DOS fönster blinkar med jämna mellanrum

[train51a]

Hej!

Försöker hjälpa min dotter med ett problem. Hon har en HP dator och Windows 10 och har fått problem med att det blinkar till ett dos?fönster ca en gång per minut.

Har gjort en scan med  Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016 

. Resultat se bilaga

 

Vad göra?

Train 51

Scan result of Farbar Recovery Scan Tool.docx

[Cecilia]

Hej!

 

Ser ut att finnas några reklamprogram i datorn och de kan tänkas ställa till med hyss.

 

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s1].txt

[train51a]

Hej Cecilia,

 

Stort tack för snabbt svar! Vi fick följande svar:

 

# AdwCleaner v6.041 - Logfile created 30/12/2016 at 17:45:29

# Updated on 16/12/2016 by Malwarebytes

# Database : 2016-12-29.2 [server]

# Operating System : Windows 10 Home  (X64)

# Username : Annmo - KERSTIN

# Running from : C:\Users\Annmo\Downloads\adwcleaner_6.041.exe

# Mode: Scan

# Support : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

No malicious services found.

 

 

***** [ Folders ] *****

 

Folder Found:  C:\Users\Annmo\AppData\Local\ArcadeTwist

Folder Found:  C:\Users\Annmo\AppData\Local\SweetLabs App Platform

Folder Found:  C:\Users\Annmo\AppData\Roaming\Tny_cassiopesa

Folder Found:  C:\ProgramData\pokki

Folder Found:  C:\ProgramData\Pokki

Folder Found:  C:\Program Files (x86)\Search Extensions

Folder Found:  C:\Program Files (x86)\Tny_cassiopesa

Folder Found:  C:\Users\Default User\AppData\Local\Pokki

Folder Found:  C:\Users\Default\AppData\Local\Pokki

Folder Found:  C:\Users\Public\Pokki

Folder Found:  C:\Users\Annmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg

 

 

***** [ Files ] *****

 

File Found:  C:\Users\Annmo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

File Found:  C:\WINDOWS\SysNative\VOTPrxOff.ini

File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

File Found:  C:\WINDOWS\SysWOW64\VOTPrxOff.ini

File Found:  C:\Users\Annmo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kofkpgiaknijknhajbhnghkodiccblkg_0.localstorage

 

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

 

***** [ WMI ] *****

 

No malicious keys found.

 

 

***** [ Shortcuts ] *****

 

No infected shortcut found.

 

 

***** [ Scheduled Tasks ] *****

 

Task Found:  RocketTab

Task Found:  RocketTab

Task Found:  ArcadeTwist Support

Task Found:  ArcadeTwist Updater

Task Found:  SweetLabs App Platform

 

 

***** [ Registry ] *****

 

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Classes\pokki

Key Found:  HKCU\Software\Classes\pokki

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataController

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataController.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager.1

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController

Key Found:  HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController.1

Key Found:  [x64] HKCU\Software\Classes\pokki

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataController

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataController.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController

Key Found:  [x64] HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController.1

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}

Key Found:  HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}

Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\RocketTabInstalled

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\rttasks

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Search Extensions

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\SweetLabs App Platform

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Tny_Cassiopesa

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E73670A-F0AF-4A88-8BDF-ED0710B305B2}

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu

Key Found:  HKCU\Software\RocketTabInstalled

Key Found:  HKCU\Software\rttasks

Key Found:  HKCU\Software\Search Extensions

Key Found:  HKCU\Software\SweetLabs App Platform

Key Found:  HKCU\Software\Tny_Cassiopesa

Key Found:  HKLM\SOFTWARE\RocketTab

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E73670A-F0AF-4A88-8BDF-ED0710B305B2}

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tny_Cassiopesa

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yahooprovidedsearch

Key Found:  [x64] HKCU\Software\RocketTabInstalled

Key Found:  [x64] HKCU\Software\rttasks

Key Found:  [x64] HKCU\Software\Search Extensions

Key Found:  [x64] HKCU\Software\SweetLabs App Platform

Key Found:  [x64] HKCU\Software\Tny_Cassiopesa

Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E73670A-F0AF-4A88-8BDF-ED0710B305B2}

Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP

Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu

Data Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Internet Explorer\Main [start Page] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1

Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodor%

Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodor%

Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodo

Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodo

Key Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Data Found:  HKU\S-1-5-21-3965353950-1570549563-2152227582-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 

Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 

Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com

Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com

Key Found:  HKCU\Software\Classes\AllFileSystemObjects\shell\pokki

Key Found:  HKCU\Software\Classes\Directory\shell\pokki

Key Found:  HKCU\Software\Classes\Drive\shell\pokki

Key Found:  HKCU\Software\Classes\lnkfile\shell\pokki

Key Found:  HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg

Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg

Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg

Key Found:  [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg

 

 

***** [ Web browsers ] *****

 

No malicious Firefox based browser items found.

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Chromium\User Data\Default\Web data] - search provided by yahoo

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D7%26b%3Dchmm%26cc%

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - kofkpgiaknijknhajbhnghkodiccblkg

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_17_orgnl&param1=1&param2=f%3D1%26b%3Dchmm%26cc

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com

Chrome pref Found:  [C:\Users\Annmo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kofkpgiaknijknhajbhnghkodiccblkg

 

*************************

 

C:\AdwCleaner\AdwCleaner[s0].txt - [12448 Bytes] - [30/12/2016 17:45:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12522 Bytes] ##########

 

 

[Cecilia]

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[C1].txt

 

 

2. Skanna datorn online genom att följa instruktionen på sidan http://support.eset.com/kb2921/ .
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats (viktigt eftersom falsklarm förekommer).
Bocka för:
Scan Archives
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

2.

 

 

3. Starta FRST.

Se till att Addition.txt är valt innan du låter programmet skanna datorn.

Bifoga de två nya loggfilerna.

[train51a]

Hej!

Kerstin fick problem när hon skulle fortsätta felsökningen. I något läge stängde datorn ned och nu kommer hon inte ut på internet längre. 

Det finns kontakt med nätverket men internet är spärrat.

MVH

[Cecilia]

Hej!

Kerstin fick problem när hon skulle fortsätta felsökningen. I något läge stängde datorn ned och nu kommer hon inte ut på internet längre. 

Det finns kontakt med nätverket men internet är spärrat.

MVH

Hej!

 

Går det för Kerstin att komma till Googles söksida om hon skriver in följande i webbläsarens adressfält?

 

216.58.211.131

 

Bara för att försöka förstå vad som hänt.

 

Något felmeddelande eller vad händer när hon försöker surfa?

[train51a]

Hej!

meddelandet hon får lyder

there is something wrong whith the proxyserver or the adress is incorrect. 

 

try to contact the system adm checking the proxy adress runing windows network diagnostics

 

MVH

[Cecilia]

Säg till Kerstin att göra så här:

 

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar
Avbocka "Använd en proxyserver...."

 

Se om det räcker för att komma ut på internet (kan behöva upprepas när datorn har startats om).

[train51a]

Hej!

Detta har hjälpt, så datorn fungerar normalt igen. Även blinkningarna har försvunnit-

 

Tack för hjälpen!

[Cecilia]

Hej!

Detta har hjälpt, så datorn fungerar normalt igen. Även blinkningarna har försvunnit-

 

Tack för hjälpen!

Utmärkt!

 

Men det ändå finnas kvar skadliga eller olämpliga program i datorn om man inte gör allt.