-3149596369-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-944301883-4089375509-3149596369-1005 - Limited - Enabled)
Ole (S-1-5-21-944301883-4089375509-3149596369-1001 - Administrator - Enabled) => C:\Users\Ole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32…\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32…{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32…{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32…{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32…{58F4D244-314F-4D26-B5EF-C28AB32E22CB}is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32…\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32…\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32…{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32…\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 30 ActiveX (HKLM-x32…\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32…\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32…\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32…\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 MUI (HKLM-x32…{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32…\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Airport Mania First Flight (HKLM-x32…{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Alcor Micro USB Card Reader (HKLM-x32…{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32…\InstallShield
{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
ALPS Touch Pad Driver (HKLM…{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
Amazonia (HKLM-x32…{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Mobile Device Support (HKLM…{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32…{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple Software Update (HKLM-x32…{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Apple-programunderstøttelse (32 bit) (HKLM-x32…{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple-programunderstøttelse (64 bit) (HKLM…{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Avast Free Antivirus (HKLM-x32…\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32…\Avast Secure Browser) (Version: 66.2.567.181 - AVAST Software)
Backup Manager Basic (HKLM-x32…{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32…{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM…{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM…{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Cake Mania (HKLM-x32…{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CameraHelperMsi (HKLM-x32…{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Canon iP3600 series Brugerregistrering (HKLM-x32…\Canon iP3600 series Brugerregistrering) (Version: - )
Canon iP3600 series Printer Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}Canon_iP3600_series) (Version: - )
Canon Pro9500 II series Printer Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}Canon_Pro9500_II_series) (Version: - Canon Inc.)
CCleaner (HKLM…\CCleaner) (Version: 5.43 - Piriform)
CPUID HWMonitor Pro 1.23 (HKLM…\CPUID HWMonitorPro_is1) (Version: - )
CyberLink PowerDVD 9 (HKLM-x32…\InstallShield
{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
Danske Spil Poker (HKLM-x32…\DanskeSpilPoker) (Version: - DanskeSpil)
erLT (HKLM-x32…{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32…{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32…\InstallShield
{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
EZCast (HKLM-x32…{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 2.4.0.49 - Actions-Micro)
Facebook Video Calling 3.1.0.521 (HKLM-x32…{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32…\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM…{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Toolbar for Internet Explorer (HKLM-x32…{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32…{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32…{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Envy 100 D410 series - basissoftware til enheden (HKLM…{D14C4E95-DDDB-45C1-B05A-30EC2E0A65A2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Envy 100 D410 series Hjælp (HKLM-x32…{749EC8D6-EE79-47FA-B13D-E87A6E3855E8}) (Version: 140.0.32.32 - Hewlett Packard)
HP Photo Creations (HKLM-x32…\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32…{CA1481E4-16C7-4A3D-B56A-3F800E43D9FE}) (Version: 12.9.18.3 - HP)
HP Update (HKLM-x32…{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32…\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iMyFone Umate 5.1.0.3 (HKLM-x32…{5284F901-9F62-4462-A0E6-2E4373A64454}is1) (Version: 5.1.0.3 - Shenzhen iMyFone Technology Co., Ltd.)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32…\CANONIJPLM100) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32…{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32…{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iSumsoft Windows Password Refixer Personal Trial 3.1.2 (HKLM-x32…\iSumsoft Windows Password Refixer Personal Trial) (Version: 3.1.2 - iSumsoft)
iTunes (HKLM…{DF9D1F29-B8BE-485B-8215-92FD503D2E6D}) (Version: 12.7.0.166 - Apple Inc.)
Junk Mail filter update (HKLM-x32…{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Karen’s Replicator (HKLM-x32…\Karen’s Replicator) (Version: 3.6.0.9 - Karen Kenworthy)
Kompatibilitetspakke til Office 2007-systemet (HKLM-x32…{90120000-0020-0406-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Launch Manager (HKLM-x32…\LManager) (Version: 4.0.14 - Acer Inc.)
LINE (HKU\S-1-5-21-944301883-4089375509-3149596369-1001…\LINE) (Version: 4.10.1.1256 - LINE Corporation)
Logitech Webcam Software (HKLM-x32…{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (HKLM…{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.5.1.2522 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee True Key (HKLM…\TrueKey) (Version: 5.0.150.1 - McAfee)
McAfee WebAdvisor (HKLM-x32…{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.203 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (dansk) (HKLM…{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM…{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32…{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32…{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32…{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32…{90110406-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32…{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32…{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyWinLocker (HKLM-x32…{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32…{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32…\InstallShield
{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Norton Online Backup (HKLM-x32…{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32…\InstallShield
{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (HKLM-x32…{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32…{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32…\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
Opera Stable 53.0.2907.99 (HKLM-x32…\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32…{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Kies3 (HKLM-x32…{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32…\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32…{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM…{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Shredder (HKLM…{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32…{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SignCut (HKLM-x32…\SignCut) (Version: 1.96 - Whisqu Graphic AB)
SiSoftware Sandra Lite 2016.SP1 (HKLM…{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}is1) (Version: 22.20.2016.3 - SiSoftware)
Skype Click to Call (HKLM-x32…{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32…{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32…{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32…\InstallShield
{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
StofaWebTvPlayer (HKLM-x32…{5AE2ECFD-8211-44C0-87A1-564BB32FF08D}) (Version: 3.13.1.7173 - Stofa A/S)
SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (HKLM-x32…{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32…\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
ViewRight Web PC (HKLM-x32…{0AEF5F93-DE30-4D0A-A879-B3BB72000F52}) (Version: 2.1.2.3 - Verimatrix, Inc.)
Welcome Center (HKLM-x32…\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32…\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32…{02B8DBC1-7312-43AF-8BA7-9F29CDD6B348}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-944301883-4089375509-3149596369-1001…\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-20] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-20] (AVAST Software)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2010-04-02] (Egis Technology Inc.)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-04-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {022FC4B2-E8DB-4256-8168-65FFE8B7E4DB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {08DFB0F0-6CC1-4CD1-A9AC-60EC3308DF96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {0BEC3FD7-2DF3-4F56-BEAC-3C14235384BB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {14F04A88-4BDD-481E-889E-20D23B14C7FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {196F8CC7-91C6-4872-9F8B-E6B3A1C05832} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-17] (AVAST Software)
Task: {22FD8DD2-83F6-4FAF-A9E7-17B0690FD984} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {2C9EF1CF-6FB9-4F95-A102-07B47ADE9C67} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {44DB5E9E-438A-43D8-967A-F7AE39A302F1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {4C494699-E012-41E4-9F47-12F8B22CFC52} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {5082581B-2071-4BAE-B46F-7E65AF33DBDF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {5572B5C0-3425-4FC5-B808-18DFFD6D652D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {5572B5C0-3425-4FC5-B808-18DFFD6D652D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {5D02727B-9E0E-4CC6-9887-2100BE132B28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6E4D088B-A375-4736-A6C9-F20B7F3D15B5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {6E4FF7BD-8357-4EE6-845E-D0A4ADE9E1AA} - System32\Tasks\Opera scheduled Autoupdate 1504106056 => C:\Program Files\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {81458E71-9CDF-469C-A7B1-DC0D2A7120B1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-18] (AVAST Software)
Task: {8BA70BD6-C691-4D76-955D-12D0E552E575} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {96E4D0FD-DBCB-401E-AB68-1A2778B38E6F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-20] (AVAST Software)
Task: {9CCA5449-2D18-4951-B201-A1FF4E00F6DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {AE8190D0-EDD9-48D9-9C1F-523C5A80C472} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {BB758013-F3CD-40EF-9427-3560B02BA3CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {BDF9F589-D41D-4BFC-A711-2A0DE1B4CCBB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-17] (AVAST Software)
Task: {D755228D-C406-43DC-B885-B6C63C3BD978} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION
Task: {D8EF13B0-9B51-4CF5-A910-529258ED0106} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ole\Desktop\Ny mappe (13)\Ny mappe (3)\Vista\Foretrukne\NCH Software Download Page.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Ole\Desktop\Ny mappe (13)\Ny mappe (3)\Vista\Favorites\NCH Software Download Page.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Ole\Desktop\Ny mappe (13)\Ny mappe (3)\Foretrukne vista\Foretrukne\NCH Software Download Page.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Ole\Desktop\Ny mappe (13)\Ny mappe (2)\Foretrukne\NCH Software Download Page.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-18 15:23 - 2018-06-18 19:00 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-12-18 19:28 - 2010-06-09 19:54 - 000206208 _____ () C:\Windows\PLFSetI.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-04-30 13:20 - 2018-04-30 13:20 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-05-24 19:51 - 2018-05-24 19:51 - 000085832 _____ () C:\Program Files\CCleaner\lang\lang-1030.dll
2018-06-14 12:28 - 2018-06-12 07:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 12:28 - 2018-06-12 07:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-06-22 13:47 - 2018-06-22 13:47 - 005842576 _____ () C:\Program Files\AVAST Software\Avast\defs\18062202\algo.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 000465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 001081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2018-06-17 12:14 - 2018-06-17 12:14 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-20 14:42 - 2018-06-20 14:42 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-17 16:37 - 2014-09-28 17:59 - 000019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-10-08 07:31 - 000000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-944301883-4089375509-3149596369-1001\Control Panel\Desktop\Wallpaper -> C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.10.10.4 - 212.10.10.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D28BD9FE-7CF9-45A6-B998-DEE52D4F02F8}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{02D7460E-A7D8-4A2A-A18C-B5E78A4128BF}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{5857A0C9-22E8-4E56-B21E-C6C5A7AAE293}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{942D5A7A-7074-4261-AC9A-1F2A857F1F06}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{F90F9123-ECB5-42EE-8BE8-79E170112E8F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6DB31436-2B81-4DE7-984C-06D19AC50784}] => (Allow) svchost.exe
FirewallRules: [{7B9343BC-4981-43C7-BC02-EEFC7F66B50A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{AE6C9589-235A-4A2A-96A4-4AE1D74DE412}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{13E8D8BA-9CA3-4C79-8C69-334E462A8313}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{906972D6-647D-4A49-A153-763FF20A6065}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{11E3106E-8308-488C-8DD7-40FF0C8D1B2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{38F036F7-17C2-47EE-A887-CFBC30578EF2}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0A83A9CE-8A7D-4070-93FF-AFA74BE4E8C7}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E507C844-0CF2-4D1A-ABAF-89FD609CDE64}C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{C3981132-7024-4D6B-9937-7ABBD73AAE92}C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{E982337B-90EA-4EA9-820F-6F31E156EDB3}C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{8DF53D0A-F2D9-4B18-B25A-C09B42343D99}C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\onicha\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{A0829927-4CAA-4C28-9F92-39E7EA47027A}] => (Allow) C:\Users\Ole\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{59857529-E0C4-4141-9BA9-5FA392E57D72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{946E8C3B-FCDE-44FF-964B-C595F9EBB393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6291275-580F-4E75-8B6D-8709CB28D95C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6AA59922-69D3-48BA-A870-B8A9D9AFDB91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{345FE1ED-EB0D-46E9-A123-517F1F06A995}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E230B049-1FD9-4C53-9B49-D114AF8C15B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F7342B05-25FE-491E-8FF6-77E08E781F92}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{74516D9A-75B3-46B9-BC75-49D8F732ECD8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6FC3A9CB-1062-4A82-80C7-FEE57A3907E4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{49059FF9-2C83-41E8-A99F-A741509A1907}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0C983515-BA6D-4C9D-AFFD-872E7B4AFA32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51343D84-4D22-477E-BEAE-EF8A400FA82E}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\DeviceSetup.exe
FirewallRules: [{560A226A-2806-4751-8A15-6D28C4B230D6}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5026DBCD-3850-4775-89DB-548DE707A0F9}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F0B8B12A-785A-476C-BB93-D322B797D992}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
FirewallRules: [{B6338BB3-791D-46C1-9097-0B7ECFDF5E80}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{F5E482A7-FCA6-48C7-AA7F-7CEE8C709D06}] => (Allow) C:\Users\Ole\AppData\Local\Line\bin\4.10.0.1236\LINE.exe
FirewallRules: [{1DAB619B-50B1-49E0-8D2C-AF9224994DB1}] => (Allow) C:\Users\Ole\AppData\Local\Line\bin\4.10.0.1236\LINE.exe
FirewallRules: [{8CD82069-F053-4086-BE45-26DD0588F861}] => (Allow) C:\Users\Ole\AppData\Local\Line\bin\4.10.0.1236\LineUpdater.exe
FirewallRules: [{2B0FB738-3E20-4D4B-9A3F-5BC4897DE554}] => (Allow) C:\Users\Ole\AppData\Local\Line\bin\4.10.0.1236\LineUpdater.exe
FirewallRules: [{B30B16C0-64BB-4536-A522-58B530A51CBC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{58F47852-805E-403E-9337-429FEC811E57}] => (Allow) C:\Program Files (x86)\EZCast\EZCast.exe
FirewallRules: [{E3744904-714A-4AF6-BE7B-E75B3C67F169}] => (Allow) C:\Program Files (x86)\EZCast\EZScreen
FirewallRules: [TCP Query User{98E2D062-A56B-4629-B849-BF002BC747B4}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [UDP Query User{E9C6289F-B183-4CCE-A7E7-70F27A12820C}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Block) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{AED23538-524C-4EDE-9B46-16EFA69E638E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{831CBBF9-A9B9-4070-97D8-3F433C3EB231}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{AE74925E-A0C2-4B45-8F42-D66EE4889CCE}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{3BF1F153-9FC7-4C6B-9860-934537247722}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{E3BC4F4D-7872-49AC-A300-F0F9988C9C40}] => (Allow) C:\Program Files\Opera\53.0.2907.68\opera.exe
FirewallRules: [{35154718-9EA7-423F-BE45-DF8D42282443}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FEFA2CEB-DFED-4A8C-ABCF-73F3CB575155}] => (Allow) C:\Program Files\Opera\53.0.2907.99\opera.exe
FirewallRules: [{B5B61A69-71F7-4345-A34C-F53EE1A1AE9D}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{F4CF82DE-0FC3-47FD-8BEC-09891E0C9FFE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B2932E27-05DD-4AF8-9F8A-064221A0CF14}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D65BE948-1B4F-470D-876C-67D7CF0F61C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{222A4E12-C0C8-48C3-9924-04BF38B49955}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling-adapter
Description: Microsoft Teredo Tunneling-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

Error: (06/22/2018 04:21:59 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper – Error 1316. Den angivne konto findes allerede.

Error: (06/22/2018 04:19:17 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper – Error 1316. Den angivne konto findes allerede.

Error: (06/22/2018 02:11:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1154

Error: (06/22/2018 02:11:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1154

Error: (06/22/2018 02:11:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2018 01:56:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper – Error 1316. Den angivne konto findes allerede.

Error: (06/22/2018 01:46:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13112274

Error: (06/22/2018 01:46:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13112274

System errors:

Error: (06/22/2018 08:34:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Wondershare Driver Install Service kunne ikke starte pga. følgende fejl:
Den angivne fil blev ikke fundet.

Error: (06/22/2018 08:31:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Wondershare Driver Install Service kunne ikke starte pga. følgende fejl:
Den angivne fil blev ikke fundet.

Error: (06/22/2018 08:30:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Windows Media Player Network Sharing Service blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 30000 millisekunder: Genstart tjenesten.

Error: (06/22/2018 08:30:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Windows Installer blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 120000 millisekunder: Genstart tjenesten.

Error: (06/22/2018 08:30:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten HP Support Solutions Framework Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/22/2018 08:30:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel® Management & Security Application User Notification Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/22/2018 08:30:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten iPod-tjeneste afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/22/2018 08:30:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Windows Search blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 30000 millisekunder: Genstart tjenesten.

Windows Defender:

Date: 2016-06-25 18:31:00.557
Description:
Windows Defender-scanning er blevet stoppet, før den er gennemført.
Scannings-id:{552E0619-E183-4162-992B-8518CFD484F2}
Scanningstype:AntiSpyware
Scanningsparametre:Hurtig scanning
Bruger:NT AUTHORITY\NETVÆRKSTJENESTE

Date: 2016-04-30 13:29:23.016
Description:
Windows Defender-scanning er blevet stoppet, før den er gennemført.
Scannings-id:{3594BE08-968A-4D57-AFF6-69091E7528EC}
Scanningstype:AntiSpyware
Scanningsparametre:Hurtig scanning
Bruger:NT AUTHORITY\NETVÆRKSTJENESTE

Date: 2016-03-07 18:37:12.902
Description:
Windows Defender-scanning er blevet stoppet, før den er gennemført.
Scannings-id:{F04FA928-F27D-463D-901A-53B7A2D05FF4}
Scanningstype:AntiSpyware
Scanningsparametre:Hurtig scanning
Bruger:NT AUTHORITY\NETVÆRKSTJENESTE

Date: 2016-01-02 15:23:20.587
Description:
Windows Defender-scanning er blevet stoppet, før den er gennemført.
Scannings-id:{CDFF8AB3-AEDD-497D-B43B-13FFAA400804}
Scanningstype:AntiSpyware
Scanningsparametre:Hurtig scanning
Bruger:NT AUTHORITY\NETVÆRKSTJENESTE

Date: 2015-02-02 18:07:15.662
Description:
Windows Defender-scanning er blevet stoppet, før den er gennemført.
Scannings-id:{B676701B-B1AD-4427-B4E2-FD9CECD706CB}
Scanningstype:AntiSpyware
Scanningsparametre:Hurtig scanning
Bruger:NT AUTHORITY\NETVÆRKSTJENESTE

Date: 2016-10-14 17:47:48.577
Description:
Windows Defender har registreret en fejl under forsøget på at indlæse signaturer, og programmet vil forsøge at gå tilbage til et kendt fungerende signatursæt.
Signaturer, der blev forsøgt:Sikkerhedskopi
Fejlkode:0x80070714
Fejlbeskrivelse:Den angivne billedfil indeholdte ikke et ressourceafsnit.
Signaturversion:0.0.0.0
Programversion:0.0.0.0

Date: 2016-10-14 17:47:32.821
Description:
Windows Defender har registreret en fejl under forsøget på at indlæse signaturer, og programmet vil forsøge at gå tilbage til et kendt fungerende signatursæt.
Signaturer, der blev forsøgt:Aktuel
Fejlkode:0x8050a004
Fejlbeskrivelse:Denne pakke indeholder ikke opdaterede definitionsfiler til dette program. Flere oplysninger finder du under Hjælp og support.
Signaturversion:1.229.1662.0
Programversion:1.1.13103.0

Date: 2015-11-25 18:16:57.760
Description:
Windows Defender har registreret en fejl under forsøget på at indlæse signaturer, og programmet vil forsøge at gå tilbage til et kendt fungerende signatursæt.
Signaturer, der blev forsøgt:Aktuel
Fejlkode:0x80070002
Fejlbeskrivelse:Den angivne fil blev ikke fundet.
Signaturversion:0.0.0.0
Programversion:0.0.0.0

CodeIntegrity:

Date: 2018-05-01 18:44:12.799
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:12.027
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:11.126
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:09.985
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:09.092
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:07.944
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:06.366
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-05-01 18:44:05.289
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\DmNotificationBroker.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 3764.5 MB
Available physical RAM: 1447.44 MB
Total Virtual: 7527.16 MB
Available Virtual: 4977 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:465.66 GB) (Free:109.19 GB) NTFS

\?\Volume{69bdabc3-b36b-11e7-90d9-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0CB428CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


(f-arn) #22

Hvad er Chrome Media Router, og hvor har du den fra :question:


(osh) #23

Det kender jeg intet til, jeg har kun google chrome mig bekendt


(f-arn) #24

Det er en Extension der ligger i Chrome. Jeg slettede den i går, men den er kommet igen :question:


(osh) #25

Jeg har søgt på den og der står det er en del af chrome, men ved det ikke, men det var som om det var forsvundet, en overgang, men så kom igen ??


(osh) #26

Tror det er til Chromecast, efter hvad jeg kan se


(f-arn) #27

Chromecast behøver ikke nogen Extension :wink:

Kan du deaktivere den :question:


(osh) #28

Jeg Kan gå ind i menu i chrome og gå til cast, men kan ikke gøre noget der, jeg har afbrudt cast i tv`et, men ellers kan jeg ikke se den noget sted på pc


(f-arn) #29

Prøv at kopiere dette ind i Adresse linien i Chrome: chrome://extensions/

Står den der :question:


(osh) #30


(osh) #31

Er det sådan du mener ?


(f-arn) #32

Ja.

Jeg prøver lige at fjerne den igen…

Deaktiver dine Sikkerheds programmer, mens “Fixet” kører.

Jeg vedhæfter Fixlist.txt (535 Bytes). Gem den på Skrivebordet ved siden af Farbar Recovery Scan Tool/Farbar Recovery Scan Tool x64 (FRST/FRST64).

Den skal ligge ved siden af FRST/FRST64 :exclamation:

Dette Fix blev skrevet specielt til denne bruger og til brug på denne PC.
Køres dette på en anden PC, kan det forårsage skade, og i værste fald vil PCen ikke starte
.

Start FRST/FRST64 (Farbar Recovery Scan Tool/Farbar Recovery Scan Tool x64) og klik på FIX (og vent til den er færdig)

Luk FRST/FRST64, og lad PCen genstarte.

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

------

Fortæl om Malwaren forsvandt :question:

Hvis den gjorde, så læg mærke til hvad du laver hvis den skulle komme igen :wink:


(osh) #33

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Ole (23-06-2018 20:06:04) Run:1
Running from C:\Users\Ole\Desktop
Loaded Profiles: Ole (Available Profiles: Ole)
Boot Mode: Normal

fixlist content:


start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\Ole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-22]
S1 ZAM; ??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; ??\C:\Windows\System32\drivers\zamguard64.sys [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
EmptyTemp:
end


Error: (0) Failed to create a restore point.
Processes closed successfully.
“HKLM\SOFTWARE\Policies\Microsoft\Windows Defender” => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\Ole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-22] => Error: No automatic fix found for this entry.
“HKLM\System\CurrentControlSet\Services\ZAM” => removed successfully
ZAM => service removed successfully
“HKLM\System\CurrentControlSet\Services\ZAM_Guard” => removed successfully
ZAM_Guard => service removed successfully
“HKLM\System\CurrentControlSet\Services\WsDrvInst” => removed successfully
WsDrvInst => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9648202 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8783 B
Edge => 0 B
Chrome => 170494200 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Ole => 974601 B
Onicha => 0 B

RecycleBin => 11979727 B
EmptyTemp: => 192.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:06:10 ====


(osh) #34

Efter jeg sendte fixlog lukkede jeg computeren og åbnede igen så kom dette igen ??


(osh) #35

kan jeg bruge den vedhæftede fixlist igen ?


(f-arn) #36

La’ os prøve noget andet…

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Husk at vælge den rigtige version. (32 eller 64 bit)

Deaktiver dit sikkerhedprogram, mens du kører den :exclamation:

Luk alle vinduer og kør “RogueKiller” (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Mht.: Vista/Windows 7/8 og 10 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, klikker du på report,gemmer den og kopierer den herind.

Du skal ikke fjerne noget :exclamation:


(osh) #37

Jeg har fjernet malwarebytes, er det ok ??


(osh) #38

Er det dette

PUP.Gen1 SOFTWARE (X64) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software WebApp Found
PUP.Gen1 SOFTWARE (X86) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software WebApp Found
PUM.HomePage IE Settings (X64) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\Microsoft\Internet Explorer\Main Start Page https://minesider.stofa.dk/ Found
PUM.HomePage IE Settings (X86) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\Microsoft\Internet Explorer\Main Start Page https://minesider.stofa.dk/ Found

(osh) #39
PUP.Gen1 Folder C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner Found
PUP.Gen1 Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner Found
PUP.Gen1 Folder C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner Found

(osh) #40

Her var den rigtige, nu forstod jeg hvad du mente :slight_smile:

RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ole [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan – Date : 06/24/2018 20:52:40 (Duration : 00:27:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\WebApp -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://minesider.stofa.dk/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-944301883-4089375509-3149596369-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://minesider.stofa.dk/ -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner -> Found
[PUP.Gen1][Folder] C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500G +++++
— User —
[MBR] dcf47708406d92bd4f33be02127438e8
[BSP] b69bacb586ccfa29abd72fe43c7b25b4 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476839 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
User = LL2 … OK