Infisert pc


13 innlegg i emnet

Skrevet (endret)

Jeg har en HP Envy, med Windows 10, som er blitt infisert etter at jeg forsøkte å laste ned en videoavspiller til gamle dvd-filer (VOB-filer). Jeg burde jo ha luktet lunta når det stod Free VOB-player, men det gjorde jeg dessverre ikke.

Her er Malwarebytes-loggen:

Malwarebytes Anti-Malware
www.malwarebytes.org

Skannedato: 13.08.2015
Skannetid: 23.22
Loggfil:
Administrator: Ja

Versjon: 2.1.8.1057
Malwaredatabase: v2015.08.13.06
Rootkitdatabase: v2015.08.06.01
Lisens: Prøveversjon
Malwarebeskyttelse: Aktivert
Ondsinnet Nettsidebeskyttelse: Aktivert
Selvbeskyttelse: Deaktivert

OS: Windows 10
CPU: x64
Filsystem: NTFS
Bruker: Bjornar

Skannetype: Trusselskann
Resultat: Fullført
Objekter skannet: 367797
Tid brukt: 10 min, 0 sek

Minne: Aktivert
Oppstart: Aktivert
Filsystem: Aktivert
Arkiv: Aktivert
Rootkits: Deaktivert
Heuristikk: Aktivert
PUP: Aktivert
PUM: Aktivert

Prosesser: 6
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\PluginContainer.exe, 2544, Slett ved restart, [d38775935b30f3435676255f1fe655ab]
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\Updater.exe, 2560, Slett ved restart, [77e38c7c3853c274923acfb522e3bb45]
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe, 5920, Slett ved restart, [7fdb10f8018ae74fa7250c7843c23bc5]
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe, 5932, Slett ved restart, [5efc16f2c7c48fa7efdddda7db2a06fa]
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe, 5940, Slett ved restart, [77e35cac47441b1b19b3176d43c247b9]
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe, 4468, Slett ved restart, [77e35cac47441b1b19b3176d43c247b9]

Moduler: 1
PUP.Optional.JungleNet.A, C:\Users\Bjornar\AppData\Local\Temp\{179FFD1D-DAC9-45FD-AF39-62C5D19EF479}.dll, Slett ved restart, [79e17c8cec9f3ff7329a2d5724e118e8],

Registernøkler: 19
PUP.Optional.JungleNet.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr JungleNet, Karantene, [d38775935b30f3435676255f1fe655ab],
PUP.Optional.JungleNet.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr JungleNet, Karantene, [77e38c7c3853c274923acfb522e3bb45],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{bdc460f4-12fe-494e-a944-fb47bd22d23e}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{73E335AD-422B-4020-BF2C-6520F2F32906}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{73E335AD-422B-4020-BF2C-6520F2F32906}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{73E335AD-422B-4020-BF2C-6520F2F32906}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bdc460f4-12fe-494e-a944-fb47bd22d23e}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{bdc460f4-12fe-494e-a944-fb47bd22d23e}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DCFB5BFE-1F58-4B1D-96A7-3C7BBAE51B36}, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Jungle Net, Karantene, [a5b546c2f596d4627359354f08fdf50b],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Karantene, [a0ba3eca8b00c96d9116011a70936799],
PUP.Optional.JungleNet.A, HKLM\SOFTWARE\WOW6432NODE\JungleNet, Karantene, [8cce0dfb28632b0bec9f31778a7a9a66],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1B00}, Karantene, [a0baf8108ffc231362224ad0f50e49b7],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C1801}, Karantene, [4614d8304c3fa1958ff5e436d330a45c],
PUP.Optional.ProductSetup.A, HKU\S-1-5-18\SOFTWARE\PRODUCTSETUP, Karantene, [dc7e53b5f596320418accbdc4db70cf4],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1408461478-64501112-78754325-1002\SOFTWARE\AskPartnerNetwork, Karantene, [64f6e5238cff7abc9d0952c905fee719],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1408461478-64501112-78754325-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{79DD85B7-8940-4EC7-9942-6C509DE57144}, Karantene, [47139573a7e4c47269a31f001de6ab55],

Registerverdier: 6
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1B00}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-SPE\, Karantene, [a0baf8108ffc231362224ad0f50e49b7]
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C1801}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-ST-SPE\, Karantene, [4614d8304c3fa1958ff5e436d330a45c]
PUP.Optional.PluginContainer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr JungleNet|ImagePath, "C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe", Karantene, [3f1bc246c6c53ef855d0fcb02bd95ea2]
PUP.Optional.Updater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr JungleNet|ImagePath, "C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe", Karantene, [79e19474dab177bf6abd406c798b5da3]
PUP.Optional.ProductSetup.A, HKU\S-1-5-18\SOFTWARE\PRODUCTSETUP|tb, Karantene, [dc7e53b5f596320418accbdc4db70cf4],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1408461478-64501112-78754325-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{79DD85B7-8940-4EC7-9942-6C509DE57144}|URL, https://no.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}, Karantene, [47139573a7e4c47269a31f001de6ab55]

Registerdata: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1408461478-64501112-78754325-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://no.search.yahoo.com/?type=926458&fr=spigot-yhp-ie, God: (www.google.com), Dårlig: (https://no.search.yahoo.com/?type=926458&fr=spigot-yhp-ie),Erstattet,[62f8a8604c3fe056fe3b77cf9e67dc24]

Mapper: 25
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Karantene, [ee6cbb4d602b39fd44e952c02ad943bd],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Updater, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Updater\Config, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Updater\Response, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork, Karantene, [0a5031d7fe8dfe38151bfc16c340bf41],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de, Slett ved restart, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins, Slett ved restart, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12, Slett ved restart, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\resources, Karantene, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2, Slett ved restart, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8, Slett ved restart, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de, Slett ved restart, [d08a00086724ef478856957d0201768a],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net, Karantene, [80da5aae3853e94d7c638a88927144bc],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\Extensions, Karantene, [80da5aae3853e94d7c638a88927144bc],

Filer: 33
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\PluginContainer.exe, Slett ved restart, [d38775935b30f3435676255f1fe655ab],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\Updater.exe, Slett ved restart, [77e38c7c3853c274923acfb522e3bb45],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe, Slett ved restart, [7fdb10f8018ae74fa7250c7843c23bc5],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe, Slett ved restart, [5efc16f2c7c48fa7efdddda7db2a06fa],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe, Slett ved restart, [77e35cac47441b1b19b3176d43c247b9],
PUP.Optional.JungleNet.A, C:\Users\Bjornar\AppData\Local\Temp\{179FFD1D-DAC9-45FD-AF39-62C5D19EF479}.dll, Slett ved restart, [79e17c8cec9f3ff7329a2d5724e118e8],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll, Karantene, [461409ffd1ba1b1ba269cd06936f6997],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\resources\plugin.dll, Karantene, [80da9672ef9ca195f6d66a1a29dc6997],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\Uninstaller.exe, Karantene, [a5b546c2f596d4627359354f08fdf50b],
PUP.Optional.Proinstall, C:\Users\Bjornar\Downloads\vobplayer_setup-53328096.exe, Karantene, [c6941eeaec9f1b1b7720553c659cde22],
PUP.Optional.Spigot.A, C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\searchplugins\yahoo_ff.xml, Karantene, [aab052b6f893e94d0b8e3df0dd263fc1],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.14.0.0-5.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-5.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-4.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-5.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.18.0.0-1.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.18.0.0-2.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Updater\Config\Config.31.18.0.0-5.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Updater\Response\Response.31.18.0.0-0.xml, Karantene, [87d341c7dab137ff2707b85aec176b95],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.APNToolBar.Gen, C:\Users\Bjornar\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, Karantene, [b5a52ddbed9e1521e14e739f7e8516ea],
PUP.Optional.JungleNet.A, C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\temp, Karantene, [3129c7411f6c2f077b62ed25b05343bd],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\7za.exe, Karantene, [80da5aae3853e94d7c638a88927144bc],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\Extensions\pijnalchgkhohdglibpjeebomodiccgh.crx, Karantene, [80da5aae3853e94d7c638a88927144bc],
PUP.Optional.JungleNet.A, C:\Program Files (x86)\Jungle Net\Extensions\{197003db-974d-4618-9c29-6b814214a2e2}.xpi, Karantene, [80da5aae3853e94d7c638a88927144bc],
PUP.Optional.Spigot.A, C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\prefs.js, God: (), Dårlig: (user_pref("keyword.URL", "https://no.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");), Erstattet,[e37743c565269b9b0329c1c8f90c659b]
PUP.Optional.Spigot.A, C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\prefs.js, God: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Dårlig: (browser.startup.homepage", "https://no.search.yahoo.com/?type=926458&fr=spigot-), Erstattet,[7edcfd0b4348092de3b2d0bd5da821df]
PUP.Optional.AskAPN.Gen, C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\searchplugins\ask-search.xml, Karantene, [2a300107701b082e2524f395ec1935cb],

Fysiske sektorer: 0
(Ingen ondsinnede elementer funnet)


(end)

Og her er den såkalte beskyttelsesloggen:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malware Protection, Starting,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malware Protection, Started,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Starting,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Started,
Error, 13.08.2015 23.19, SYSTEM, BJØRNAR, Update, Bad md5 or size: akadomains, 11,
Error, 13.08.2015 23.19, SYSTEM, BJØRNAR, Update, Bad md5 or size: akaips, 11,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, Rootkit Database, 2015.6.2.1, 2015.8.6.1,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, AKA IP Database, 0.0.0.0, 2015.8.6.1,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, AKA Domain Database, 0.0.0.0, 2015.8.11.1,
Update, 13.08.2015 23.19, SYSTEM, BJØRNAR, Manual, Malware Database, 2015.6.3.3, 2015.8.13.6,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Refresh, Starting,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Stopping,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Stopped,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Refresh, Success,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Starting,
Protection, 13.08.2015 23.19, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Started,
Scan, 13.08.2015 23.33, SYSTEM, BJØRNAR, Manual, Start: 13.08.2015 23.22, Varighet: 10 min 0 sek, Trusselskann, Fullført, 0 Malwareidentifiseringer, 91 PUP/PUM-identifiseringer,
Protection, 13.08.2015 23.34, SYSTEM, BJØRNAR, Protection, Malware Protection, Starting,
Protection, 13.08.2015 23.34, SYSTEM, BJØRNAR, Protection, Malware Protection, Started,
Protection, 13.08.2015 23.34, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Starting,
Protection, 13.08.2015 23.34, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, Started,
Detection, 13.08.2015 23.40, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 50084, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.40, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 50084, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.40, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 50085, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.40, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 50364, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.41, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 50872, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.41, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 50872, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.41, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 50918, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.41, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 50990, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 13.08.2015 23.43, SYSTEM, BJØRNAR, Protection, Malicious Website Protection, IP, 8.34.112.227, here.sendevent.net, 51562, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

Jeg har ikke lastet ned combofix eller noe slikt, for da jeg i vår prøvde det med en pc med Windows 8 så funket det ikke. Hvordan ser dette ut?

Det ser ut til at Firefox er sterkt infisert, for det kan jeg ikke bruke. Da oversvømmes jeg av pop ups. Internet Explorer går enn så lenge. Det virker også som om pc'en går tregere enn vanlig. Det kom opp et program som het noe sånt som WarThunder. Jeg avinstallerte det, men da sa avast i fra om at det fremdeles var rester av det igjen og begynte å mase om at jeg måtte kjøpe Premium-versjonen.

Endret av Eventyret
LA til spoiler
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Combofix gikk ikke, men her er en dds-logg:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 01.08.2015 01.38.47
System Uptime: 13.08.2015 23.33.46 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1963
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz | U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 913 GiB total, 631,412 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1,689 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 01.08.2015 14.20.59 - Windows Update
RP2: 01.08.2015 14.22.07 - Windows Update
RP3: 13.08.2015 21.55.16 - Installasjonsprogram for Windows-moduler
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 18 NPAPI
Adobe Shockwave Player 12.0
Apple-programvaresupport (32-bits)
Apple-programvaresupport (64-bits)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
Avast Free Antivirus
Bonjour
CCleaner
Cyberlink PhotoDirector
CyberLink PowerDirector 10
CyberLink YouCam
D3DX10
Dropbox
Energy Star
Fotogalleriet
GOG.com Downloader version 3.6.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Might and Magic 4 Complete
Hewlett-Packard ACLM.NET v1.2.2.3
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP PC Hardware Diagnostics UEFI
HP Postscript Converter
HP Recovery Manager
HP Registration Service
HP SimplePass
HP Support Assistant
HP System Event Utility
HP Utility Center
HP Wireless Button Driver
IDT Audio
Inst5675
Inst5676
Intel(R) Management Engine Components
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1)
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology
Intel® PROSet/Wireless-programvare
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 45
Java 8 Update 51
Java Auto Updater
Malwarebytes Anti-Malware versjon 2.1.8.1057
Microsoft Application Error Reporting
Microsoft Office Home and Student 2013 - nb-no
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR
Movie Maker
Mozilla Firefox 39.0 (x86 nb-NO)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA GeForce Experience 2.1.3
NVIDIA GeForce Experience Service
NVIDIA Grafikkdriver 344.48
NVIDIA Install Application
NVIDIA kontrollpanel 353.62
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA oppdateringer 16.13.56
NVIDIA Optimus Update 16.13.56
NVIDIA PhysX
NVIDIA PhysX systemprogramvare 9.14.0702
NVIDIA ShadowPlay 16.13.56
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Photo Common
Photo Gallery
Realtek Card Reader
Realtek Ethernet Controller Driver
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype™ 7.8
Spotify
Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR
swMSM
Synaptics ClickPad Driver
Validity WBF DDK
Valokuvavalikoima
Widevine Media Optimizer Chrome 6.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Liven peruspaketti
.
==== End Of File ===========================
 

Og her er en til - det kom opp to:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16384  BrowserJavaVersion: 11.51.2
Run by Bjornar at 0:07:32 on 2015-08-14
Microsoft Windows 10 Home  10.0.10240.0.1252.47.1044.18.8124.5495 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe
C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Bjornar\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Bjornar\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Spotify Web Helper] "C:\Users\Bjornar\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\Bjornar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Bjornar\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Bjornar\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8ac6cb20-33d1-43ce-a52b-bcbc98988e41} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8ac6cb20-33d1-43ce-a52b-bcbc98988e41}\47865646F6F62737F52374548545 : DHCPNameServer = 192.168.0.105
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
x64-Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
x64-Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/yhp-ff|https://www.google.no/?gfe_rd=cr&ei=lm4xVdqTLoi_wQOJl4HACA&gws_rd=ssl
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\extensions\plugin@starstable.com\plugins\npstudioruntime.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2014-8-26 65224]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2014-8-26 274808]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-7-10 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2014-8-26 1048344]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2014-8-26 447944]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-8-26 28656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-8-26 90968]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2014-8-26 150672]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-13 146600]
R2 Cachedrv server; HP SimplePass Cachedrv Service;C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [2013-10-14 109568]
R2 ClickToRunSvc;Tjenesten Microsoft Office ClickToRun;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-27 2753720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-23 1148744]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2013-7-23 43320]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2015-2-17 608520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-18 351120]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-2-8 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-27 157128]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-8-12 198120]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-2-8 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-8-13 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-13 1133880]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-23 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-23 19439944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-7-17 246472]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2013-8-1 32768]
R3 BthLEEnum;Driver for Bluetooth Low Energy;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2015-2-7 41704]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-3-20 253680]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\WINDOWS\System32\drivers\ikbevent.sys [2013-8-8 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\WINDOWS\System32\drivers\imsevent.sys [2013-8-8 21920]
R3 INETMON;INETMON;C:\WINDOWS\System32\drivers\INETMON.sys [2014-2-8 29088]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-8-7 46568]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-8-23 26008]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-13 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-13 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Adapternummerering for Microsoft virtuelt nettverk;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-7-10 3496216]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-23 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-10-23 38048]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-2-8 827096]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2015-5-14 751632]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-7-17 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2013-7-22 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Tjeneste for enheter for kontroll av bærbar enhet;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID-driver for CapImg-berøringsskjerm;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 diagnosticshub.standardcollector.service;Standard Collector-tjeneste for Microsoft (R) diagnose-hub;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Tjenesten for administrasjon av registrering av enheten;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generell USB-funksjonsklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Felles driver for HID-knapper implementert med avbrudd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) GPIO-kontrollerdriver for seriell I/U;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C-kontrollerdriver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID-kontroller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Tjeneste for mobil trådløssone for Windows;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-8-8 39320]
S3 IntcDAud;Intel(R) Skjermlyd;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-8-20 449528]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 intelpep;Intel(R)-plugin-drivermodul for strømmotor;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-1 934752]
S3 RetailDemo;Tjenesten for forhandlerdemo;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-1 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2013-8-2 30448]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;SMS-rutertjeneste for Microsoft Windows;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 stornvme;Microsoft Standard NVM Express-driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-7-10 78688]
S3 storufs;Driver for Microsoft Universal Flash Storage (UFS);C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;UCSI-klient for USB-tilkoblingsbehandling;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-1 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI-driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea-kontroller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys-kontroller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch-driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch-driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;VHF-driver (Virtual HID Framework);C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C-loggingstjeneste;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-7-10 685056]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live godkjenningsbehandling;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live spillagring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live nettverkstjeneste;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-08-13 21:36:45 -------- d--h--w- C:\OneDriveTemp
2015-08-13 21:35:14 16148 ----a-w- C:\WINDOWS\System32\BJØRNAR_Bjornar_HistoryPrediction.bin
2015-08-13 21:19:10 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-08-13 21:19:05 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-08-13 21:19:05 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-08-13 21:19:05 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-08-13 21:19:05 -------- d-----w- C:\ProgramData\Malwarebytes
2015-08-13 21:19:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-13 21:17:33 -------- d-----w- C:\Users\Bjornar\AppData\Local\MicrosoftEdge
2015-08-13 21:17:29 -------- d-----w- C:\Program Files\CCleaner
2015-08-13 21:10:39 -------- d-----w- C:\Users\Bjornar\AppData\Roaming\WarThunder
2015-08-13 21:10:16 -------- d-----w- C:\Users\Bjornar\AppData\Roaming\vobplayer_setup
2015-08-13 21:10:16 -------- d-----w- C:\Program Files (x86)\vobplayer_setup
2015-08-13 21:04:43 -------- d-----w- C:\Users\Bjornar\AppData\Local\Windows Live
2015-08-13 20:14:48 -------- d-----w- C:\Program Files\iPod
2015-08-13 20:14:48 -------- d-----w- C:\Program Files (x86)\iTunes
2015-08-13 20:14:47 -------- d-----w- C:\Program Files\iTunes
2015-08-13 20:12:00 43112 ----a-w- C:\WINDOWS\avastSS.scr
2015-08-13 20:08:57 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-01 15:30:00 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-08-01 15:12:40 -------- d-----w- C:\Users\Bjornar\AppData\Local\NetworkTiles
2015-08-01 12:25:37 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D23B8E4-A199-4694-9969-C3A702709CAB}\mpengine.dll
2015-08-01 12:24:48 1187344 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2015-08-01 12:24:46 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{441BF59E-9071-4735-B345-1145651111D7}\gapaengine.dll
2015-08-01 12:23:00 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-08-01 00:01:00 -------- dc----w- C:\WINDOWS\Panther
2015-07-31 23:56:27 -------- d-----w- C:\Windows.old
2015-07-31 23:45:58 -------- d-----w- C:\WINDOWS\SysWow64\XPSViewer
2015-07-31 23:45:56 -------- d-----w- C:\inetpub
2015-07-31 23:45:19 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-07-31 23:45:19 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-07-31 23:45:19 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 23:45:17 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-07-31 23:45:16 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 23:45:16 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-07-31 23:43:40 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-07-31 23:41:26 -------- d-----w- C:\Users\Bjornar\AppData\Local\Publishers
2015-07-31 23:40:20 -------- d-----w- C:\Users\Bjornar\AppData\Local\Comms
2015-07-31 23:40:18 -------- d-----r- C:\Users\Bjornar\OneDrive
2015-07-31 23:39:57 -------- d-sh--w- C:\Users\Bjornar\IntelGraphicsProfiles
2015-07-31 23:39:57 -------- d-----w- C:\Users\Bjornar\AppData\Local\TileDataLayer
2015-07-31 23:36:56 -------- d-sh--we C:\Programfiler
2015-07-31 23:36:56 -------- d-sh--we C:\ProgramData\Start-meny
2015-07-31 23:36:56 -------- d-sh--we C:\ProgramData\Skrivebord
2015-07-31 23:36:56 -------- d-sh--we C:\ProgramData\Programdata
2015-07-31 23:36:56 -------- d-sh--we C:\ProgramData\Maler
2015-07-31 23:36:56 -------- d-sh--we C:\ProgramData\Dokumenter
2015-07-31 23:36:56 -------- d-sh--we C:\Program Files\Fellesfiler
2015-07-31 23:36:55 -------- d-sh--w- C:\Recovery
2015-07-31 23:28:19 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-07-31 23:25:44 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-07-31 23:08:31 -------- d-----w- C:\ProgramData\Validity
2015-07-31 23:08:19 -------- d-----w- C:\WINDOWS\SysWow64\sda
2015-07-31 23:08:18 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-07-31 23:08:18 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-07-31 23:08:16 86528 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2015-07-31 23:08:16 82432 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2015-07-31 23:06:48 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2015-07-31 23:06:34 -------- d-----w- C:\Program Files\NVIDIA Corporation
2015-07-27 17:00:17 298608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep178A.tmp
2015-07-17 22:36:32 6389688 ----a-w- C:\WINDOWS\System32\drivers\igdkmd64.sys
2015-07-17 22:36:02 519056 ----a-w- C:\WINDOWS\System32\IntelWiDiUMS64.exe
2015-07-17 22:36:00 283024 ----a-w- C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
2015-07-17 22:34:24 6305696 ----a-w- C:\WINDOWS\System32\igdusc64.dll
2015-07-17 22:29:54 11384832 ----a-w- C:\WINDOWS\System32\ig75icd64.dll
2015-07-17 22:29:04 4443136 ----a-w- C:\WINDOWS\System32\igdrcl64.dll
2015-07-17 22:29:02 425472 ----a-w- C:\WINDOWS\System32\igdbcl64.dll
2015-07-17 22:29:02 397824 ----a-w- C:\WINDOWS\System32\IntelOpenCL64.dll
2015-07-17 22:24:46 153600 ----a-w- C:\WINDOWS\SysWow64\igdail32.dll
2015-07-17 22:18:52 3873280 ----a-w- C:\WINDOWS\SysWow64\igdrcl32.dll
2015-07-17 22:17:12 373248 ----a-w- C:\WINDOWS\SysWow64\igdbcl32.dll
2015-07-17 22:17:04 300032 ----a-w- C:\WINDOWS\SysWow64\IntelOpenCL32.dll
2015-07-17 22:16:44 3801600 ----a-w- C:\WINDOWS\SysWow64\igdmcl32.dll
2015-07-17 22:16:38 970752 ----a-w- C:\WINDOWS\SysWow64\igdfcl32.dll
2015-07-17 22:09:58 8507392 ----a-w- C:\WINDOWS\SysWow64\ig75icd32.dll
2015-07-17 22:03:14 35328 ----a-w- C:\WINDOWS\SysWow64\igfxexps32.dll
2015-07-17 21:58:36 86528 ----a-w- C:\WINDOWS\SysWow64\Intel_OpenCL_ICD32.dll
2015-07-17 21:58:36 82432 ----a-w- C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
2015-07-17 21:58:32 511260 ----a-w- C:\WINDOWS\System32\cp_resources.bin
2015-07-17 21:58:32 1565696 ----a-w- C:\WINDOWS\System32\igfxcmjit64.dll
2015-07-17 21:58:32 1156608 ----a-w- C:\WINDOWS\SysWow64\igfxcmjit32.dll
2015-07-17 21:58:30 331808 ----a-w- C:\WINDOWS\System32\IntelWiDiMCComp64.dll
2015-07-17 21:58:30 313888 ----a-w- C:\WINDOWS\System32\IntelWiDiUtils64.dll
2015-07-17 21:58:30 143904 ----a-w- C:\WINDOWS\System32\IntelWiDiLogServer64.dll
2015-07-17 05:51:48 1804696 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01011.dll
2015-07-17 05:51:46 764616 ----a-w- C:\WINDOWS\System32\SynCOM.dll
2015-07-17 05:51:46 614088 ----a-w- C:\WINDOWS\System32\drivers\SynTP.sys
2015-07-17 05:51:46 42696 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel_Aux.sys
2015-07-17 05:51:46 42696 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
2015-07-17 05:51:46 42184 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_AMDASF_Aux.sys
2015-07-17 05:51:46 419528 ----a-w- C:\WINDOWS\SysWow64\SynCom.dll
2015-07-17 05:51:46 269000 ----a-w- C:\WINDOWS\System32\SynTPAPI.dll
2015-07-17 05:51:46 255688 ----a-w- C:\WINDOWS\System32\SynTPCo31.dll
.
==================== Find3M  ====================
.
2015-08-13 20:12:24 1048344 ----a-w- C:\WINDOWS\System32\drivers\aswsnx.sys
2015-08-13 20:12:10 93528 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2015-08-13 20:12:10 90968 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2015-08-13 20:12:10 65224 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2015-08-13 20:12:10 28656 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2015-08-13 20:12:10 274808 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2015-08-13 20:12:10 150672 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2015-08-13 20:06:31 97888 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2015-08-08 15:38:46 794088 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-08-08 15:38:46 179688 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-07-31 23:45:48 55808 ----a-w- C:\WINDOWS\System32\admwprox.dll
2015-07-23 02:02:12 983368 ----a-w- C:\WINDOWS\SysWow64\NvIFR.dll
2015-07-23 01:10:18 937800 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2015-07-23 01:10:18 74896 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2015-07-23 01:10:18 62608 ----a-w- C:\WINDOWS\System32\nvshext.dll
2015-07-23 01:10:18 385168 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2015-07-23 01:10:18 2558608 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2015-07-23 01:10:18 1059984 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2015-07-23 01:10:17 6873928 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2015-07-23 01:10:17 3493008 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2015-07-22 04:29:58 5121613 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2015-07-17 22:34:24 5121136 ----a-w- C:\WINDOWS\System32\igd12umd64.dll
2015-07-17 22:28:50 172032 ----a-w- C:\WINDOWS\System32\igdail64.dll
2015-07-10 16:12:03 800256 ----a-w- C:\WINDOWS\System32\mblctr.exe
2015-07-10 16:11:59 374784 ----a-w- C:\WINDOWS\System32\rdpclip.exe
2015-07-10 16:09:13 4617216 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0414.dll
2015-07-10 16:09:13 4617216 ----a-w- C:\WINDOWS\System32\NlsLexicons0414.dll
2015-07-10 16:09:13 4431872 ----a-w- C:\WINDOWS\System32\MLS6.dll
2015-07-10 16:09:13 173568 ----a-w- C:\WINDOWS\System32\NlsData0414.dll
2015-07-10 16:09:12 4386304 ----a-w- C:\WINDOWS\SysWow64\MLS6.dll
2015-07-10 16:09:12 130048 ----a-w- C:\WINDOWS\SysWow64\NlsData0414.dll
2015-07-10 16:07:59 14336 ----a-w- C:\WINDOWS\SysWow64\drivers\nb-NO\NdisImPlatform.sys.mui
2015-07-10 16:07:58 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2015-07-10 16:07:58 7680 ----a-w- C:\WINDOWS\SysWow64\drivers\nb-NO\ndiscap.sys.mui
2015-07-10 16:07:58 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\nb-NO\wfplwfs.sys.mui
2015-07-10 16:07:58 3072 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\nb-NO\SensorsCx.dll.mui
2015-07-10 12:22:52 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin
2015-07-10 11:02:43 208384 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2015-07-10 11:02:41 229888 ----a-w- C:\WINDOWS\System32\msclmd.dll
2015-07-10 11:00:41 394240 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\RpcNs4.dll
2015-07-10 09:07:55 141824 ----a-w- C:\WINDOWS\System32\poqexec.exe
2015-07-10 09:07:53 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2015-07-10 09:05:37 897024 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2015-07-10 09:05:37 618272 ----a-w- C:\WINDOWS\System32\sxs.dll
2015-07-10 09:05:37 36864 ----a-w- C:\WINDOWS\System32\sxstrace.exe
2015-07-10 09:05:37 254816 ----a-w- C:\WINDOWS\System32\wdscore.dll
2015-07-10 09:05:37 243040 ----a-w- C:\WINDOWS\System32\cmipnpinstall.dll
2015-07-10 09:05:37 202240 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2015-07-10 09:05:37 135520 ----a-w- C:\WINDOWS\System32\SSShim.dll
2015-07-10 09:05:33 207200 ----a-w- C:\WINDOWS\SysWow64\wdscore.dll
2015-07-10 09:05:33 199168 ----a-w- C:\WINDOWS\SysWow64\PkgMgr.exe
2015-07-10 09:05:33 111456 ----a-w- C:\WINDOWS\SysWow64\SSShim.dll
2015-07-10 09:05:30 191840 ----a-w- C:\WINDOWS\SysWow64\cmipnpinstall.dll
2015-07-05 10:08:23 300704 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-06-30 12:00:32 19844096 ----a-w- C:\WINDOWS\SysWow64\common_clang32.dll
2015-06-26 22:03:00 206848 ----a-w- C:\WINDOWS\System32\igfxCoIn_v4256.dll
2015-05-25 13:23:31 36864 ----a-w- C:\WINDOWS\System32\UtcResources.dll
.
============= FINISH:  0.08.58,35 ===============

Lenka til HiJackThis leder ikke til riktig sted. Er det noe annet sted jeg på en sikker måte kan finne programmet?

Endret av Eventyret
La til spoiler
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kan du prøve og kjøre. ADW Cleaner.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Se om den finner noe i firefox, evt prøv også og rens med det.

La merke til følgende i firefox.

FF - ProfilePath - C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/yhp-ff|https://www.google.no/?gfe_rd=cr&ei=lm4xVdqTLoi_wQOJl4HACA&gws_rd=ssl
FF - plugin: C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\extensions\plugin@starstable.com\plugins\npstudioruntime.dll
user_pref(extensions.autoDisableScopes,14);

Delvis, når du åpner firefox henter du ned alt malware og vi er tilbake fra start.

Evt legg ved et screenshot av hva ADW Cleaner finner.

 

Hører fra deg.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei. Jeg opplevde det du beskriver her, så det endte med at jeg rett og slett avinstallerte Firefox. Jeg får ikke disse problemene når jeg bruker Internet Explorer, Chrome eller Microsoft Edge.

Kan det likevel ligge i maskinen, eller forsvant det da jeg fjernet Firefox?

Jeg skal kjøre Adw Cleaner i kveld, så ser vi om den finner noe.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er loggen fra AdwCleaner (den fant visst en del fra både firefox og de derre warthunder-greiene):

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 22:24:33
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Bjornar - BJØRNAR
# Running from : C:\Users\Bjornar\Downloads\adwcleaner_5.003.exe
# Option : Cleaning
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\apn
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\user.js
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Bjornar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
[-] Shortcut Disinfected : C:\Users\Bjornar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
 
***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Bjornar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1713 bytes] ##########
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Er det ikke lenger noen på forumet som leser logger og eventuelt sier i fra om hvordan det ser ut? Det hadde vært veldig kjekt å få vite om det ser ok ut nå, spesielt ettersom jeg får opp dette merkelige Google chrome-lignende Warthunder-ikonet når jeg internt på datamaskinen søker etter Chromecast. Skal det være slik?Warthunder.thumb.jpg.49f59edd164677d668e

Endret av Type-R
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

ikonet for chromcast ser riktig ut for meg, var det samme jeg fikk opp da jeg installerte dette igår for mutter og fatter

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takk for logger, vært en stund og mye og gjøre på jobb.

Ser ut som at den har fjernet firefox profilen

[-] File Deleted : C:\Users\Bjornar\AppData\Roaming\Mozilla\Firefox\Profiles\fl40ajxs.default\user.js

som var infisert samt

[-] Shortcut Disinfected : C:\Users\Bjornar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
[-] Shortcut Disinfected : C:\Users\Bjornar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk

 

Chrome hadde en liten infeksjon men den ble også renset

 

[-] [C:\Users\Bjornar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :
 
Samt at malware hadde endret dine proxy instillinger
:: Proxy settings cleared
 
 
Du kan evt prøve og installere firefox igjen og så kjøre selve programmet igjen. Men hittil ser det mye bedre ut.
1

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Flott. Hjertelig takk for svar. Det var bra å høre at det ser bra ut. :-)

ikonet for chromcast ser riktig ut for meg, var det samme jeg fikk opp da jeg installerte dette igår for mutter og fatter

Chromecast ser riktig ut, men er det ikke litt rart at i ikonet for Google Chrome (som naturlig nok også kommer opp mens jeg driver og skriver inn Chromecast i søkefeltet) så står det "Warthunder" i stedet for Google Chrome (se bildet ovenfor)? På skrivebordet står det Google Chrome, men altså ikke der.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

så lenge du ikke har laget et eget bookmark til Warthunder eller har renamet chrome til Warthunder så høres dette litt rart ut ja

Spiller du idet helet tatt Warthunder da?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

så lenge du ikke har laget et eget bookmark til Warthunder eller har renamet chrome til Warthunder så høres dette litt rart ut ja

Spiller du idet helet tatt Warthunder da?

Nei, det har jeg aldri gjort. Visste ikke hva det var engang. Ut fra loggene fra Adware ovenfor kan det jo også se ut som om en del av malwarene som jeg fikk var knyttet til Warthunder (eller det som ga seg ut for å være warthunder), gjorde det ikke?

Endret av Type-R
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Vel du kan alltids høyreklikke på ikonet og linke hva den sender deg til hva selve link shortcuten er ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

På egenskaper får jeg følgende opp. Men når jeg åpner filplasseringen så heter det som ser ut som Google Chrome, Warthunder.

Nå prøver jeg å avinstallere programmet, og så installere det på nytt.

 

 

Og nå som jeg avinstallerte og installerte på nytt, så het programmet fremdeles Warthunder.

Nå har jeg åpnet filplasseringen og endret navnet til Google Chrome manuelt. Men det var litt rart dette...?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive