Hjälp med att ta bort skräp på min brors dator

[Kotten75]

Hej!

 

Min bror har problem med lite malware på sin dator.

Har har väl fått det genom att klicka på tveksamma länkar.  

Hur som haver, han kan knappt använda sin browser och tänkte att jag skriver åt honom.

Jag har inte heller tillgång till hans dator, så tveksamma instruktioner via telefon är allt jag fått...

 

Felbeskrivning:

Det bara poppar upp diverse reklam och liknade skräp i browsern (Chrome) och det går inte alltid att klicka på knappar/länkar utan att det poppar upp reklam och det faktiskt knappt händer något, så han kunde inte ens regga sig som användare här på ett enkelt sätt.

Där kommer jag in i bilden.

 

Saker han lyckats få är exempelvis

Faster Light

ShopNDrop

Vi-View

Säkert mer än så.  

 

Tacksam för all hjälp jag (min bror Tomas) kan få.

 

/Claes

 

Bifogar "Addition.txt"

 

Nedan är innehållet i "FRST.txt"

---

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02

Ran by Tomas (administrator) on LUCIFER on 13-01-2015 21:23:58

Running from C:\Users\Tomas\Desktop

Loaded Profile: Tomas (Available profiles: UpdatusUser & Tomas)

Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

() C:\Program Files (x86)\Faster Light\updateFasterLight.exe

() C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

() C:\Windows\SysWOW64\UMonit64.exe

(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.expext.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BOASHelper.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.PurBrowse64.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BrowserAdapter.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BrowserAdapter64.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BRT.Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BOASPRT.exe

() C:\Program Files (x86)\Faster Light\bin\FasterLight.BOAS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)

HKLM\...\Run: [igfxTray] => C:\windows\system32\igfxtray.exe [457616 2014-10-03] ()

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [uMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()

HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-31] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-10-31] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1742320233-381860319-3888191217-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.16\OptProLauncher.exe

AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

AutoConfigURL: [s-1-5-21-1742320233-381860319-3888191217-1002] => file://C:\Program Files (x86)\Faster Light\bin\Pac8129.js

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

HKU\S-1-5-21-1742320233-381860319-3888191217-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1742320233-381860319-3888191217-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

HKU\S-1-5-21-1742320233-381860319-3888191217-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

BHO: realldeaL -> {7b16ded7-054b-49a2-b023-4a0b75c3c21a} -> C:\ProgramData\realldeaL\zzV2qoDfsmwc3q.x64.dll ()

BHO: deoal4me -> {f3160233-29c2-4b6a-b11c-fe6848949d15} -> C:\ProgramData\deoal4me\0s2qt9ntlOLJyI.x64.dll ()

BHO-x32: realldeaL -> {7b16ded7-054b-49a2-b023-4a0b75c3c21a} -> C:\ProgramData\realldeaL\zzV2qoDfsmwc3q.dll ()

BHO-x32: Faster Light 1.0.0.6 -> {950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} -> C:\Program Files (x86)\Faster Light\FasterLightbho.dll (Faster Light)

BHO-x32: deoal4me -> {f3160233-29c2-4b6a-b11c-fe6848949d15} -> C:\ProgramData\deoal4me\0s2qt9ntlOLJyI.dll ()

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2015-01-13]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 9b784ed1; c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll [5079632 2014-12-22] ()

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)

S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)

R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

R2 Update Faster Light; C:\Program Files (x86)\Faster Light\updateFasterLight.exe [529144 2015-01-13] ()

R2 Util Faster Light; C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe [529144 2015-01-13] ()

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-22] (Fuyu LIMITED) [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)

R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)

R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)

R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)

R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)

R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R1 {2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64; C:\Windows\System32\drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64.sys [48792 2014-12-30] (StdLib)

R1 {442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64; C:\Windows\System32\drivers\{442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64.sys [48792 2014-12-22] (StdLib)

R1 {82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64; C:\Windows\System32\drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64.sys [48792 2015-01-02] (StdLib)

R1 {8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64; C:\Windows\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64.sys [48792 2014-12-26] (StdLib)

R1 {a081059f-4e06-4f49-9a1e-4b92e171ba25}Gw64; C:\Windows\System32\drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}Gw64.sys [48792 2015-01-05] (StdLib)

R1 {f17a6425-9752-4042-9063-36eef24d8b77}Gw64; C:\Windows\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gw64.sys [48792 2014-12-24] (StdLib)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-13 21:23 - 2015-01-13 21:24 - 00020163 _____ () C:\Users\Tomas\Desktop\FRST.txt

2015-01-13 21:23 - 2015-01-13 21:23 - 00000000 ____D () C:\FRST

2015-01-13 21:23 - 2015-01-13 21:20 - 02124288 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe

2015-01-13 21:20 - 2015-01-13 21:20 - 02124288 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe

2015-01-13 21:09 - 2015-01-13 21:09 - 37987520 _____ (Microsoft Corporation) C:\Users\Tomas\Downloads\Windows-KB890830-x64-V5.20.exe

2015-01-13 20:23 - 2015-01-13 20:23 - 00000000 ____D () C:\Program Files (x86)\shopndruoup

2015-01-13 20:07 - 2015-01-13 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-01-13 19:47 - 2015-01-13 19:47 - 00000000 ____D () C:\ProgramData\realldeaL

2015-01-10 08:20 - 2015-01-10 08:20 - 00000000 ____D () C:\ProgramData\cegmlfnchlafchhdmphljihpmpneaopo

2015-01-10 02:10 - 2015-01-13 20:46 - 00000000 ____D () C:\ProgramData\ad75df79c0440516

2015-01-10 02:10 - 2015-01-13 20:23 - 00000000 ____D () C:\ProgramData\shopndruoup

2015-01-10 02:10 - 2015-01-10 02:10 - 00000000 ____D () C:\ProgramData\deoal4me

2015-01-05 18:24 - 2015-01-05 04:45 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}Gw64.sys

2015-01-02 21:15 - 2015-01-02 11:43 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64.sys

2014-12-30 16:16 - 2014-12-30 05:46 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64.sys

2014-12-27 09:52 - 2014-12-26 23:34 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64.sys

2014-12-24 22:30 - 2014-12-24 06:33 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gw64.sys

2014-12-24 12:51 - 2014-12-24 12:51 - 00082236 _____ () C:\Users\Tomas\Downloads\game.htm

2014-12-22 23:10 - 2014-12-22 13:44 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64.sys

2014-12-22 23:02 - 2014-12-22 23:02 - 00003252 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule

2014-12-22 23:02 - 2014-12-22 23:02 - 00000000 ____D () C:\Users\Tomas\Documents\Optimizer Pro

2014-12-22 23:02 - 2014-12-22 23:02 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Optimizer Pro

2014-12-22 22:56 - 2014-12-22 22:56 - 00001122 _____ () C:\Users\Tomas\Desktop\Optimizer Pro.lnk

2014-12-22 22:56 - 2014-12-22 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

2014-12-22 22:55 - 2015-01-13 20:30 - 00000000 ____D () C:\Program Files (x86)\Faster Light

2014-12-22 22:55 - 2014-12-22 22:56 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.16

2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect

2014-12-22 22:55 - 2014-12-22 22:53 - 00675988 _____ () C:\Users\Tomas\Downloads\minecraft.exe.EXE

2014-12-22 22:53 - 2014-12-22 22:53 - 00791528 _____ ( ) C:\Users\Tomas\Downloads\minecraft.exe

2014-12-16 21:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2014-12-16 21:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-13 21:20 - 2014-02-13 18:50 - 00001018 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-13 21:11 - 2014-11-05 22:31 - 01729982 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-13 21:01 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-13 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-13 20:48 - 2014-03-01 11:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742320233-381860319-3888191217-1002

2015-01-13 20:43 - 2014-11-06 03:46 - 00000000 __RDO () C:\Users\Tomas\OneDrive

2015-01-13 20:43 - 2014-02-13 18:50 - 00001014 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-13 20:07 - 2013-10-31 20:54 - 00001871 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk

2015-01-13 19:30 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini

2015-01-13 19:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-12 03:37 - 2014-12-07 03:14 - 00003920 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D04068A2-9D8C-4EE4-9379-7DE9260AE0F5}

2014-12-31 13:12 - 2014-02-16 23:08 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-12-23 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy

2014-12-19 13:02 - 2013-10-31 20:54 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf

2014-12-15 21:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

 

Some content of TEMP:

====================

C:\Users\Tomas\AppData\Local\Temp\optprosetup.exe

C:\Users\Tomas\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_20044.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-10 09:56

 

==================== End Of Log ============================

Addition.txt

[Cecilia]

Hej!

 

1. Om det går avinstallera följande annonsprogram på vanligt sätt i Kontrollpanelens lista över installerade program (se till att webbläsarna är avstängda först):

deoal4me

Faster Light http://www.systemlookup.com/CLSID/84618-FasterLightbho_dll.html

Optimizer Pro

realldeaL

 

Sånt brukar komma in när man installerar reklamfinansierade gratisprogram, men en del verkar ha samband med nerladdning av Minecraft (crackad version?) i din bror dator.

 

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

[Kotten75]

Hej!

 

1. Om det går avinstallera följande annonsprogram på vanligt sätt i Kontrollpanelens lista över installerade program (se till att webbläsarna är avstängda först):

deoal4me

Faster Light http://www.systemlookup.com/CLSID/84618-FasterLightbho_dll.html

Optimizer Pro

realldeaL

 

Sånt brukar komma in när man installerar reklamfinansierade gratisprogram, men en del verkar ha samband med nerladdning av Minecraft (crackad version?) i din bror dator.

 

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Hej!

 

Tack för all hjälp.

Han fick bort alla utom deoal4me.

Vi försökte ta bort ett gäng igår också, men de flesta valde att inte vilja avinstallera sig själva.  

 

Här är resultatet.

...

# AdwCleaner v4.107 - Report created 15/01/2015 at 19:37:55

# Updated 07/01/2015 by Xplode

# Database : 2015-01-13.2 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : Tomas - LUCIFER

# Running from : C:\Users\Tomas\Downloads\adwcleaner_4.107.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : WindowsMangerProtect

Service Found : {2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64

Service Found : {442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64

Service Found : {82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64

Service Found : {8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64

Service Found : {a081059f-4e06-4f49-9a1e-4b92e171ba25}Gw64

Service Found : {f17a6425-9752-4042-9063-36eef24d8b77}Gw64

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

File Found : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

File Found : C:\WINDOWS\System32\drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64.sys

File Found : C:\WINDOWS\System32\drivers\{442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64.sys

File Found : C:\WINDOWS\System32\drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64.sys

File Found : C:\WINDOWS\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64.sys

File Found : C:\WINDOWS\System32\drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}Gw64.sys

File Found : C:\WINDOWS\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gw64.sys

Folder Found : C:\Program Files (x86)\realldeaL

Folder Found : C:\Program Files (x86)\shopndruoup

Folder Found : C:\ProgramData\ad75df79c0440516

Folder Found : C:\ProgramData\deoal4me

Folder Found : C:\ProgramData\realldeaL

Folder Found : C:\ProgramData\shopndruoup

Folder Found : C:\ProgramData\WindowsMangerProtect

Folder Found : C:\Users\Tomas\AppData\Local\Temp\Faster Light

Folder Found : C:\Users\Tomas\Documents\Optimizer Pro

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7b16ded7-054b-49a2-b023-4a0b75c3c21a}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{950EF4DF-B9DD-4B97-9E34-5C7D25A5EB88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7b16ded7-054b-49a2-b023-4a0b75c3c21a}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{950EF4DF-B9DD-4B97-9E34-5C7D25A5EB88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : HKCU\Software\Optimizer Pro

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Optimizer Pro

Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7b16ded7-054b-49a2-b023-4a0b75c3c21a}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{c8fd30b9-aac7-4c55-b61b-2827f58aea8b}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Found : HKLM\SOFTWARE\Classes\P7b16ded7_054b_49a2_b023_4a0b75c3c21a_.P7b16ded7_054b_49a2_b023_4a0b75c3c21a_

Key Found : HKLM\SOFTWARE\Classes\P7b16ded7_054b_49a2_b023_4a0b75c3c21a_.P7b16ded7_054b_49a2_b023_4a0b75c3c21a_.9

Key Found : HKLM\SOFTWARE\Classes\Pc8fd30b9_aac7_4c55_b61b_2827f58aea8b_.Pc8fd30b9_aac7_4c55_b61b_2827f58aea8b_

Key Found : HKLM\SOFTWARE\Classes\Pc8fd30b9_aac7_4c55_b61b_2827f58aea8b_.Pc8fd30b9_aac7_4c55_b61b_2827f58aea8b_.9

Key Found : HKLM\SOFTWARE\Classes\Pf3160233_29c2_4b6a_b11c_fe6848949d15_.Pf3160233_29c2_4b6a_b11c_fe6848949d15_

Key Found : HKLM\SOFTWARE\Classes\Pf3160233_29c2_4b6a_b11c_fe6848949d15_.Pf3160233_29c2_4b6a_b11c_fe6848949d15_.9

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7b16ded7-054b-49a2-b023-4a0b75c3c21a}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c8fd30b9-aac7-4c55-b61b-2827f58aea8b}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}

Key Found : HKLM\SOFTWARE\supWindowsMangerProtect

Key Found : HKLM\SOFTWARE\vi-viewSoftware

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7b16ded7-054b-49a2-b023-4a0b75c3c21a}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{c8fd30b9-aac7-4c55-b61b-2827f58aea8b}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{f3160233-29c2-4b6a-b11c-fe6848949d15}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3160233-29c2-4b6a-b11c-fe6848949d15}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q&q={searchTerms}

 

-\\ Google Chrome v39.0.2171.95

 

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [startup_URLs] : hxxp://myhome.vi-view.com/?type=hp&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q

[C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [startup_URLs] : hxxp://myhome.vi-view.com/?type=hp&ts=1419285344&from=cor&uid=ST1000LM014-1EJ164_W380N58QXXXXW380N58Q

 

*************************

 

AdwCleaner[R0].txt - [8695 octets] - [15/01/2015 19:37:55]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8755 octets] ##########

[Cecilia]

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med FRST och klistra in de två nya loggarna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[Kotten75]

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med FRST och klistra in de två nya loggarna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

 

Hej!

 

Jag tackar för all hjälp jag fått med detta.

Han bestämde sig för att ominstallera sin dator istället, så problemet löstes på det jobbiga sättet.

Men återigen, tack för din tid och hjälp!

 

/K

[Cecilia]

Hej!

 

Ingen orsak

 

Ominstallation är alltid det säkraste sättet att få bort skadliga och olämpliga program, så det är ett bra val att göra så.

 

För att hålla koll på att man inte har gamla programversioner med säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn är Secunias Software Inspector bra. Låt det kolla upp datorn och fixa de problem som den rapporterar. Den engelska sidan http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ beskriver hur man installerar och använder programmet.