Dan har fått virus i sin dator igen.

[cybertears]

Jag har bett honom att köra FRST men han har inte skickat några loggar än.

 

Jag bad honom köra AdwCleaner och den hittade detta:

 

# AdwCleaner v3.307 - Report created 18/08/2014 at 13:19:51

# Updated 17/08/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Dan - DAN-DATOR

# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

 

-\\ Google Chrome v36.0.1985.143

 

[ File : C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u2U4VyvqsLQmcamcDnR8FAF8_zdhgyOXTLLUsGJIK_jPqC69b-SRX-0kPUha9V9A,,&q={searchTerms}

Found [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Found [startup_urls] : hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=SE&userid=b44db7b7-c5c1-4894-9f08-9cfae46a8739&searchtype=hp&installDate=02/08/2013

Found [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Found [startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u6ozqBLSfw5QZcslOAmdeUpzZj3SvgBB7vYEe9v4BlzuKo0DXsLl4sTinXp1mPEQ,,

 

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Found [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Found [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&q={searchTerms}&SSPV=

Found [search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u2U4VyvqsLQmcamcDnR8FAF8_zdhgyOXTLLUsGJIK_jPqC69b-SRX-0kPUha9V9A,,&q={searchTerms}

Found [search Provider] : hxxp://www.trovigo.com/Results.aspx?q={searchTerms}&Suggest=&stype=Homepage&useHistory=0&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&UM=4&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3319434&octid=EB_ORIGINAL_CTID

Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&SSPV=

Found [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

 

*************************

 

AdwCleaner[R0].txt - [3870 octets] - [18/08/2014 13:19:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3930 octets] ##########

 

[cybertears]

Vad den kunde ta bort:

# AdwCleaner v3.307 - Report created 18/08/2014 at 13:24:58

# Updated 17/08/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Dan - DAN-DATOR

# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

 

-\\ Google Chrome v36.0.1985.143

 

[ File : C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u2U4VyvqsLQmcamcDnR8FAF8_zdhgyOXTLLUsGJIK_jPqC69b-SRX-0kPUha9V9A,,&q={searchTerms}

Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Deleted [startup_urls] : hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=SE&userid=b44db7b7-c5c1-4894-9f08-9cfae46a8739&searchtype=hp&installDate=02/08/2013

Deleted [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Deleted [startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u6ozqBLSfw5QZcslOAmdeUpzZj3SvgBB7vYEe9v4BlzuKo0DXsLl4sTinXp1mPEQ,,

 

[ File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCtCtCtDzz0Fzy0Dzz0BtBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1738773835&ir=

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&q={searchTerms}&SSPV=

Deleted [search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlPg0gcGD-P_1h9bDD5059w4gtQeFb-mW_C5GekG0DEDauGA9ix5sIr0rgAyDaUBxx0QSiy7tK8sf09u2U4VyvqsLQmcamcDnR8FAF8_zdhgyOXTLLUsGJIK_jPqC69b-SRX-0kPUha9V9A,,&q={searchTerms}

Deleted [search Provider] : hxxp://www.trovigo.com/Results.aspx?q={searchTerms}&Suggest=&stype=Homepage&useHistory=0&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&UM=4&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3319434&octid=EB_ORIGINAL_CTID

Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&SSPV=

Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

 

*************************

 

AdwCleaner[R0].txt - [4018 octets] - [18/08/2014 13:19:51]

AdwCleaner[R1].txt - [4078 octets] - [18/08/2014 13:24:04]

AdwCleaner[s0].txt - [4033 octets] - [18/08/2014 13:24:58]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4093 octets] ##########

[Cecilia]

Utmärkt att AdwCleaner fick ta bort det den hittade.

[cybertears]

Addition.txt

FRST.txt

[Cecilia]

Error: (08/17/2014 11:25:12 AM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk4\DR4.

 

Error: (08/14/2014 06:46:35 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk5\DR6.

Kan eventuellt bero på dålig hårddisk vilket kan ge långsam dator.

 

CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC211CF7F-ADA4-4F43-A67A-3887E13D63A2&SSPV=

Ändra startsida i Chrome: https://support.google.com/chrome/answer/95314?hl=sv

 

Förutom ovanstående kan jag inte se något olämpligt eller skadligt i loggarna, men det är ju alltid bra att få en kontroll med ett till antivirusprogram, t ex Esets online-skanner.

[cybertears]

Ska jag be honom köra Eset online-skanner?

[Cecilia]

Ja, gör det och se till att det blir dessa inställningar:

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[cybertears]

Ja, gör det och se till att det blir dessa inställningar:

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Han följde inte instruktionerna riktigt.

men här är loggen för Eset:

 

C:\Users\Dan\AppData\Local\Temp\a.7z Win32/TrojanDownloader.VB.QNP trojan cleaned by deleting - quarantined

C:\Users\Dan\Downloads\DTLite4491-0356.exe Win32/DownWare.L potentially unwanted application deleted - quarantined

[Cecilia]

Bra att Eset tog bor de två filerna.

 

Dags att avinstallera AdwCleaner och FRST.

[cybertears]

Error: (08/17/2014 11:25:12 AM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk4\DR4.

 

Error: (08/14/2014 06:46:35 PM) (Source: Disk) (EventID: 11) (User: )

Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk5\DR6. 

Som jag förstår loggen så är det hårddisk nummer 4 och 5 som verkar vara på väg att gå sönder?

[Cecilia]

Så uppfattar jag det också men om det stämmer med numreringen i Diskhanteraren vet jag inte. Det är möjligt att det gäller partitioner i stället.

[cybertears]

Så uppfattar jag det också men om det stämmer med numreringen i Diskhanteraren vet jag inte. Det är möjligt att det gäller partitioner i stället.

Han satt och testa sina diskar, dom har dåliga sektorer :/