CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede eurodont Juniormester
22. juni 2014 - 16:34 Der er 11 kommentarer og
1 løsning

Save On 2.14

Hej med Jer.

Her den 19. juni 2014 er der røget en Ad på min computer ved navn "Save On 2.14".

Den er jævnt irriterende, og jeg ved ikke hvordan at jeg slipper af med den.

Jeg har vedhæftet loggen fra MBAM som var rimelig kritisk her:

Håber at der er én af Jer der vil hjælpe mig.

Mvh,
Sirus

_________________
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22-06-2014
Scan Time: 15:57:41
Logfile: 220614.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.22.02
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sirus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336252
Time Elapsed: 17 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 57
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [7703a8d3a2d9f244f491572530d251af],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [7703a8d3a2d9f244f491572530d251af],
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.SearchQu, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.SearchQu, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard.1, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D7562AE-8EF6-416d-A838-AB665251703A}, Quarantined, [cdad5e1d1b6044f2234676cf03ff08f8],
PUP.Optional.Wajam.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [d0aaccaf0e6d15217f939aaf9270b44c],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}, Quarantined, [db9f4932116a69cda3c59da80cf622de],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [15650f6c4d2e76c015492221c83a6799],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bbbfa8d3bebd6cca9919f8f3b152f907],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [0d6d7506463577bf9e3d9b1029d99868],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [700a6e0d7605ef47cb2ccbf8bc46ef11],
PUP.Optional.qvo6.A, HKLM\SOFTWARE\WOW6432NODE\qvo6Software, Quarantined, [dc9ecdae3546bb7be3641dc5b1527789],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bicnnkjibmphdeigoodpjlcklcnaobdj, Quarantined, [2159b2c987f4989e6e0a7843ee14bb45],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlfienamagdnkekbbbocojppncdambda, Quarantined, [a9d10e6dd8a39e98d01f0ba450b2619f],
PUP.Optional.Elex.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ifohbjbgfchkkfhphahclmkpgejiplfo, Quarantined, [aecc14677506fb3b4786d70c08fb6997],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3d3d2754b5c6c86eab07bc2f5da6c739],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [a1d9ef8cb9c2280e5889dd03a85b43bd],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [cbaf5229d3a885b153f90cd5857e27d9],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [413906750675b18597389d42c53e1ae6],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [017983f8eb9093a3d9f5716eab5814ec],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d8a2e9924f2c95a15c105c983fc4c937],
PUP.Optional.Babylon.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [c5b57308106beb4b963f28b87c87aa56],
PUP.Optional.Qone8, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [a9d16516c1ba14221c95bd2ed92a728e],
PUP.Optional.BProtector.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [bcbe2d4eb3c8da5ca780bf24be45cd33],
PUP.Optional.Softonic.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [1f5b3f3c4c2fd165d3c02b8d51b1758b],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [92e83f3c65169d9927b968780df651af],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\INPROCSERVER32, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{01BCB858-2F62-4F06-A8F4-48F927C15333}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C9AE652B-8C99-4AC2-B556-8B501182874E}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C9AE652B-8C99-4AC2-B556-8B501182874E}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{01BCB858-2F62-4F06-A8F4-48F927C15333}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\SuggestMeYes.SuggestMeYesBHO.1, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\CLASSES\SuggestMeYes.SuggestMeYesBHO, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SuggestMeYes.SuggestMeYesBHO, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SuggestMeYes.SuggestMeYesBHO.1, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],

Registry Values: 11
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, Quarantined, [403a3744c9b2b87e60aee465b74ba25e]
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079a25-328f-4bd4-be04-00955acaa0a7}, Quarantined, [90eac1bae19a4aecec22dc6d56ac9f61],
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Quarantined, [4733e19ae5962b0b25cb1c8b08fac33d]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s, Quarantined, [3f3b4f2c3c3ff73fbc05d8ce12f0fb05]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s, Quarantined, [adcd1a611a618fa7566c337325dd0ef2]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {355AEBE1-042A-11E3-B66C-F80F410596E4}, Quarantined, [a1d9ef8cb9c2280e5889dd03a85b43bd]
PUP.BProtector, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=HP_clro&mntrId=4666979e000000000000f80f410596e4, Quarantined, [08726c0f106b89ad26aabc23986b748c]
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Quarantined, [ff7b7dfe512aca6ce7078225639fdc24]
PUP.BProtector, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, Quarantined, [7802f18a5c1f50e6eae7a23d7c87ff01]
PUP.Optional.Wajam.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, Quarantined, [e199e09b3b40f640f97eaa05867c07f9]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {355AEBE1-042A-11E3-B66C-F80F410596E4}, Quarantined, [92e83f3c65169d9927b968780df651af]

Registry Data: 20
PUP.Optional.Qvo6.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=sc&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=sc&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[bbbf4338a8d3c373cfc597ebc73d02fe]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[2d4df18a7cff58def8aa0e73e4201de3]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[2753bfbc027947ef7f21641db84c3ac6]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[eb8f7ffc6f0c0e2854abb1d061a3f40c]
PUP.Optional.Qvo6.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=sc&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=sc&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[90eaec8f4833c571553f7f03d52f35cb]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[0e6cf8836a112016851daad735cfcf31]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[6713116a176452e4d4cc176a5fa59769]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[7208c7b494e790a66335abd5669e4fb1]
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://start.facemoods.com/?a=make&s={searchTerms}&f=4, Good: (www.google.com), Bad: (http://start.facemoods.com/?a=make&s={searchTerms}&f=4),Replaced,[0f6ba2d99edd191dd7eaa4de15ef11ef]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[18627b003c3f4bebf4a60d73947030d0]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[6119b0cb77041e1860e9f087d82cf907]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[ceacc8b3c9b2c96d7f8089f8b25203fd]
Hijack.StartPage, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[5c1ee893d4a7e94dc6d9d8a9e1239967]
Hijack.StartPage, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740, Good: (http://www.google.com), Bad: (http://www.qvo6.com/?utm_source=b&utm_medium=tugs&utm_campaign=eXQ&utm_content=hp&from=tugs&uid=WDCXWD15EADS-22P8B0_WD-WMAVU381638616386&ts=1379777740),Replaced,[53273e3d90eb70c65849740d0ff5cb35]
Hijack.SearchPage, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[4535e79495e660d6eea627592adac13f]
Hijack.SearchPage, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[7901017a7dfe9a9c40557d03966eab55]
Hijack.SearchPage, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[3d3d08734d2e57df207bb6cae81c1be5]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&st=chrome&q=),Replaced,[d7a37209df9c57df49fc205759ab12ee]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s, Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s),Replaced,[5723d5a63f3cac8a84286a1808fc48b8]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-675772905-361709593-858469613-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s, Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.7&ts=1378642399025&tguid=62606-6533-1378642399025-A987D0BF793DFEDBDE8CA218E590D180&q=%s),Replaced,[1268156693e8e4523f6e0f73c242e61a]

Folders: 7
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [2753a4d72c4fdd599d8d51750002be42],
PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com, Quarantined, [84f6ec8f8af13bfbf3d4ccc98b7738c8],
PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\log, Quarantined, [84f6ec8f8af13bfbf3d4ccc98b7738c8],
PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\Torrents, Quarantined, [84f6ec8f8af13bfbf3d4ccc98b7738c8],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save onu, Quarantined, [6812314aafcc73c346b5e0c48b779f61],
PUP.Optional.MultiPlug.A, C:\ProgramData\save onu, Quarantined, [91e9e19ab4c7a0964bb1dbc9a65ccf31],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SO_Booster, Quarantined, [a8d2d2a91a6114228460eeb729d9e917],

Files: 32
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll, Quarantined, [403a3744c9b2b87e60aee465b74ba25e],
PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll, Quarantined, [a4d659221269ed49434a364657ab07f9],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SO_Booster\SO_Booster.exe, Quarantined, [53272c4fabd09c9ade7b330f2fd358a8],
PUP.Optional.MultiPlug.A, C:\ProgramData\save onu\TTgaUCEN.exe, Quarantined, [80faf4877704d85ecd9d27226b9519e7],
PUP.Optional.OneClickDownloader.A, C:\Users\Sirus\AppData\Roaming\Azureus\torrents\Deadpool_FLT.exe, Quarantined, [e298f487c8b3f14576c09a7c07fa867a],
PUP.Optional.HomeTab.A, C:\Users\Sirus\AppData\Roaming\Complitly\hometab.exe, Quarantined, [176375064a319e9855bdae710cf507f9],
PUP.Optional.InstallIQ, C:\Users\Sirus\Downloads\freeopener_1390.exe, Quarantined, [6515512a4e2d47ef416a9f7fd72a9d63],
PUP.Optional.InstalleRex, C:\Users\Sirus\Downloads\BioShock Infinite Mind in Revolt (SF12).zip.exe, Quarantined, [b5c51b607b001d19220ea3eb47bac23e],
PUP.Optional.OpenCandy, C:\Users\Sirus\Downloads\veetle-0.9.19.exe, Quarantined, [7ffb4c2f740737ff0f36a9fdcf35e21e],
PUP.Optional.Softonic.A, C:\Users\Sirus\Downloads\SoftonicDownloader_for_avg-antivirus-plus-firewall.exe, Quarantined, [7406611aff7ce353e859ca5afa07f30d],
Trojan.Agent, C:\Users\Sirus\Downloads\FFSetup180.zip, Quarantined, [e595d2a9afccdb5b4f51be14827ff010],
PUP.Optional.Installex, C:\Users\Sirus\Downloads\300.2006.480p.BRRip.QCE.XViD.AC3-Voltage.avi.exe, Quarantined, [601a89f299e2b87e325e0a5340c1c13f],
PUP.Optional.Installex, C:\Users\Sirus\Downloads\300.2006.BluRay.720p.x264.YIFY.mp4.exe, Quarantined, [d1a97803ed8ee254137d98c536cb7888],
PUP.Optional.GoForFiles.A, C:\Users\Sirus\Downloads\snagit_10_full_version_free_downloader.exe, Quarantined, [c4b6cdae5e1d55e188c9998637ca47b9],
PUP.Optional.Bandoo, C:\Users\Sirus\Downloads\iLividSetup-r362-n-bc.exe, Quarantined, [2555b1ca2a5183b340a443ca33cef010],
PUP.Optional.Bandoo, C:\Users\Sirus\Downloads\iLividSetup-r400-n-bc.exe, Quarantined, [fa80c2b984f74ceac3214fbe14ed53ad],
PUP.Optional.Bandoo, C:\Users\Sirus\Downloads\iLividSetup-r446-n-bc.exe, Quarantined, [ea906813ceadf34334b00effbf42dd23],
PUP.Optional.Bandoo, C:\Users\Sirus\Downloads\iLividSetupV1 (1).exe, Quarantined, [403acab1d5a6c96ddd0743ca649dd828],
PUP.Optional.Softonic, C:\Users\Sirus\Downloads\SoftonicDownloader_for_microsoft-outlook.exe, Quarantined, [88f2b3c83b40d4628c58f2163cc5ef11],
PUP.Optional.Softonic.A, C:\Users\Sirus\Downloads\SoftonicDownloader_for_microsoft-powerpoint.exe, Quarantined, [99e14d2ebfbce056d1709f85d22f50b0],
PUP.Optional.OpenCandy, C:\Users\Sirus\Downloads\veetle-0.9.18 (6).exe, Quarantined, [bebcdaa1b3c851e57acb574f21e37789],
PUP.Optional.Simplytech, C:\Windows\Launcher.exe, Quarantined, [dd9d205b7407a3934e26f817ec187e82],
PUP.Optional.FaceMoods.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml, Quarantined, [c7b387f46b1090a6f51fe1c90002728e],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [68127803d2a9310504cd5d6624de0000],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [2753a4d72c4fdd599d8d51750002be42],
PUP.Optional.NewTab.A, C:\Users\Sirus\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [ec8e017a5823fa3ccdd72f9712f0e51b],
PUP.Optional.BProtector.A, C:\Users\Sirus\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, Quarantined, [0d6db2c933480b2bf137f1f2fa09bc44],
PUP.Optional.BProtector.A, C:\Users\Sirus\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, Quarantined, [3149abd009727abcbe6b7a697093847c],
PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\log\20130813.log, Quarantined, [84f6ec8f8af13bfbf3d4ccc98b7738c8],
PUP.Optional.TornTV.A, C:\Program Files (x86)\TornTV.com\Torrents\.torrent, Quarantined, [84f6ec8f8af13bfbf3d4ccc98b7738c8],
PUP.Optional.Complitly.A, C:\Users\Sirus\AppData\Roaming\Complitly\64\Complitly64.dll, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],
PUP.Optional.Complitly.A, C:\Users\Sirus\AppData\Roaming\Complitly\Complitly.dll, Quarantined, [4d2d2a51e299e45240af5f27dd271de3],

Physical Sectors: 0
(No malicious items detected)


(end)
Avatar billede eurodont Juniormester
22. juni 2014 - 16:54 #1
PS: Og her er HijackThis loggen:

____________________________
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:52:10, on 22-06-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Users\Sirus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Sirus\AppData\Local\Apps\2.0\HBMKTYYZ.53X\85QWXH4P.VJ7\move..tion_4ff31e5e5d0c235a_0001.0001_8e84ce98c89c44a0\Moveslink2.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Sirus\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Hjælp til logon til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Sirus\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sirus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Moveslink2] C:\Users\Sirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: FILSHtray.lnk = C:\Program Files (x86)\FILSHtray\FILSHtray.exe
O4 - Global Startup: NETGEAR WNA1000M Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Tjeneste (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13584 bytes
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2014 - 17:28 #2
Yffer Pyffer - der var en masse 'snavs' !!!

---

Prøv at hente AdwCleaner her:
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
(Der går lige 5 sek før du skal trykke på gem)
Start programmet, og når det er startet trykker du på [Scan]
Pc scannes, og ved endt scanning skal du trykke på [Clean].
Og derefter (automatisk) genstart...
Tilbage fra genstart kommer en log, som du gerne må kopiere herind.

---

PS: Du bør / skal opdatere din AcrobatReader !!!
Avatar billede 220661 Ekspert
22. juni 2014 - 17:32 #3
Kør lige disse to også:
Hent og instalér CCleaner  https://www.piriform.com/ccleaner
http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Lad programmet foretage en oprydning...

Prøv at hente AdwCleaner her:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Start programmet, og når det er startet trykker du på [Scan]
Pc scannes, og ved endt scanning skal du trykke på [Clean].
Og derefter (automatisk) genstart...
Tilbage fra genstart kommer en log, som du gerne må kopiere herind.
Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.
Avatar billede 220661 Ekspert
22. juni 2014 - 17:34 #4
Nå der kom jeg lidt for sent ;-)
Men det er ikke 1 gang det sker.
Synes ikke jeg kan se noget farligt i loggen ellers fra Hijackthis
Avatar billede eurodont Juniormester
22. juni 2014 - 17:57 #5
Hej.

Tusind tak for at I vil hjælpe mig :)

Her er log-filen fra AdwCleaner:

___________________

# AdwCleaner v3.212 - Report created 22/06/2014 at 17:42:54
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sirus - SIRUS-PC
# Running from : C:\Users\Sirus\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\Program Files (x86)\Complitly
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\iLivid
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Gæst\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gæst\AppData\Local\torch
Folder Deleted : C:\Users\Sirus\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Sirus\AppData\Local\DProtect
Folder Deleted : C:\Users\Sirus\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Sirus\AppData\Local\iLivid
Folder Deleted : C:\Users\Sirus\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sirus\AppData\Local\torch
Folder Deleted : C:\Users\Sirus\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sirus\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Sirus\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Sirus\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Sirus\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Sirus\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Sirus\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Sirus\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Sirus\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Sirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Sirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Sirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Sirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Sirus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\5f0d8dfbd3be514
Key Deleted : HKLM\SOFTWARE\5f0d8dfbd3be514
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2355932470
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avg-antivirus-plus-firewall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avg-antivirus-plus-firewall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Computer Updater
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Sirus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : bfcpnihmbfoaeoakalclfalkdepgiaje
Deleted [Extension] : cfcbmgbfdbijmjgjihagbomfbjfjmgon
Deleted [Extension] : dlfienamagdnkekbbbocojppncdambda
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog

*************************

AdwCleaner[R0].txt - [14076 octets] - [22/06/2014 17:39:08]
AdwCleaner[S0].txt - [12600 octets] - [22/06/2014 17:42:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12661 octets] ##########
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2014 - 18:18 #6
Så er der - endnu mere - ryddet op !!!

Hvordan kører Putteren så nu ?
Avatar billede eurodont Juniormester
22. juni 2014 - 18:39 #7
Desværre ... ikke endnu.

Når jeg går ind i Værktøjer -> Udvidelser på Google Chrome figurerer følgende stadigvæk: [IMG]http://i57.tinypic.com/24112q8.png[/IMG]

Måden at det viser sig på, er at når jeg går ind på forskellige hjemmesider ... stort set alle, så popper der et lille grønt ikon op ud for nogle af ordene.

Eksempel her: [IMG]http://i62.tinypic.com/vmsjg5.png[/IMG]

Håber at det giver mening.

Mvh,
Sirus
Avatar billede eurodont Juniormester
22. juni 2014 - 18:44 #8
PS: Ad'en viser sig også i denne tråd, jf. nedenstående:

http://i62.tinypic.com/n12xht.png

Når man flytter musen over i "Den grønne pil" popper der et vindue op, hvor der nederst står Ad by Save On

Mvh,
Sirus
Avatar billede eurodont Juniormester
22. juni 2014 - 18:46 #9
PS: Det skal lige nævnes, at går jeg ind og fjerner Ad'en fra Google Chrome, så popper den bare op igen, næste gang at jeg åbner Chrome op igen?
Avatar billede 220661 Ekspert
22. juni 2014 - 22:50 #10
Jeg havde prøvet at fjerne Crome helt fra computeren, hvis det kun er i den browser som problemet opstår i?

Jeg havde fjernet den med Revo Uninstaller free, og her efter også kørt en tur med CCleaner
Bagefter kunne man så prøve at installere den igen

Kørte de CCleaner sammen med AdwCleaner i #5?
Avatar billede eurodont Juniormester
22. juni 2014 - 23:43 #11
Hej igen.

Jeg har fået fjernet den.

Kørte Farbar Recovery System Tool og blev guidet derfra.

I får med glæde pointene :)
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2014 - 06:36 #12
Ping...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:17 vlc viser kegle-icon Af casablanca i Andet software
I går 14:01 Oprette / gemme et par fotos i en mappe - Samsung Galaxy A 14 5G ? Af Ikke-ekspert i Mobiltelefoner
I går 11:14 Bærbar til Sims 3? Af idamarie i PC
I går 10:49 Adobe til excel Af densortehingst i Andet software
I går 09:26 Chrome Af fjorbak i Andet netværk
White papers
Flere white papers »


Premium
Teaser billede
5.000 flyafgange i verden blev aflyst som følge af Crowdstrike-nedbrud: Vil Københavns Lufthavn søge erstatning?
Læs mere »
Hackere udnytter CrowdStrike-nedbruddet: Spreder malware ved hjælp af falske løsninger
Microsoft skyder dele af skylden for CrowdStrike-nedbrud på 15 år gammel EU-aftale
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
MDR: Transparent sikkerhed og overvågning i realtid
Sådan får du overblik og beskytter dine cloudapplikationer
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »