Virusproblem

[mightymido]

Hej!

 

När man startar internet explorer ploppar det upp en toolbar tillhörande "Search the web" eller dylikt. Man kommer in till sidan lop.com om man klickar på den. Dessutom lägger den in ikoner på skrivbordet av sig själv. Det kommer även massor med pop-ups.

Hijackloggen ser ut som följande

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 22:39:14, on 2005-12-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Telia\Supportassistent\bin\tgcmd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Julia\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

C:\Documents and Settings\All Users\Application Data\64 poke way grim\01locks.exe

C:\Documents and Settings\All Users\Application Data\64 poke way grim\01locks.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {BDC7CEB9-02BD-88CB-6021-87404712EAF5} - C:\DOCUME~1\Julia\APPLIC~1\16PROC~1\meet regs.exe

O2 - BHO: (no name) - {E6043B1F-9F63-8C93-3618-9CA683C77239} - C:\DOCUME~1\Mamma\APPLIC~1\16PROC~1\meet regs.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

 

[/log]

 

 

Vad kan vi ta bort?

 

Hjälp!!

 

[Jói Stein]

du kan prova med gratisprogramet a2free på http://www.anti-trojan.net/

det kanske hjälper sen finns spyware doctor., eller spyware doctor.

 

 

[inlägget ändrat 2005-12-27 12:07:51 av Jói Stein]

[Zipp.]

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O2 - BHO: (no name) - {BDC7CEB9-02BD-88CB-6021-87404712EAF5} - C:\DOCUME~1\Julia\APPLIC~1\16PROC~1\meet regs.exe

O2 - BHO: (no name) - {E6043B1F-9F63-8C93-3618-9CA683C77239} - C:\DOCUME~1\Mamma\APPLIC~1\16PROC~1\meet regs.exe

 

 

Starta sen i felsäkert läge och med dolda filer synliga ta bort om hittas

 

C:\DOCUME~1\Julia\APPLIC~1\16PROC~1\ < mappen

C:\DOCUME~1\Mamma\APPLIC~1\16PROC~1\ < mappen

C:\Documents and Settings\All Users\Application Data\64 poke way grim\ < mappen

 

Starta sen normalt och ny Hijack logg.[/log]

 

[mightymido]

Nu ser det lite bättre ut och ingen jobbig toolbar kommer när man startar explorer.

Här kommer loggen igen, kanske finns mer skräp att ta bort?

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 18:44:06, on 2005-12-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Telia\Supportassistent\bin\tgcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wlelixllwhrofzbofw.us/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QTsI89viXPNbAx9ljUp6Rs1Myjd0Dm.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/'>http://www.dell.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [City bike] C:\DOCUME~1\Johanna\APPLIC~1\ADMINF~1\aim grey.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

 

[/log]

 

tack på förhand!

 

[Zipp.]

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wlelixllwhrofzbofw.us/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVp

C9QTsI89viXPNbAx9ljUp6Rs1Myjd0Dm.html

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O4 - HKCU\..\Run: [City bike] C:\DOCUME~1\Johanna\APPLIC~1\ADMINF~1\aim grey.exe

 

Starta sen i felsäkert läge och med dolda filer synliga ta bort

 

C:\DOCUME~1\Johanna\APPLIC~1\ADMINF~1\ < mappen

 

Använd inte Sök funktionen utan följ stigen istället.

Starta sen normalt och ny logg.[/log]

 

[mightymido]

Nu har vi gjort som du sagt..

 

[log]

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.basntwyzencfn.com/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QTsI89viXWTdE7nsnojKRs1Myjd0Dm.htm'>http://www.basntwyzencfn.com/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QTsI89viXWTdE7nsnojKRs1Myjd0Dm.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/'>http://www.dell.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {BDC7CEB9-02BD-88CB-6021-87404712EAF5} - C:\DOCUME~1\Johanna\APPLIC~1\16PROC~1\meet regs.exe (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Way grim proc meta] C:\Documents and Settings\All Users\Application Data\64 poke way grim\ruleload.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

 

[/log]

 

Det vi undrar över nu är varför

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.basntwyzencfn.com/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QTsI89viXWTdE7nsnojKRs1Myjd0Dm.htm

 

inte försvinner, har tagit bort den flera gånger på hijack

 

O4 - HKLM\..\Run: [Way grim proc meta] C:\Documents and Settings\All Users\Application Data\64 poke way grim\ruleload.exe

 

borde vi kunna ta bort?

 

nåt mer du ser?..

 

tack!!

 

 

[Zipp.]

 

Ladda ner detta

 

http://metallica.geekstogo.com/findlop.zip

 

unzipa och dubbelklicka på findlop.bat vänta och skicka loggen C:\findlop.txt

 

[mightymido]

jajamensan. här kommer loggen.

 

[log]

[TRACE] Enumerating jobs and queues

[TRACE] Activating job '86D5B2BE901E5116.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\julia\applic~1\adminf~1\loudhopechin.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Julia'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/29/2005 1:00:00

NextRun: 01/03/2006 17:00:00

StartError: 0x80070003

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 02/20/1995

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'AA9047DC9187FC04.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\mamma\applic~1\adminf~1\loudhopechin.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Mamma'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/29/2005 18:00:00

NextRun: 01/03/2006 17:00:00

StartError: 0x80070003

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 02/10/2001

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'ABD0167991A38BAD.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\jenny\applic~1\adminf~1\loudhopechin.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Jenny'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/29/2005 18:00:00

NextRun: 01/03/2006 17:00:00

StartError: 0x80070003

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 02/12/1998

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'AC7A99A791010BCB.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\johanna\applic~1\adminf~1\loudhopechin.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Johanna'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/29/2005 22:00:00

NextRun: 01/03/2006 17:00:00

StartError: 0x80070003

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 02/21/1998

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'B1BD81C4902232D4.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\torsten\applic~1\adminf~1\loudhopechin.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Torsten'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/24/2005 2:00:00

NextRun: 01/03/2006 17:00:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 06/10/1999

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[/log]

 

hoppas det säger dig någonting.

 

tack!

 

[Zipp.]

 

Ladda ner KillBox

 

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

 

[log]unzippa,öppna och bocka i Delete on Reboot och klicka All files

Sen kopiera alla rader nedan på en gång

 

 

C:\WINDOWS\Tasks\86D5B2BE901E5116.job

C:\WINDOWS\Tasks\AA9047DC9187FC04.job

C:\WINDOWS\Tasks\ABD0167991A38BAD.job

C:\WINDOWS\Tasks\AC7A99A791010BCB.job

C:\WINDOWS\Tasks\B1BD81C4902232D4.job

 

 

sen i Killbox > File > Paste from Clipboard

Efter det klicka på Delete (röd med vit X på)

Svara ja på frågor och om inte datorn startar om automatiskt så starta om den.

Gå sen direkt i FELSÄKRT läge och ta bort

 

c:\docume~1\julia\applic~1\adminf~1\ < mappen

c:\docume~1\mamma\applic~1\adminf~1\ < mappen

c:\docume~1\jenny\applic~1\adminf~1\ <mappen

c:\docume~1\johanna\applic~1\adminf~1\ < mappen

c:\docume~1\torsten\applic~1\adminf~1\ < mappen

 

Starta sen normalt och ny Hijack logg.[/log]

 

[mightymido]

gjort det du skrev.

Hittade dock inte

c:\docume~1\julia\applic~1\adminf~1\ < mappen

c:\docume~1\mamma\applic~1\adminf~1\ < mappen

c:\docume~1\jenny\applic~1\adminf~1\ <mappen

c:\docume~1\johanna\applic~1\adminf~1\ < mappen

c:\docume~1\torsten\applic~1\adminf~1\ < mappen

 

när jag startade om i felsäkertläge. den enda som fanns var i adminstrator mappen. den tog jag bort.

 

här kommer hijackloggen igen. sonicstage ska bort och R1 med den konstiga adressen.

 

Vad ska jag göra?

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:42:55, on 2006-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.basntwyzencfn.com/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QTsI89viXWTdE7nsnojKRs1Myjd0Dm.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/'>http://www.dell.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {BDC7CEB9-02BD-88CB-6021-87404712EAF5} - C:\DOCUME~1\Johanna\APPLIC~1\16PROC~1\meet regs.exe (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Way grim proc meta] C:\Documents and Settings\All Users\Application Data\64 poke way grim\ruleload.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

 

[/log]

 

[Zipp.]

> den enda som fanns var i adminstrator mappen. den tog jag bort. <

 

Nu vet jag inte vad du menar med detta...tog du bort adminstrator mappen eller?

 

> sonicstage ska bort <

 

Varför om du menar detta O23 - Service: SonicStage SCSI Service

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.basntwyzencfn.com/VyZ2dQuB_R/08_x4zNJLzkhRz69XZVVpC9QT

sI89viXWTdE7nsnojKRs1Myjd0Dm.htm

O2 - BHO: (no name) - {BDC7CEB9-02BD-88CB-6021-87404712EAF5} - C:\DOCUME~1\Johanna\APPLIC~1\16PROC~1\meet regs.exe (file missing)

O4 - HKLM\..\Run: [Way grim proc meta] C:\Documents and Settings\All Users\Application Data\64 poke way grim\ruleload.exe

 

 

Starta sen i felsäkert läge och med dolda filer synliga ta bort om hittas

 

C:\DOCUME~1\Johanna\APPLIC~1\16PROC~1\ < mappen

C:\Documents and Settings\All Users\Application Data\64 poke way grim\ < mappen

 

Använd inte Sök funtionen utan följ stigen istället.

Starta sen normalt och ny logg.[/log]

 

[mightymido]

>> den enda som fanns var i adminstrator mappen. den tog jag bort. <<

 

>> Nu vet jag inte vad du menar med detta...tog du bort adminstrator mappen eller? <<

 

nej, tog bara bort c:\docume~1\administator\applic~1\adminf~1\ < mappen!

 

fortfarande så hittar jag inte det du frågar om. När jag letar i C:\DOCUME~1\Johanna\APPLIC~1 finns ingen 16 proc~1 mapp. Men du ser att det ska finnas en sådan?

 

tog bort de rutorna i hijack, här kommen den nya

 

 

[log]

 

Logfile of HijackThis v1.99.1

Scan saved at 18:15:13, on 2006-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\DSentry.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/'>http://www.dell.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

 

[/log]

 

sony shared är ett program som inte används längre, borde inte vara kvar i loggen tycker jag.

Vad finns kvar att rensa?

 

[Zipp.]

 

Loggen är ok.

Skriv i Kör fältet services.msc och Ok

Leta efter service med namn

 

SonicStage SCSI Service (SSScsiSV)

 

dubbelklicka på den och ändra Startmetod till Inaktiverad Verkställ och Ok

sen gör likadant med dessa

 

Sony SPTI Service (SPTISRV)

PACSPTISVR

MSCSPTISRV

 

har du ingen brandvägg så installera en.

 

[mightymido]

tack så mycket för din hjälp!

nu ser det mycket bättre ut.