Adware och sånt tjafs, hjälp tack ! =)

[DragonPuffer]

Tjena , har nu återigen fått en massa searchbars och skit , men jag vågar inte ta bort sån där som dyker upp i hijackthis utan eran hjälp!

 

 

Här nedan följer loggen:

[log]

 

Logfile of HijackThis v1.99.0

Scan saved at 17:32:51, on 2005-04-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\Nvc\BIN\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\Peter\Winamp\winampa.exe

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\program\valve\steam\steam.exe

C:\Program\FMA2~1\SFRAME~1\helper\FLOATM~1.EXE

C:\NORMAN\Nvc\BIN\npfmsg2.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Peter\The All-Seeing Eye\eye.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Creative\MediaSource\RemoteControl\OSDEAX.exe

C:\Program\NaviSearch\bin\nls.exe

C:\Program\WhenUSearch\whse.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Creative\MediaSource\RemoteControl\OSDMenu.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\WhenUSearch\Search.exe

C:\Program\CashBack\bin\cashback.exe

C:\Program\BullsEye Network\bin\bargains.exe

C:\Peter\Program\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program\SurfSideKick 2\SskBho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program\WhenUSearch\search.dll

O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program\NavExcel\NavHelper\v2.0.4a\NHelper.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program\NavExcel Search Toolbar\NavExcelBar.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program\NavExcel Search Toolbar\NavExcelBar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [WinampAgent] C:\Peter\Winamp\winampa.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [CashBack] C:\Program\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [surfSideKick 2] C:\Program\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program\WhenUSearch\Search.exe"

O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program\WhenUSearch\whse.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [floAt's Media Control] C:\Program\FMA2~1\SFRAME~1\helper\FLOATM~1.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [surfSideKick 2] C:\Program\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [WeatherCast] "C:\Program\WeatherCast\Weather.exe" /q

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\Nvc\BIN\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Unknown - C:\Norman\Nvc\BIN\Zanda.exe

O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE[/log]

 

[inlägget ändrat 2005-04-10 17:38:49 av Erik Junesjö]

[Cecilia]

Tråkigt att se att du har råkat ut för problem igen.

 

I Kontrollpanelen - Lägg till och ta bort program se efter om du har

WhenUSearch

program med liknande namn

okända program

Ta bort dem i så fall.

 

Börja med att rensa datorn på följande vis.

 

Online-skanningar:

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

 

Antispionprogrammen Ad-aware och Spybot S&D:

http://www.lavasoft.de/support/download/

http://www.lavasoftsupport.com/index.php?showtopic=42066 (inställningar)

http://spybot.safer-networking.de/

 

Uppdatera HijackThis med ny version här:

http://www.spywareinfo.com/~merijn/downloads.html

 

Skriv hur det har gått och bifoga en ny HijackTHis-logg.