Just nu i M3-nätverket
Jump to content

Kinesisk Pop-up


phosforos

Recommended Posts

Har problem med att ett pop-up fönster öppnas så fort jag öppnar ett nytt IE fönster! Har scannat med ad-aware och kollat lite försiktigt i register o.dyl utan att komma på hur jag ska få bort detta störande moment! Det som händer är: Jag öppnar IE, det dyker upp ett litet fönster med asiatisk text med bilder osv. Ser ut som en vanlig annons.. Tacksam för svar!

 

/Patrik

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:34:08, on 2005-03-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\taskswitch.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\anvshell.exe

C:\Program\IC Login\iclogin.exe

C:\Program\Winamp\winampa.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ICQ\ICQ.exe

C:\Program\No-IP\DUC20.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\NORTON~2\NORTON~2\GHOSTS~2.EXE

C:\Program\Norton Internet Security Professional\Norton

 

AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton Internet Security Professional\Norton

 

AntiVirus\SAVScan.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Fast.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\burst\burst.exe

C:\Program\burst\core-new1.1.3\btdownloadheadless.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Patrik\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.hrvg.tk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

 

file:///D:/Mina%20bilder/-=Amazing%20wallpapers=-/bomb_1024.jpg

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

Länkar

O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -

 

C:\WINDOWS\DOWNLO~1\ipreg32.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object -

 

{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} -

 

C:\WINDOWS\system32\NaviHelper.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -

 

C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

 

C:\Program\Norton Internet Security Professional\Norton

 

AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -

 

C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

 

C:\Program\Norton Internet Security Professional\Norton

 

AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

 

C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LiveNote] livenote.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec

 

Shared\ccApp.exe"

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [Advanced Tools Check]

 

C:\Program\NORTON~4\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [iC Login] "C:\Program\IC Login\iclogin.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck]

 

C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor]

 

C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade

 

filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [loader32] C:\Documents and Settings\Patrik\Application

 

Data\SysDown\sys03612.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"

 

-atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched]

 

C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe"

 

/background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: No-IP DUC.lnk = C:\Program\No-IP\DUC20.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft

 

Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel -

 

res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} -

 

C:\Program\ekort\ekort.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

 

C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd}

 

- C:\Program\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

 

Configuration Class) -

 

http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

 

https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http:/

 

/www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?0&4&unknown&unknown

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) -

 

http://www.foreningssparbanken.se/betala/ekort/oinstall_orbiscomsigned.ca

 

b

O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) -

 

http://www.messenger.spray.se/messenger/client/ActiveXMsgrCore.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8}

 

(SekureL0gin.SekureKontrol) -

 

http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

 

Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player)

 

- http://www.cult3d.com/download/cult.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -

 

http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243}

 

(SecureLogin.SecureControl) -

 

http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class)

 

-

 

http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/

 

filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

 

Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

 

(MsnMessengerSetupDownloadControl Class) -

 

http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX

 

Control) - http://simcity.ea.com/updater//MaxisSimCity4PatcherX.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -

 

http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl

 

Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments

 

Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O23 - Service: BPFTPServer - Unknown owner - C:\Program\BPFTP

 

Server\G6Service.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

 

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

 

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

 

Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

 

Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: GhostStartService - Symantec Corporation -

 

C:\Program\NORTON~2\NORTON~2\GHOSTS~2.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner -

 

C:\Program\Delade filer\Macromedia Shared\Service\Macromedia

 

Licensing.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

 

Symantec Corporation - C:\Program\Norton Internet Security

 

Professional\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Unknown

 

owner - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)

O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation -

 

C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton

 

Internet Security Professional\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation

 

- C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

 

Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation -

 

C:\Program\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation -

 

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

 

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

Link to comment
Share on other sites

Flyttar tråden till Virus – Antivirus

/T

Moderator för Webbläsare (hoppas jag hittade rätt forum, ännu inte riktigt vad vid nya indelningen)

 

Link to comment
Share on other sites

För att du inte ska råka återställa systemet till ett läge med otrevligheter i så bör du ta bort alla systemåterställningspunkter genom att stänga av systemåterställningsfunktionen.

Den här datorn - Egenskaper - Systemåterställning

När datorn är ren så ska funktionen sättas på igen.

 

[log]Var säker på att du förstår allt nedan innan du fortsätter, fråga annars.

 

Dra ur internetanslutningen.

Skanna med HijackThis och bocka för dessa rader:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.hrvg.tk (om det inte är en sida som du har valt själv)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

file:///D:/Mina%20bilder/-=Amazing%20wallpapers=-/bomb_1024.

jpg ( om du inte har valt detta själv)

O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\ipreg32.dll

O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll

O4 - HKLM\..\Run: [loader32] C:\Documents and Settings\Patrik\Application Data\SysDown\sys03612.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.c

ab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?0&4

&unknown&unknown

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O23 - Service: BPFTPServer - Unknown owner - C:\Program\BPFTP Server\G6Service.exe (file missing)

 

Avsluta alla program och fönster förutom HijackThis.

Tryck på Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj Felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj skyddade operativsystemfiler

Avbocka Dölj filnamnstillägg för kända filtyper

Bocka för Visa innehållet i systemmappar

 

Ta bort dessa mappar (om de finns):

C:\Program\GameSpy Arcade

C:\Documents and Settings\Patrik\Application Data\SysDown

C:\Program\BPFTP Server

 

Ta bort dessa filer (om de finns):

C:\WINDOWS\system32\NaviHelper.dll

C:\WINDOWS\DOWNLO~1\ipreg32.dll

där ~1 står för ett antal godtyckliga tecken

 

Starta om datorn i normalt läge. [/log]

 

Kör dessa online-skanningar:

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

 

Ladda hem och kör antispionprogrammen Ad-aware och Spybot - S&D:

http://www.lavasoft.de

http://spybot.safer-networking.de/

 

Ta ut en ny HijackThis-logg.

 

Skriv i ditt svar vad du har gjort, hur det har gått och hur din dator uppför sig nu och bifoga den nya HijackThis-loggen.

 

Link to comment
Share on other sites

Spionprogram hade i detta fallet varit bättre men inte lätt att veta och det finns många spionprogramtrådar i Virus-forumet.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...