Avatar billede tomojo Nybegynder
30. august 2014 - 13:31 Der er 31 kommentarer og
1 løsning

Hi jacked browser og lign. - hjælp til rensning før studiestart.

Jeg har lovet en veninde at hjælpe med at gøre hendes bærbare brugbar til studiestart om "for et øjeblik siden"

Hun har fået PC'en af en ex, som bl.a. har downloaded film, musik osv på den.

Det første er problemet med browserovertagelse, så uanset hvad man gør starter den på siden V9.com. Iflg veninden popper der ind imellem

Jeg har, efter anvisninger i anden tråd, kørt Ccleaner, Anti-malware, samt AdwCleaner som jeg har trukket en log ud af, uden at foretage ændringer.

Vil nogen være behjælpelig med at få styr på problemerne..?

200 point, idet studiestarten er gået :-)
Avatar billede tomojo Nybegynder
30. august 2014 - 13:33 #1
Hov, der mangler en halv sætning..:

Iflg veninden popper der ind imellem "klik her for reparation, scanning osv." og andre "sjove forslag", op..
Avatar billede tomojo Nybegynder
30. august 2014 - 13:36 #2
AdwCleaner Log:

# AdwCleaner v3.308 - Report created 30/08/2014 at 13:03:43
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lene Hansen - XXXXXXXX
# Running from : C:\Users\Lene Hansen\Downloads\adwcleaner_3.308.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\FastMediaConverter
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\eSafe
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Lene Hansen\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Lene Hansen\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Lene Hansen\AppData\Roaming\FastMediaConverter
Folder Found : C:\Users\Lene Hansen\AppData\Roaming\pdfforge

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667 )
Shortcut Found : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667 )
Shortcut Found : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667 )
Shortcut Found : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667 )
Shortcut Found : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\eSafeSecControl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=ds&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667&type=default&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=ds&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667&type=default&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=ds&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667&type=default&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=ds&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667&type=default&q={searchTerms}

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Found [Extension] : licjnkifamhpbaefhdpacpmihicfbomb
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [11052 octets] - [30/08/2014 13:03:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11113 octets] ##########
Avatar billede Poko1 Ekspert
30. august 2014 - 16:20 #3
Lad dog AdwCleaner Rense ud og send så loggen herind!
http://gratisupload.dk/vis/712017
Avatar billede tomojo Nybegynder
30. august 2014 - 19:58 #4
Som sagt, så gjort..
Nu ser loggen sådan her ud:

# AdwCleaner v3.308 - Report created 30/08/2014 at 19:49:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lene Hansen - XXXXXXXX
# Running from : C:\Users\Lene Hansen\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\FastMediaConverter
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Lene Hansen\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Lene Hansen\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Lene Hansen\AppData\Roaming\FastMediaConverter
Folder Deleted : C:\Users\Lene Hansen\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Lene Hansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Deleted [Extension] : licjnkifamhpbaefhdpacpmihicfbomb
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [11290 octets] - [30/08/2014 13:03:44]
AdwCleaner[R1].txt - [11513 octets] - [30/08/2014 19:47:41]
AdwCleaner[S0].txt - [9652 octets] - [30/08/2014 19:49:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9712 octets] ##########
Avatar billede 220661 Ekspert
30. august 2014 - 22:20 #5
Den fjernede en del, men løste det problemet?
Prøv evt denne guide her:
http://malwaretips.com/blogs/remove-v9-com-homepage/
Avatar billede 220661 Ekspert
30. august 2014 - 22:21 #6
PS ved godt der er programmer i tråden du har kørt.
Avatar billede tomojo Nybegynder
30. august 2014 - 22:45 #7
Det løste da i hvert tilfælde problemet med V9..
Jeg har nu startet maskinen op et par gange, uden der for mig at se, er problemer.
Der kommer stadig lidt stædige pop-ups, der tilbyder at scanne for problemer.. ;-)
Er der yderligere trin der kunne gøre Pc'en her, lidt mere uforstyrret at køre med under hendes arbejde?
(udover at fortælle hende at torrent sites, smarte "gratis film" programmer osv er absolut no-go)
31. august 2014 - 08:32 #8
---

Hent og instalér CCleaner www.ccleaner.com/ + www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

http://gratisupload.dk/vis/62873/
http://gratisupload.dk/vis/62874/
http://gratisupload.dk/vis/63036/

--------

Hent Malwarebytes Anti-Malware herfra:
www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.bleepingcomputer.com/download/hijackthis/dl/90/

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

Ny guide til MalwareBytes ->
http://www.eksperten.dk/guide/1605

------------------
Avatar billede 220661 Ekspert
31. august 2014 - 08:54 #9
Det skader ikke at køre CCleaner flere gange. Er dog i tvivl om den vil finde mere. Der er andre programmer til at finde skrammel, som jeg ikke selv har brugt så mange gange. Men du kunne prøve at køre junkware removal tool:
http://www.bleepingcomputer.com/download/junkware-removal-tool/
Avatar billede 220661 Ekspert
31. august 2014 - 09:14 #10
Der fremkommer en log til sidst du godt må lægge ind her.
Avatar billede Poko1 Ekspert
31. august 2014 - 11:16 #11
Under Funktioner i IE fanen Administrer tilføjelsprogrammer klik på Søgemaskiner fjern alle undtaget din foretrukne hvis der er flere!
Avatar billede 220661 Ekspert
31. august 2014 - 12:06 #12
#7 Fik du gennemført det du kunne gennem den vejledning du fik fra Malwaretips.com?
#11 Enig.
Avatar billede tomojo Nybegynder
31. august 2014 - 13:16 #13
Jeg tager lige en ad gangen.. CCleaner er kørt for anden gang, og malwarebytes ligeså, men der kom åbenbart stadig lidt på malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31-08-2014
Scan Time: 12:07:11
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.31.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lene Hansen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364029
Time Elapsed: 15 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\_metadata, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],

Files: 13
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\api.js, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\app.js, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\background.js, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\jquery.js, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\manifest.json, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\menu.html, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\update.js, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\128.png, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\16.png, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\19.png, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\38.png, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\48.png, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],
PUP.Optional.PricePeep.A, C:\Users\Lene Hansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\_metadata\verified_contents.json, Quarantined, [eb3308c5e893ea4ca5c2a53252b0c63a],

Physical Sectors: 0
(No malicious items detected)


(end)

Udover det ser HiJackThis sådan her ud:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:31, on 31-08-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\lene Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\lene Hansen\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.157.56.28 www.google-analytics.com.
O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
O1 - Hosts: 192.157.56.28 www.statcounter.com.
O1 - Hosts: 192.157.56.28 connect.facebook.net.
O1 - Hosts: 192.157.56.28 platform.twitter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O1 - Hosts: 93.115.241.27 platform.twitter.com.
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [Fujitsu Wireless Control] C:\PROGRA~2\FUJITS~1\WIRELE~1.EXE
O4 - HKLM\..\Run: [Fujitsu OSD Utility] C:\PROGRA~2\FUJITS~1\OSDUTI~1.EXE
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session http://www.dosearches.com/?utm_source=b&utm_medium=vtt&utm_campaign=rg&utm_content=sc&from=vtt&uid=ST9500325AS_5VE5REF2XXXX5VE5REF2&ts=1383900667
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = lene Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Password.lnk = C:\Windows\Temp\Password.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhed... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87DDAEC8-3B39-4C31-B72C-F718E41492FC}: NameServer = 
O17 - HKLM\System\CCS\Services\Tcpip\..\{A755094C-57BD-4944-96AD-252C57E3A7AB}: NameServer = 62.44.166.197 62.44.166.69
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13104 bytes
Avatar billede tomojo Nybegynder
31. august 2014 - 13:23 #14
#11 - Jeg har slettet alle unødvendige søgemaskiner i Chrome, som lader til at være den foretrukne browser, men åbner da lige IE og checker den også.

#12 - Der opstod lidt forvirring omkring Malwarebytes, som følge af ny version.. Men jeg tror nu det gik som det skulle.
Avatar billede 220661 Ekspert
31. august 2014 - 14:48 #15
Ja det ser ud til du fik renset ud.
Med hensyn til Hijackthis er der en masse hosts som jeg mener du skal have ryddet op i.
Tror måske at dette:
O1 - Hosts: 192.157.56.28 www.google-analytics.com.
O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
O1 - Hosts: 192.157.56.28 www.statcounter.com.
O1 - Hosts: 192.157.56.28 connect.facebook.net.
O1 - Hosts: 192.157.56.28 platform.twitter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O1 - Hosts: 93.115.241.27 platform.twitter.com.
kan være skyld i dine problemer med browserovertagelser.
Men det og andre ting der kan rettes kan Karise Larry sikkert fortælle mere om
Avatar billede tomojo Nybegynder
31. august 2014 - 17:26 #16
Jeg afventer svar/instruks fra Karise_Larry inden jeg foretager mig yderligere.
Avatar billede tomojo Nybegynder
31. august 2014 - 23:26 #17
HiJackThis log er lagt ind sammen med, men efter, Malwarebytes log
01. september 2014 - 14:04 #18
.. ikke mere at gi' af der  :-)

CCleaner - værktøjer - opstart KAN du disable følgende:

APSDaemon
iTunesHelper
Adobe ARM
TkBellExe
swg
GoogleDriveSync
Microsoft Office
Password.lnk  (Ved du selv hvad dette er ? )
   
Tjenesten Google Update
Google Software Updater
iPod-tjeneste (iPod Service)
Avatar billede tomojo Nybegynder
01. september 2014 - 17:31 #19
Karise_Larry:

Jeg har nu deaktiveret nævnte liste! Jeg aner ikke hvad Password.lnk er, og er sikker på veninden ej heller aner hvad det er!

Ej heller noget der skal gøres i forbindelse med kommentar #15 ?

Uanset om der er noget i den forbindelse, er jeg så nu i vildrede om points. Suggestions ?
02. september 2014 - 06:46 #20
Så den der

C:\Windows\Temp\Password.exe

bør (SKAL) slettes !!!

---
02. september 2014 - 06:47 #21
Avatar billede Slettet bruger
02. september 2014 - 18:47 #22
#8 er det ikke en vejledning til den gamle udgave af Malwarebytes.
Avatar billede tomojo Nybegynder
02. september 2014 - 22:37 #23
Vedr. #8 gammel vejledning: Der står nederst et link til ny vejledning. Men korrekt, det skabte et øjebliks forvirring.

Karise_Larry: Jeg kan ikke finde filen password.exe på nævnte placering.. ??? Faktisk slet ingen startup.exe

Der ligger noget her: C:/windows/pss , som hedder password.lnk.CommonStartup , som beskrives som type:COMMONSTARTUP-fil
Avatar billede tomojo Nybegynder
02. september 2014 - 23:13 #24
Jeg er ved at være nået dertil hvor jeg er nød til at aflevere PC'en tilbage til ejeren, så hun kan følge med i studiet. Hendes brug af maskinen er ved at være påkrævet.
I morgen eftermiddag (onsdag), laver jeg de tiltag jeg kan nå, og afleverer den, efterfølgende.

Jeg prøver lige at gennemføre den anbefalede junkware removal tool, og smider log'en her.

Jeg ville være rigtig taknemmelig, (jeg er allerede meget taknemmelig, for den hjælp man altid kan hente herinde), hvis jeg liiige kunne få styr på de sidste ting således at jeg er i fast overbevisning om at oprydningen er så gennemført som den kan blive under omstændighederne.

Så hvis Karise_Larry, 220661 og poko1 vil smide et svar hver, vil jeg prøve at finde en fornuftig fordeling af point.
Avatar billede tomojo Nybegynder
02. september 2014 - 23:25 #25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lene Hansen on 02-09-2014 at 23:13:37,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-09-2014 at 23:22:40,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avatar billede tomojo Nybegynder
02. september 2014 - 23:27 #26
Lige en sidste ting: De HOST der er beskrevet i #15, hvad gør jeg for at "lukke dem ned" ?
Avatar billede tomojo Nybegynder
04. september 2014 - 17:06 #27
Ingen der vil modtage point...?
Avatar billede 220661 Ekspert
07. september 2014 - 09:26 #28
Sæt din computer til at vise skjulte operativ filer og skjulte filer generelt
Herefter går du til denne destination og åbner den med notepad.
C:\Windows\system32\driver\etc. Her finder du filen hosts og åbner den med Notepad. Nu åbnes denne fil, og du kan se indholdet af den.
Det man indsætter i hosts er normalt sider man vil blokere, men blokerer man noget forkert vil nettet fungere forkert.

Du kan se her hvordan min hosts fil ser ud.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97    rhino.acme.com          # source server
#      38.25.63.10    x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1      localhost
#    ::1            localhost


Om du vælger at fjerene noget fra din egen er dit valg.

Husk bagefter at gå i mappeindstillinger under vis og sæt tilbage at computeren ikke skal vise skjulte filer.
Fortsat god weekend.


Jeg lægger dette som svar til deling hvis de andre vil være med på point
I øvrigt var din log fra Junkware Removal Tool fin.
Avatar billede tomojo Nybegynder
11. september 2014 - 20:42 #29
Jeg takker rigtig mange gange for hjælpen, PCen er for flere dage siden afleveret til rette ejerkvinde, som også var yderst taknemmelig :-)
Tidspres er en dårlig forudsætning at arbejde under: Der var stadig en stædig pop-up reklameblok, men slet ikke samme kaos som gjorde PCen nærmest ubrugelig :-)
Avatar billede 220661 Ekspert
12. september 2014 - 15:58 #30
Havde i installeret en adblocker?
Avatar billede tomojo Nybegynder
25. september 2014 - 08:49 #31
Er aldrig før blevet anbefalet nogen adblocker, og min fornemmelse har været at det bare er yderligere et program der i virkeligheden ikke har den store effekt, siden det ikke anbefales herinde..
Nogen anbefalinger..?
Avatar billede 220661 Ekspert
25. september 2014 - 20:07 #32
Bruger Firefox her på min pc, og her er Adblock plus installeret
https://www.google.dk/?gws_rd=ssl#q=adblock+plus
Hedder det samme i Crome kan jeg se, men er måske lidt anderledes
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester