priacechopu 3.9 i webbläsaren som återkommer

13 juli, 2014

Hej!

Jag har en kompis som tog kontakt med mig och berättade att han hade ett tillägg i chrome som tydligen åtkommer hela tiden.

Jag bad honom att köra DDS men jag är fortfarande så pass ovan och är inte helt kunnig än för att avgöra vad nästa steg skulle vara om han behöver en virusrensning.

13 juli, 2014

här är loggen för DDS.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.51.2

Run by adrian at 19:57:48 on 2014-07-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.5981.2710 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\igfxCUIService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\ProgramData\IePluginServices\PluginService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\igfxEM.exe

C:\Windows\system32\igfxHK.exe

C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

C:\Program Files (x86)\Steam\GameOverlayUI.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

mStart Page = hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

mWinlogon: Userinit = userinit.exe,

BHO: <No Name>: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Show Norton Toolbar: {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

uRun: [spotify Web Helper] "C:\Users\adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"

uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log

uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX230"

uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

uPolicies-Explorer: HideSCAHealth = dword:1

uPolicies-Explorer: NoDriveTypeAutoRun = dword:221

mPolicies-System: EnableLUA = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableInstallerDetection = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5BAADEA0-F106-47C6-AB0F-2AF6C1D400B6} : DHCPNameServer = 82.209.169.72 82.209.169.71

TCP: Interfaces\{88B5BDCF-D8EE-4637-A11A-F825A6088FE9} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [iAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-4-11 645480]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-4-11 28008]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-1 20464]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-13 283200]

R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\idsdefs\20140707.001\IDSvia64.sys [2014-7-10 392752]

R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]

R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]

R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-3-20 154584]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-24 1631008]

R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-5-29 146944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-31 142128]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-1 370672]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-1 791024]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-8 888536]

R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2014-5-27 39168]

R3 Symantec Core LC;Symantec Core LC;C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2013-12-31 1251720]

R3 SYMNDISV;SYMNDISV;C:\Windows\System32\drivers\symndisv.sys [2007-1-9 43832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 e9f32388;GS Supporter;C:\Windows\System32\rundll32.exe [2009-7-14 45568]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]

S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]

S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 20256]

S3 PAExec;PAExec;C:\Windows\PAExec.exe -service --> C:\Windows\PAExec.exe -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-16 1255736]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 237056]

S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-24 21055432]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

.

=============== File Associations ===============

.

FileExt: .reg: regfile=regedit.exe "%1" [userChoice]

.

=============== Created Last 30 ================

.

2014-07-13 02:58:58 -------- d-----w- C:\54103318126a05b069737da255

2014-07-13 01:00:33 -------- d-----w- C:\60a41085d1944cadbe

2014-07-12 17:41:47 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEBBEAD6-B44C-4E4F-91C5-2D7100002B25}\offreg.dll

2014-07-12 02:59:25 -------- d-----w- C:\94a27571e2ccf356a6721b604e

2014-07-12 01:00:33 -------- d-----w- C:\e208bf2bf44fab2a087623

2014-07-11 23:39:20 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5530352b1cf9d6104\DSETUP.dll

2014-07-11 23:39:20 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5530352b1cf9d6104\DXSETUP.exe

2014-07-11 23:39:20 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5530352b1cf9d6104\dsetup32.dll

2014-07-11 23:39:18 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5385da4c1cf9d6103\DSETUP.dll

2014-07-11 23:39:18 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5385da4c1cf9d6103\DXSETUP.exe

2014-07-11 23:39:18 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5385da4c1cf9d6103\dsetup32.dll

2014-07-11 23:39:15 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\52b9d4c01cf9d6102\DSETUP.dll

2014-07-11 23:39:15 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\52b9d4c01cf9d6102\DXSETUP.exe

2014-07-11 23:39:15 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\52b9d4c01cf9d6102\dsetup32.dll

2014-07-11 23:39:07 -------- d-----w- C:\Users\adrian\AppData\Local\Windows Live

2014-07-11 23:38:54 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2014-07-11 14:01:29 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEBBEAD6-B44C-4E4F-91C5-2D7100002B25}\mpengine.dll

2014-07-11 13:49:48 -------- d-s---w- C:\Windows\System32\CompatTel

2014-07-11 03:17:32 -------- d-----w- C:\55b784da4383965dc87f9af1cd71

2014-07-11 02:58:59 -------- d-----w- C:\ProgramData\pricechiop

2014-07-11 02:58:59 -------- d-----w- C:\Program Files (x86)\pricechiop

2014-07-11 01:03:48 -------- d-----w- C:\27cac4acc353ed3a2eda562fccef0941

2014-07-10 15:29:51 -------- d-----w- C:\Program Files\OBS

2014-07-10 15:29:50 -------- d-----w- C:\Program Files (x86)\OBS

2014-07-10 11:06:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2014-07-10 11:06:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2014-07-10 11:06:55 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

2014-07-09 15:35:28 -------- d-----w- C:\Program Files\Common Files\EPSON

2014-07-09 15:34:51 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL

2014-07-09 15:34:50 83968 ----a-w- C:\Windows\System32\E_ID4BHKE.DLL

2014-07-09 15:34:50 120320 ----a-w- C:\Windows\System32\E_ILMHKE.DLL

2014-07-09 15:34:36 -------- d-----w- C:\ProgramData\EPSON

2014-07-09 13:23:20 25640 ----a-w- C:\Windows\gdrv.sys

2014-07-09 09:20:46 -------- d-----w- C:\Users\adrian\AppData\Roaming\Equalify

2014-07-08 23:15:17 -------- d-----w- C:\ProgramData\MySearch

2014-07-08 23:15:17 -------- d-----w- C:\Program Files (x86)\MySearch

2014-07-08 23:14:11 -------- d-----w- C:\ProgramData\priacechopu

2014-07-08 23:14:11 -------- d-----w- C:\Program Files (x86)\priacechopu

2014-07-08 23:12:48 -------- d-----w- C:\ProgramData\IePluginServices

2014-07-08 23:12:42 -------- d-----w- C:\Program Files (x86)\SupTab

2014-07-08 23:12:20 -------- d-sh--w- C:\Users\adrian\AppData\Local\EmieUserList

2014-07-08 23:12:20 -------- d-sh--w- C:\Users\adrian\AppData\Local\EmieSiteList

2014-07-08 23:11:35 -------- d-----w- C:\ProgramData\Adblocker

2014-07-08 23:11:35 -------- d-----w- C:\Program Files (x86)\Adblocker

2014-07-08 23:11:21 -------- d-----w- C:\ProgramData\pricoechoP

2014-07-08 23:11:21 -------- d-----w- C:\Program Files (x86)\pricoechoP

2014-07-08 23:11:09 -------- d-----w- C:\Users\adrian\AppData\Local\Torch

2014-07-08 23:11:09 -------- d-----w- C:\Users\adrian\AppData\Local\Chromatic Browser

2014-07-08 16:56:22 -------- d-sh--w- C:\Users\adrian\IntelGraphicsProfiles

2014-07-08 16:51:16 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2014-07-08 16:49:28 -------- d-----w- C:\f755d161757df2b43c3c4f01db3a6693

2014-07-08 16:47:03 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2014-07-08 16:47:03 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2014-07-08 05:59:24 -------- d-----w- C:\Program Files (x86)\Common Files\PostureAgent

2014-07-08 05:43:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2014-07-08 05:42:14 -------- d-----w- C:\Users\adrian\AppData\Roaming\Intel Corporation

2014-07-08 05:41:45 -------- d-----w- C:\Users\adrian\Intel

2014-07-08 05:40:27 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2014-07-08 05:40:27 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll

2014-07-08 05:40:24 -------- d-----w- C:\Program Files (x86)\Realtek

2014-07-08 05:36:59 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll

2014-07-08 05:36:52 -------- d-----w- C:\Intel

2014-07-06 22:49:51 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2014-07-06 22:49:50 -------- d-----w- C:\Riot Games

2014-06-25 15:30:40 -------- d-----w- C:\Users\adrian\AppData\Roaming\aipai

2014-06-25 15:30:30 -------- d-----w- C:\SmartPixel

2014-06-24 19:58:32 -------- d-----w- C:\Temp

2014-06-24 19:21:38 190464 ----a-w- C:\Windows\PAExec.exe

2014-06-24 19:21:19 -------- d-----w- C:\Users\adrian\AppData\Local\WindowsApplication1

2014-06-13 21:43:11 -------- d-----w- C:\ProgramData\Actual Tools

2014-06-13 21:43:10 -------- d-----w- C:\Users\adrian\AppData\Roaming\Actual Tools

2014-06-13 21:42:53 -------- d-----w- C:\Program Files (x86)\Actual Multiple Monitors

.

==================== Find3M ====================

.

2014-07-13 14:08:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-13 14:08:51 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-07-11 03:03:38 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2014-07-11 03:03:38 419840 ----a-w- C:\Windows\System32\systemcpl.dll

2014-07-11 03:03:38 14848 ----a-w- C:\Windows\System32\slwga.dll

2014-07-11 03:03:38 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2014-07-11 03:03:38 1008640 ----a-w- C:\Windows\System32\user32.dll

2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll

2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll

2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll

2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll

2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll

2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe

2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe

2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys

2014-06-13 02:59:26 1542088 ----a-w- C:\Windows\System32\nvdispgenco6434043.dll

2014-06-13 02:59:20 1890264 ----a-w- C:\Windows\System32\nvdispco6434043.dll

2014-06-13 02:48:13 946120 ----a-w- C:\Windows\System32\NvIFR64.dll

2014-06-13 02:48:12 902616 ----a-w- C:\Windows\System32\NvFBC64.dll

2014-06-13 02:48:12 13824408 ----a-w- C:\Windows\System32\nvcuda.dll

2014-06-13 02:48:11 909256 ----a-w- C:\Windows\SysWow64\NvIFR.dll

2014-06-13 02:48:11 4248520 ----a-w- C:\Windows\System32\nvcuvid.dll

2014-06-13 02:48:10 869336 ----a-w- C:\Windows\SysWow64\NvFBC.dll

2014-06-13 02:48:10 3989464 ----a-w- C:\Windows\SysWow64\nvcuvid.dll

2014-06-13 02:48:10 11211224 ----a-w- C:\Windows\SysWow64\nvcuda.dll

2014-06-13 02:48:09 391456 ----a-w- C:\Windows\System32\NvIFROpenGL.dll

2014-06-13 02:48:09 348120 ----a-w- C:\Windows\SysWow64\NvIFROpenGL.dll

2014-06-13 02:48:09 13911928 ----a-w- C:\Windows\System32\nvopencl.dll

2014-06-13 02:48:09 11272544 ----a-w- C:\Windows\SysWow64\nvopencl.dll

2014-06-13 02:47:39 14497528 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2014-06-13 02:47:38 16122344 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2014-06-13 02:47:36 417568 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll

2014-06-13 02:47:35 18625768 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2014-06-13 02:47:35 17553032 ----a-w- C:\Windows\System32\nvd3dumx.dll

2014-06-13 02:47:34 31512352 ----a-w- C:\Windows\System32\nvoglv64.dll

2014-06-13 02:47:33 502048 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll

2014-06-13 02:47:31 24198616 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2014-06-13 02:47:16 12860888 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2014-06-13 02:46:03 354016 ----a-w- C:\Windows\System32\nvoglshim64.dll

2014-06-13 02:46:03 305600 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll

2014-06-13 02:46:01 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll

2014-06-13 02:46:01 846832 ----a-w- C:\Windows\SysWow64\nvumdshim.dll

2014-06-13 02:46:01 22994392 ----a-w- C:\Windows\System32\nvcompiler.dll

2014-06-13 02:46:01 166568 ----a-w- C:\Windows\System32\nvinitx.dll

2014-06-13 02:46:01 146480 ----a-w- C:\Windows\SysWow64\nvinit.dll

2014-06-13 02:46:00 2814120 ----a-w- C:\Windows\SysWow64\nvapi.dll

2014-06-13 02:46:00 15294296 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2014-06-13 02:45:59 3196304 ----a-w- C:\Windows\System32\nvapi64.dll

2014-06-13 02:11:57 6783960 ----a-w- C:\Windows\System32\nvcpl.dll

2014-06-13 02:11:57 3523360 ----a-w- C:\Windows\System32\nvsvc64.dll

2014-06-13 02:11:54 933208 ----a-w- C:\Windows\System32\nvvsvc.exe

2014-06-13 02:11:53 62808 ----a-w- C:\Windows\System32\nvshext.dll

2014-06-13 02:11:53 387528 ----a-w- C:\Windows\System32\nvmctray.dll

2014-06-06 17:40:02 3802247 ----a-w- C:\Windows\System32\nvcoproc.bin

2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll

2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll

2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll

2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll

2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll

2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll

2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll

2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll

2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll

2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll

2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll

2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll

2014-05-29 17:06:16 146944 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys

.

============= FINISH: 19:58:34,50 ===============

attach.txt

13 juli, 2014

Det är bäst om din kompis kan registrera sig här och svara mig direkt i stället för att gå via dig. Om han behöver mer detaljerade förklaringar än vad jag normalt skriver så är det bara att fråga.

1. Avinstallera i Kontrollpanelen:

MySearch pga http://www.systemlookup.com/CLSID/118-searchv2_dll.html

pricechiop

Java 7 Update 51

eftersom det är en gammal version med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

2. Varifrån kommer den installerade Adblocker?

Jag undrar eftersom den kom in i datorn samtidigt som en massa skräp:

2014-07-08 23:15:17 -------- d-----w- C:\Program Files (x86)\MySearch

2014-07-08 23:12:48 -------- d-----w- C:\ProgramData\IePluginServices

2014-07-08 23:12:42 -------- d-----w- C:\Program Files (x86)\SupTab

2014-07-08 23:11:35 -------- d-----w- C:\Program Files (x86)\Adblocker

2014-07-08 23:11:21 -------- d-----w- C:\ProgramData\pricoechoP

3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

13 juli, 2014

# AdwCleaner v3.205 - Report created 14/07/2014 at 00:21:24

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : adrian - ADRIAN-PC

# Running from : C:\Users\adrian\Downloads\adwcleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\adrian\AppData\Roaming\LiveSupport.exe_log.txt

File Found : C:\Users\adrian\AppData\Roaming\regsvr32.exe_log.txt

File Found : C:\Users\adrian\daemonprocess.txt

Folder Found : C:\Program Files (x86)\PriceMeterLiveUpdate

Folder Found : C:\Program Files (x86)\SupTab

Folder Found : C:\Users\Administrator\AppData\Local\torch

Folder Found : C:\Users\adrian\.android

Folder Found : C:\Users\adrian\AppData\Local\Popajar

Folder Found : C:\Users\adrian\AppData\Local\PriceMeterLiveUpdate

Folder Found : C:\Users\adrian\AppData\Local\torch

Folder Found : C:\Users\Guest\AppData\Local\torch

Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Found : C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : HKCU\Software\Optimizer Pro

Key Found : HKCU\Software\RegisteredApplicationsEx

Key Found : [x64] HKCU\Software\1ClickDownload

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : [x64] HKCU\Software\Optimizer Pro

Key Found : [x64] HKCU\Software\RegisteredApplicationsEx

Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Found : HKLM\Software\aartemisSoftware

Key Found : HKLM\Software\awesomehpSoftware

Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Found : HKLM\Software\qone8Software

Key Found : HKLM\Software\Registry Helper

Key Found : HKLM\Software\supWPM

Key Found : HKLM\Software\sweet-pageSoftware

Key Found : HKLM\Software\webssearchesSoftware

Key Found : [x64] HKLM\SOFTWARE\aartemisSoftware

Key Found : [x64] HKLM\SOFTWARE\awesomehpSoftware

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : [x64] HKLM\SOFTWARE\qone8Software

Key Found : [x64] HKLM\SOFTWARE\sweet-pageSoftware

Key Found : [x64] HKLM\SOFTWARE\webssearchesSoftware

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Found [search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=1091&r=2014/07/08&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

Found [startup_urls] : hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

*************************

AdwCleaner[R0].txt - [6763 octets] - [14/07/2014 00:21:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6823 octets] ##########

13 juli, 2014

# AdwCleaner v3.205 - Report created 14/07/2014 at 00:22:29

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : adrian - ADRIAN-PC

# Running from : C:\Users\adrian\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\PriceMeterLiveUpdate

Folder Deleted : C:\Program Files (x86)\SupTab

Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\adrian\.android

Folder Deleted : C:\Users\adrian\AppData\Local\Popajar

Folder Deleted : C:\Users\adrian\AppData\Local\PriceMeterLiveUpdate

Folder Deleted : C:\Users\adrian\AppData\Local\torch

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

File Deleted : C:\Users\adrian\daemonprocess.txt

File Deleted : C:\Users\adrian\AppData\Roaming\LiveSupport.exe_log.txt

File Deleted : C:\Users\adrian\AppData\Roaming\regsvr32.exe_log.txt

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\Software\aartemisSoftware

Key Deleted : HKLM\Software\awesomehpSoftware

Key Deleted : HKLM\Software\qone8Software

Key Deleted : HKLM\Software\Registry Helper

Key Deleted : HKLM\Software\supWPM

Key Deleted : HKLM\Software\sweet-pageSoftware

Key Deleted : HKLM\Software\webssearchesSoftware

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : [x64] HKLM\SOFTWARE\aartemisSoftware

Key Deleted : [x64] HKLM\SOFTWARE\awesomehpSoftware

Key Deleted : [x64] HKLM\SOFTWARE\qone8Software

Key Deleted : [x64] HKLM\SOFTWARE\sweet-pageSoftware

Key Deleted : [x64] HKLM\SOFTWARE\webssearchesSoftware

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404861151&from=wpc&uid=SAMSUNGXHD502HJ_S2QQJ9GB626401&q={searchTerms}

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=1091&r=2014/07/08&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

Deleted [startup_urls] : hxxp://websearch.fastsearchings.info/?pid=2405&r=2014/07/11&hid=4094238111104309067&lg=EN&cc=SE&unqvl=56

*************************

AdwCleaner[R0].txt - [6975 octets] - [14/07/2014 00:21:24]

AdwCleaner[s0].txt - [5505 octets] - [14/07/2014 00:22:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5565 octets] ##########

13 juli, 2014

Svar på punkt nummer två: han svara: Jag har avinstallerat Adblocker

13 juli, 2014

Då ser vi vad som återstår med FRST:

Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet.

För 64-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

För 32-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

Starta FRST.

Läs villkoren för programmet.

Klicka på Yes för att acceptera.

Klicka på Scan-knappen.

När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.

Klistra in innehållet i FRST.txt direkt i ditt svar och bifoga Addition.txt

13 juli, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014

Addition.txt

13 juli, 2014

Jag vet inte varför allt inte kom med.

bifoga filen istället.

FRST.txt

14 juli, 2014

Ibland blir det konstigt med FRST-loggen av någon anledning.

1. Vad är det för version av Norton 360 i datorn, hur gammal är den, fungerar den?

Enligt loggen är den från 2007 och då lär det vara ett urdåligt skydd numera.

2. Starta Anteckningar.

Kopiera alla rader i rutan:

Task: {F1B7F075-7BCF-4BFC-ABA7-7CD76E6826AC} - System32\Tasks\WS.Booster-S-667284051 => c:\programdata\hostit\ws.booster\WS.Booster.exe <==== ATTENTION
Task: C:\Windows\Tasks\WS.Booster-S-667284051.job => c:\programdata\hostit\ws.booster\WS.Booster.exe <==== ATTENTION
c:\programdata\hostit
C:\Program Files (x86)\Mobogenie
C:\Users\adrian\AppData\Roaming\newnext.me
C:\Users\adrian\AppData\Local\PriceMeter
C:\ProgramData\IePluginServices
HKU\S-1-5-21-1604462049-2382875770-1229168442-1000\...\MountPoints2: {d6ad0dcf-b383-11e3-9629-806e6f6e6963} - E:\SETUP.EXE
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [2014-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-09] (Cherished Technololgy LIMITED)
S2 e9f32388; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
c:\progra~2\gssupp~1
S3 ESEADriver2; \??\C:\Users\adrian\AppData\Local\Temp\ESEADriver2.sys [X]
2014-07-11 04:58 - 2014-07-11 04:58 - 00000000 ____D () C:\Program Files (x86)\pricechiop
2014-07-09 01:15 - 2014-07-14 00:09 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-09 01:15 - 2014-07-09 01:15 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-09 01:14 - 2014-07-09 01:14 - 00000000 ____D () C:\ProgramData\priacechopu
2014-07-09 01:14 - 2014-07-09 01:14 - 00000000 ____D () C:\Program Files (x86)\priacechopu
2014-07-09 01:12 - 2014-07-09 01:12 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Users\adrian\AppData\Local\Chromatic Browser
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\ProgramData\pricoechoP
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Program Files (x86)\pricoechoP
2014-07-09 01:11 - 2014-07-09 01:11 - 00000000 ____D () C:\Program Files (x86)\Adblocker

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

3. Starta om datorn.

Avinstallera tilläggen priacechopu, pricechiop och pricoechoP i Chrome: https://support.google.com/chrome/answer/113907?hl=sv

4. På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar följande filnamn i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

C:\ProgramData\ntuser.pol

5. Kör FRST och bifoga den nya FRST.txt.

6. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats

Bocka för Scan Archives

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

14 juli, 2014

1. Vad är det för version av Norton 360 i datorn, hur gammal är den, fungerar den?

Enligt loggen är den från 2007 och då lär det vara ett urdåligt skydd numera.

2. Starta Anteckningar.

Kopiera alla rader i rutan:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

3. Starta om datorn.

Avinstallera tilläggen priacechopu, pricechiop och pricoechoP i Chrome: https://support.google.com/chrome/answer/113907?hl=sv

4. På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar följande filnamn i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

C:\ProgramData\ntuser.pol

5. Kör FRST och bifoga den nya FRST.txt.

6. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats

Bocka för Scan Archives

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Jag blev rätt så förbannad när jag ställde frågan:

1. Vad är det för version av Norton 360 i datorn, hur gammal är den, fungerar den?

Enligt loggen är den från 2007 och då lär det vara ett urdåligt skydd numera.

Jag fick till svar: den är crackad, så jag kommer att avinstallera det och lägga in ett annat antivirusprogram, får kolla på AV:s hemsida sen vad dom rekommanderar.

Här kommer: Fixlog.txt

Bifogar FRST som en fil:FRST.txt

Så fort jag stänger webbläsaren så återkommer tillläggen i webbläsaren.

Jag har gjort dom stegen som du sagt nu.

4. På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar följande filnamn i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

C:\ProgramData\ntuser.pol

Jag antar att du menar att jag ska välja filen: C:\ProgramData\ntuser.pol för att sedan klicka på scan it.

här är länken till resultatet

återkommer med loggen för Eset

14 juli, 2014

1. Starta Anteckningar.

Kopiera alla rader i rutan:

2014-07-11 04:58 - 2014-07-14 00:09 - 00000000 ____D () C:\ProgramData\pricechiop

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

2. Är det så att Chrome synkas mot Googles server så att den läser ner de dåliga tilläggen igen när det startas efter avinstallationen av dem?

14 juli, 2014

Här är loggen för Eset

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir Win32/Thinknice.D potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir Win32/Thinknice.C potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application

C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application

C:\FRST\Quarantine\C\programdata\Adblocker\aqDTwXuFitJ.exe a variant of Win32/AdWare.MultiPlug.AG application

C:\FRST\Quarantine\C\programdata\IePluginServices\PluginService.exe a variant of Win32/ELEX.AD potentially unwanted application

C:\FRST\Quarantine\C\programdata\priacechopu\58HCgqU.exe a variant of Win32/AdWare.MultiPlug.AG application

C:\FRST\Quarantine\C\programdata\pricoechoP\rNHcJO.exe a variant of Win32/AdWare.MultiPlug.AG application

C:\Program Files (x86)\Spider\spider-330.exe a variant of Win32/Packed.MoleboxUltra.A potentially unwanted application

C:\Program Files (x86)\watch dogs\Watch Dogs\bin\Watch_Dogs.exe a variant of Win32/Packed.VMProtect.ABD trojan

C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe a variant of Win32/Amonetize.BG potentially unwanted application

C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe a variant of Win32/AdWare.MultiPlug.AG application

C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe a variant of Win32/AdWare.MultiPlug.AG application

C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe Win32/InstalleRex.M potentially unwanted application

C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe a variant of Win32/AdWare.MultiPlug.AJ application

C:\Users\adrian\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload Win32/InstalleRex.M potentially unwanted application

C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload Win32/InstalleRex.M potentially unwanted application

C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe a variant of Win32/AdWare.MultiPlug.AJ application

C:\Users\adrian\Downloads\Norton 360\Norton 360.iso a variant of Generik.GHLRJE trojan

C:\Windows\System32\MPK\MPK.exe a variant of Win32/KeyLogger.Refog.B application

C:\Windows\System32\MPK\MPKView.exe a variant of Win32/KeyLogger.Refog.B application

C:\Windows\SysWOW64\MPK\MPK.exe a variant of Win32/KeyLogger.Refog.B application

C:\Windows\SysWOW64\MPK\MPKView.exe a variant of Win32/KeyLogger.Refog.B application

14 juli, 2014

1. Starta Anteckningar.

Kopiera alla rader i rutan:
2014-07-11 04:58 - 2014-07-14 00:09 - 00000000 ____D () C:\ProgramData\pricechiop
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

2. Är det så att Chrome synkas mot Googles server så att den läser ner de dåliga tilläggen igen när det startas efter avinstallationen av dem?

Han har ett konto tillagt i chrome vad jag kunde hitta, ska testa att koppla bort hans konto.

Återkommer när jag gjort det och gjort det steget med FRST igen.

Tack för att du hjälper mig Cecilia, du är en klippa!

14 juli, 2014

Loggen för FRST (fixlog)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014

Ran by adrian at 2014-07-14 15:15:17 Run:2

Running from C:\Users\adrian\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

2014-07-11 04:58 - 2014-07-14 00:09 - 00000000 ____D () C:\ProgramData\pricechiop

*****************

C:\ProgramData\pricechiop => Moved successfully.

==== End of Fixlog ====

14 juli, 2014

Jag testade att koppla bort kontot i chrome, stängde webbläsaren, öppna den igen, ta bort tilläggen, stängde webbläsaren, öppna den igen, men tilläggen återkom ändå.

14 juli, 2014

Ok

1. Är (eller har det funnits) ett program som övervakar, lagrar tangentbordstryckningar etc från Refrog eller KGB Monitoring Software installerat i datorn?

http://download.cnet.com/Refog-Keylogger/3000-2162_4-10379307.html

Kan en förälder ha installerat det?

2. Avinstallera tilläggen i Chrome igen samt se till att ändra startsidorna eftersom en av dem är fastsearchings:

https://support.google.com/chrome/answer/95421?hl=sv

https://support.google.com/chrome/answer/2765944

Stäng av Chrome och starta den inte igen förrän FRST har fått fixa och datorn har startats om.

3. Starta Anteckningar.

Kopiera alla rader i rutan:

C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe
C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe
C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe
C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe 
C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe 
C:\Users\adrian\Downloads\spsetup126.exe 
C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload 
C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload
C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe 
C:\Users\adrian\Downloads\Norton 360\Norton 360.iso 
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

14 juli, 2014

Logg från malwarebytes

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2014-07-14

Scan Time: 15:34:09

Logfile: Malwarebytes log file.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.14.04

Rootkit Database: v2014.07.09.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: adrian

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 476696

Time Elapsed: 39 min, 44 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 5

PUP.Optional.ShoppingChip, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}, Quarantined, [0a62e2bdc7b48bab5926f0676b97a060],

PUP.Optional.ISearch.A, HKLM\SOFTWARE\omiga-plusSoftware, Quarantined, [e28af8a77803e94d25d0729d1ce88b75],

Refog.Keylogger, HKLM\SOFTWARE\Refog Software, Quarantined, [204cbee14b30c5718759de95917233cd],

PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [5616148b2f4c979f3abb44cb778db44c],

PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [1c50029d5328d4627ad5776580821ae6],

Registry Values: 0

(No malicious items detected)

Registry Data: 1

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[c6a62679c4b771c5f061fba4dd277e82]

Folders: 11

Refog.Keylogger, C:\ProgramData\MPK, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\1, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\CPDA, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\CPDM, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\Windows\SysWOW64\MPK, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Images, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang, Quarantined, [1b512e71116a62d4d856237753af9769],

Files: 124

PUP.Optional.MultiPlug, C:\FRST\Quarantine\C\programdata\Adblocker\aqDTwXuFitJ.exe, Quarantined, [5b11aaf5b1ca4beb329bf3a5bb4610f0],

PUP.Optional.IePluginService.A, C:\FRST\Quarantine\C\programdata\IePluginServices\PluginService.exe, Quarantined, [6507bce396e59d99702088d5d62b03fd],

PUP.Optional.MultiPlug, C:\FRST\Quarantine\C\programdata\priacechopu\58HCgqU.exe, Quarantined, [86e64758136885b18845b7e1748d768a],

PUP.Optional.MultiPlug, C:\FRST\Quarantine\C\programdata\pricoechoP\rNHcJO.exe, Quarantined, [d795c1de502bf6406d609404e21fa759],

PUP.Optional.Amonetize, C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe, Quarantined, [8ce0227d0972da5c0fb96f1808f95ba5],

PUP.Optional.EZDownloader.A, C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\EzDownloader_setup.exe, Quarantined, [a5c75847295260d6b3ec6db205fbf30d],

PUP.Optional.MultiPlug.A, C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\hpds_setup.exe, Quarantined, [76f6f2ad2a51b185ad5968355aa77987],

PUP.Optional.Multiplug, C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe, Quarantined, [bfadcad5b9c226100e6e24761fe23cc4],

PUP.Optional.Multiplug, C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe, Quarantined, [e785e7b81e5d6bcb750796042dd455ab],

PUP.Optional.InstalleRex, C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload, Quarantined, [5c10c5dae09bcd69b1a12e6ac1401fe1],

PUP.Optional.InstalleRex, C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload, Quarantined, [1953d1ce314ae84e341ecfc9ce333cc4],

PUP.Optional.Preload, C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe, Quarantined, [3a32e4bbf685f83e0fa57128d0317d83],

PUP.Optional.Preload, C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe, Quarantined, [1359930c5427d95d00b42d6c61a0a060],

PUP.Optional.InstalleRex, C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe, Quarantined, [fc70752a87f4c373e86abfd905fc728e],

HackTool.Wpakill, C:\Users\adrian\Downloads\WAT (Windows Activation Tool Remover) {HMP}\RemoveWAT.exe, Quarantined, [0765445b72098da9fd64d47e29d7867a],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir, Quarantined, [1c50e1bef388bb7b6765820a778ae41c],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir, Quarantined, [4626e9b60b7024127e4e622a7b8656aa],

PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, Quarantined, [bfad2f70c7b46dc9eb1f1c54649dde22],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir, Quarantined, [ce9e5a45ec8fad898f3d4745e41d718f],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir, Quarantined, [b8b4a9f6aad1e254b11b8408748d0ff1],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir, Quarantined, [4a227629d7a4a591a725296309f8966a],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir, Quarantined, [0369702f6219f6409834a7e526db867a],

PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, Quarantined, [5814217ee09b092d5015c471c7398e72],

Malware.Packer.Krunchy, F:\EDGE\keygen.exe, Delete-on-Reboot, [beaeb8e72a518fa7234388cb8a7649b7],

Refog.Keylogger, C:\ProgramData\MPK\M0000, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\S0000, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\1\D0000, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\1\S0000, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\ProgramData\MPK\CPDM\cpfm.bin, Quarantined, [8be1613e76050c2a438d7c1306fc17e9],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\gaid.bin, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\icon_1.ico, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\key.bin, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\lnkmst.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\lsynchost.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Mpk.dll, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\MPK.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Mpk64.dll, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\MPK64.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\MPKInst.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\MPKView.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\sqlite3.dll, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\unins000.dat, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\unins000.exe, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\unins000.msg, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\alarms.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\clipboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\computer.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\delivery.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\file.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\filters.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\imhelp.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\internet.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\invisible.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\keyboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\logging.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\log_size.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\need_update_net.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\password.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\programs.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\screenshot.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\settings_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\update.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\English\users_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\alarms.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\clipboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\computer.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\delivery.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\file.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\filters.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\imhelp.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\internet.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\invisible.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\keyboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\logging.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\log_size.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\need_update_net.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\password.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\programs.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\screenshot.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\settings_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\German\users_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\alarms.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\clipboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\computer.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\delivery.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\filters.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\internet.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\invisible.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\keyboard.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\logging.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\log_size.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\password.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\programs.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\screenshot.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\settings_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Help\Spanish\users_node.htm, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Images\upgrade_middle.png, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Images\upgrade_top.png, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Images\vista_hide.bmp, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Images\xp_hide.bmp, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Brazilian.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Brazilian.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\English.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\French.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\French.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\German.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\German.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Italian.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Italian.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Japanese.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Japanese.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Polish.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Polish.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Portuguese.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Portuguese.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Romanian.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Romanian.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Russian.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Spanish.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Spanish.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Turkish.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Turkish.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Ukrainian.frc, Quarantined, [1b512e71116a62d4d856237753af9769],

Refog.Keylogger, C:\Windows\SysWOW64\MPK\Lang\Ukrainian.lng, Quarantined, [1b512e71116a62d4d856237753af9769],

Physical Sectors: 0

(No malicious items detected)

(end)

14 juli, 2014

Ok

1. Är (eller har det funnits) ett program som övervakar, lagrar tangentbordstryckningar etc från Refrog eller KGB Monitoring Software installerat i datorn?

http://download.cnet.com/Refog-Keylogger/3000-2162_4-10379307.html

Kan en förälder ha installerat det?

2. Avinstallera tilläggen i Chrome igen samt se till att ändra startsidorna eftersom en av dem är fastsearchings:

https://support.google.com/chrome/answer/95421?hl=sv

https://support.google.com/chrome/answer/2765944

Stäng av Chrome och starta den inte igen förrän FRST har fått fixa och datorn har startats om.

3. Starta Anteckningar.

Kopiera alla rader i rutan:
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe
C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe
C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe
C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe 
C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe 
C:\Users\adrian\Downloads\spsetup126.exe 
C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload 
C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload
C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe 
C:\Users\adrian\Downloads\Norton 360\Norton 360.iso 
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk
C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

Varken han eller jag vet var keyloggern kommer ifrån.

14 juli, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014

Ran by adrian at 2014-07-14 16:51:46 Run:3

Running from C:\Users\adrian\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar

C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe

C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe

C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe

C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe

C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe

C:\Users\adrian\Downloads\spsetup126.exe

C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload

C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload

C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe

C:\Users\adrian\Downloads\Norton 360\Norton 360.iso

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek

*****************

C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar => Moved successfully.

"C:\Users\adrian\AppData\Local\Temp\RemoveWAT3__7934_il1871717.exe" => File/Directory not found.

"C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupespl.exe" => File/Directory not found.

"C:\Users\adrian\AppData\Local\Temp\36d3176f\temp\setupnt.exe" => File/Directory not found.

"C:\Users\adrian\Downloads\100% Working Windows 7 Activator Free Download (2).exe" => File/Directory not found.

"C:\Users\adrian\Downloads\RemoveWAT 2.2.8 Windows Permanent Activator Full Version Free Download.exe" => File/Directory not found.

C:\Users\adrian\Downloads\spsetup126.exe => Moved successfully.

"C:\Users\adrian\Downloads\Unconfirmed 39706.crdownload" => File/Directory not found.

"C:\Users\adrian\Downloads\Unconfirmed 753174.crdownload" => File/Directory not found.

"C:\Users\adrian\Downloads\W7a(ask4pc).rar.exe" => File/Directory not found.

Could not move "C:\Users\adrian\Downloads\Norton 360\Norton 360.iso" => Scheduled to move on reboot.

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc => Moved successfully.

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk => Moved successfully.

C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek => Moved successfully.

"C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahohhokdggngdkndkjnponipmkdnalc" => File/Directory not found.

"C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jleajdpomaeomdhdcojkoioeogodeopk" => File/Directory not found.

"C:\Users\adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiciiemaoinecbpakjhdmglmieokkek" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-14 16:54:02)<=

C:\Users\adrian\Downloads\Norton 360\Norton 360.iso => Is moved successfully.

==== End of Fixlog ====

14 juli, 2014

kollade i tilläggen efteråt, dom försvann

Fy fan vad du är grym Cecilia

14 juli, 2014

Refog.Keylogger är den som jag såg i FRST-loggen och nu har ju MBAM tagit hand om den så den kan vi glömma nu.

Hur går det med punkt 2 och 3?

14 juli, 2014

Förlåt, här kommer inläggen så fort att jag inte hinner med att se dem innan jag skriver.

Utmärkt att allt verkar vara bra med datorn nu. Några fler frågor?

14 juli, 2014

Förlåt, här kommer inläggen så fort att jag inte hinner med att se dem innan jag skriver.

Utmärkt att allt verkar vara bra med datorn nu. Några fler frågor?

Jag tror inte det är några fler frågor

14 juli, 2014

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer pga keyloggern.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

priacechopu 3.9 i webbläsaren som återkommer

Rekommendera Poster

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

cybertears

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 28 gäster (Visa hela listan)

Populära medlemmar