about:blank, pop ups

[Zeustor]

Hej på er !

Kan nån hjälpa mej med mitt problem?

Explorer har fått fnatt. Startar bara med"about:blank" och stax därefter ett pop up fönster.

Försökt med antivirus, uppdatd, adware,och HijackThis, utan resultat.

Bifogar lofilen från den senare.

 

ps. Jag försökte ta bort bla denna fil, utan resultat, de dyker upp vid nästa uppstart----R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html--

 

Tack på förhand

-Zeustor--

 

Logfile of HijackThis v1.99.0

Scan saved at 16:27:48, on 2005-01-19

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGSERV9.EXE

C:\PROGRAM\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM\AHEAD\INCD\INCD.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM\MICROSOFT ACTIVESYNC\WCESCOMM.EXE

C:\PROGRAM\ZONE LABS\ZONEALARM\ZAPRO.EXE

C:\PROGRAM\HOTMAIL POPPER\HOTPOP.EXE

C:\PROGRAM\STICKIES\STICKIES.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\CC\HIJACKTHIS.EXE

C:\PROGRAM\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM\INTERNET EXPLORER\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O1 - Hosts: nswsmtp

O2 - BHO: VeriSign Inc. i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll

O2 - BHO: (no name) - {0232842D-9F56-4E52-85B5-946CA5812D71} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM\CANON\EASY-WEBPRINT\TOOLBAND.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1053,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [inCD] C:\Program\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM\GRISOFT\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRAM\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [NPROTECT] C:\Program\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\SYSTEM\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [systemTray] SysTray.Exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"

O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe

O4 - Startup: Hotmail Popper.lnk = C:\Program\Hotmail Popper\hotpop.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program\Vanliga filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Stickies.lnk = C:\Program\stickies\stickies.exe

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program\Zone Labs\ZoneAlarm\zapro.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Fyll i formulär &] - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Spara &formulär &[ - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp'>http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O9 - Extra button: P_ipojení - {FFB51760-344E-4FFB-BFFA-4B18C7AC1D63} - C:\WINDOWS\SYSTEM\SHELLEXT\WINSVC32.EXE (file missing)

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygslist &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Fyll i - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara &formulär &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mpga: C:\PROGRAM\INTERN~1\PLUGINS\npqtplugin4.dll

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {20AF1CC7-DD64-4387-8303-9EA855CDB0C1} (PCInfo.UC) - http://www.proffs.nu/PCInfo.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O18 - Filter: text/html - {89BAE191-8EC3-49C7-861E-E5EE06B9D09B} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

O18 - Filter: text/plain - {89BAE191-8EC3-49C7-861E-E5EE06B9D09B} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

 

 

 

[inlägget ändrat 2005-01-19 16:41:18 av Zeustor]

[Cecilia]

För att vara säker på att du inte återställer systemet till ett läge med otrevligheter så kan du ta bort samligt återställningspunkter genom att avaktivera systemåterställningsfunktionen.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239

När datorn är ren så ska funktionen aktiveras igen.

 

[log]Var säker på att du förstår resten innan du fortsätter, fråga annars.

 

HijackThis kommer att skapa säkerhetskopior i samma mapp som programmet ligger i. Är mappen C:\PROGRAM FILES\CC lämplig för det?

Om inte så flytta HijackThis till sin egen mapp!

 

Kör och skanna med HijackThis. Bocka för dessa rader:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O1 - Hosts: nswsmtp

O2 - BHO: (no name) - {0232842D-9F56-4E52-85B5-946CA5812D71} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp'>http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra button: P_ipojení - {FFB51760-344E-4FFB-BFFA-4B18C7AC1D63} - C:\WINDOWS\SYSTEM\SHELLEXT\WINSVC32.EXE (file missing)

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)

O18 - Filter: text/html - {89BAE191-8EC3-49C7-861E-E5EE06B9D09B} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

O18 - Filter: text/plain - {89BAE191-8EC3-49C7-861E-E5EE06B9D09B} - C:\WINDOWS\SYSTEM\PEHHHH.DLL

 

Avsluta alla program och fönster förutom HijackThis.

Tryck på Fix checked.

 

Starta om i felsäkert läge.

 

Ställ in så att du kan se alla filer i Utforskaren.

Verktyg - Mappalternativ/Options etc - Visning

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Välj Visa dolda filer och mappar

 

Ta bort denna fil:

C:\WINDOWS\SYSTEM\PEHHHH.DLL

 

Ta bort alla filer ur denna mapp, men låt mappen vara kvar:

C:\WINDOWS\TEMP[/log]

 

Starta om i normalt läge och ta ut en ny HijackThis-logg.

Tala om vad du har gjort och hur det har gått och klistra in HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i svarsfönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[inlägget ändrat 2005-01-19 19:25:53 av Cecilia]

[Zeustor]

Hej Cecilia!

Tack för det snabba hjälpen.

Jag har gjort som du sa utom --c:\windows\system\PEHHH.DLL---Denna fil lyste med sin frånvaro.

Skickar logen ifall du vill kolla mer.

Promlemet har försvunnit så långt jag kan förstå eller.....?

Tack än en gång

mvh Zeustor

 

 

[log]Logfile of HijackThis v1.99.0

Scan saved at 21:49:39, on 2005-01-19

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM\AHEAD\INCD\INCD.EXE

C:\PROGRAM\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM\MICROSOFT ACTIVESYNC\WCESCOMM.EXE

C:\PROGRAM\ZONE LABS\ZONEALARM\ZAPRO.EXE

C:\PROGRAM\HOTMAIL POPPER\HOTPOP.EXE

C:\PROGRAM\STICKIES\STICKIES.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\CC\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O2 - BHO: VeriSign Inc. i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM\CANON\EASY-WEBPRINT\TOOLBAND.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1053,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [inCD] C:\Program\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM\GRISOFT\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRAM\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [systemTray] SysTray.Exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"

O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe

O4 - Startup: Hotmail Popper.lnk = C:\Program\Hotmail Popper\hotpop.exe

O4 - Startup: Stickies.lnk = C:\Program\stickies\stickies.exe

O4 - Startup: Adobe Gamma Loader.lnk.disabled

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program\Zone Labs\ZoneAlarm\zapro.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Fyll i formulär &] - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Spara &formulär &[ - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM\MICROSOFT ACTIVESYNC\INETREPL.DLL

O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\PROGRAM\VERISIGN\I-NAV\I-NAV_4_1_4.DLL

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygslist &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Fyll i - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara &formulär &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRAM\MESSEN~1\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mpga: C:\PROGRAM\INTERN~1\PLUGINS\npqtplugin4.dll

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {20AF1CC7-DD64-4387-8303-9EA855CDB0C1} (PCInfo.UC) - http://www.proffs.nu/PCInfo.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

[/log]

 

[Cecilia]

Ja, jag kan inte heller se något otrevligt i loggen!

 

Förutom möjligen den här raden:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

Så fixa den med HijackThis på samma sätt som förra gången.

 

Nu kan du slå på systemåterställningsfunktionen.

 

För att hindra att du får in nya otrevligheter så rekommenderar jag att du förutom Ad-aware också använder antispionprogrammet Spybot, som dessutom innehåller vissa funktioner som kan skydda din dator hela tiden.

 

Dessutom kan SpywareBlaster och SpywareGuard skydda dig från att ladda ner resp. starta vissa otrevliga program:

http://www.javacoolsoftware.com/

 

IE-SpyAd lägger en massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra så mycket med din dator.:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

Du bör dessutom se över dina säkerhetsinställningar i Internet Explorer, vissa tips finns här:

https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm

 

Om du nu inte bestämmer dig för att gå över till en säkrare webbläsare såsom Firefox, Mozilla eller Opera.

http://www.mozilla.se/

 

 

[Zeustor]

Nu är allt fixat.

tack för det.

mvh Zeustor

 

[Cecilia]

Det var roligt att höra!

Tack för poängen!

Var rädd om din dator i fortsättningen.