Just nu i M3-nätverket
Jump to content

OÖNSKAT PROGRAM!


grforma

Recommended Posts

Jag har fått in ett oönskat program i datorn!

Det kallar sig Image ActiveX Object.

Jag har kört PestPatrol och AVG utan att de programmen kunnat ta bort filerna.

Jag har även kört "Lägg till/ta bort program" och tagit bort programmet Image ActiveX Object, men det har inte lyckats ta bort alla filer!

 

Det har lagt sig på Program\Image ActiveX Object och innehåller filerna:

isadd.dll

isamini.exe

isamntr.exe

pmmnt.exe

pmsnrr.exe

 

När jag startar Internet Explorer så hoppar det över min inställda startsida och går till:

http://protectionband.com/

Detta verkar vara en falsk s.k. "säkerhetssida".

 

Emellanåt kommer en pop-upruta upp där det står något om "Critical Warning" - i denna ruta så är texten så felstavad att man förstår att det är falskt!

 

Finns det någon som känner till detta program - hur man tar bort det etc.??

/grforma

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:58:23, on 2007-02-23

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\Program\SPF\smc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program\AVG7\avgamsvr.exe

C:\Program\AVG7\avgupsvc.exe

C:\Program\AVG7\avgemc.exe

C:\Program\CA\SharedComponents\CA_LIC\lic98rmt.exe

C:\Program\DiskeeperWorkstation\DKService.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program\ConnectionKeeper\lfck.exe

C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Dit.exe

C:\WINNT\DitExp.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\rmctrl.exe

C:\Program\Atomic Clock Sync\Atomic.exe

C:\Program\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\Program\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\AVG7\avgcc.exe

C:\Program\OLYMPUS Studio\Os_Monitor.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program\SAMSUNG\FW LiveUpdate\Liveupdate.exe

C:\WINNT\system32\iid.exe

C:\Program\Java\bin\jusched.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\System32\SCardSvr.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Webshots\Webshots.scr

C:\Program\Skype\Plugin Manager\SkypePM.exe

C:\Program\Image ActiveX Object\isamntr.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Image ActiveX Object\pmmnt.exe

C:\Program\Image ActiveX Object\pmsnrr.exe

C:\Program\AVG7\avgwb.dat

C:\Program\Delade filer\pestpatrol\ppRemoteService.exe

C:\Program\Delade filer\pestpatrol\PPMCActiveDetection.exe

C:\WINNT\system32\mmc.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Image ActiveX Object\isamini.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sverige.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program\Image ActiveX Object\isadd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [skrivare] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [Mus] Logi_MwX.Exe

O4 - HKLM\..\Run: [Tangentbord] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [skanner] C:\Program\Microtek\ScanWizard 5\ScannerFinder.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [RemoteControl] C:\WINNT\system32\rmctrl.exe

O4 - HKLM\..\Run: [Atomklocka] C:\Program\Atomic Clock Sync\Atomic.exe

O4 - HKLM\..\Run: [DVD detekt] C:\Program\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [Volymkontroll] C:\Program\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AntiVirus] C:\Program\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [brandvägg] C:\Program\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [Gamma] C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - HKLM\..\Run: [Drive detekt] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [utforskaren] C:\Dokument

O4 - HKLM\..\Run: [internet] C:\Program\Internet Explorer\IEXPLORE.EXE

O4 - HKLM\..\Run: C:\Program\Outlook Express\msimn.exe

O4 - HKLM\..\Run: [Webshots] C:\Program\Webshots\Launcher.exe /t

O4 - HKLM\..\Run: [Olympus Studio] C:\Program\OLYMPUS Studio\Os_Monitor.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Name of App] C:\Program\SAMSUNG\FW LiveUpdate\Liveupdate.exe

O4 - HKLM\..\Run: [Net iD] C:\WINNT\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Webshots.lnk = C:\Program\Webshots\Launcher.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004010012} - https://cve.trust.telia.com/teliaeleg/iidsetup.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154478681703

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINNT\system32\higehsg.dll (file missing)

O23 - Service: Asset Management Daemon - Unknown owner - C:\Program\Portrait Displays\forteManager\dtsslsrv.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\AVG7\avgemc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\DiskeeperWorkstation\DKService.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\ConnectionKeeper\lfck.exe" --startAsService (file missing)

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program\Delade filer\pestpatrol\ppRemoteService.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\SPF\smc.exe

[/log]

 

 

 

Link to comment
Share on other sites

Jag försökte också att ta bort filerna:

isamini.exe

isamntr.exe

pmmnt.exe

pmsnrr.exe

 

genom "kill process" i HiJackThis, men fick svaret att:

"The selected process could not be killed. It may have already closed, or it may be protected by Windows."

 

Link to comment
Share on other sites

Jag fick bort filerna genom att köra "delete files on startup" i HiJackThis.

Visst filerna är borta men alla illasinnade ändringar i registret är kvar, de får man bort genom att använda SmitfraudFix enligt Zipps anvisningar.

 

Link to comment
Share on other sites

Jag har manuellt tagit bort dessa "illasinnade anvisníngar" från registret genom att köra sökningar på programmets namn och filernas namn.

Så brukar jag göra när det är något oÖnskat program som "kapar" datorn - denna gång så räckte inte detta utan jag behövde mer hjälp och det var "DeleteOnStartup" som hjälpte till!

 

PS Jag är trots allt ingen nybörjare utan väl bevandrad i registerhantering!!

 

 

TACK FÖR DIN HJÄLP!!

 

Link to comment
Share on other sites

Har du kollat att otrevligheten inte har varit inne och ändrat om i din Hosts-fil?

Är nyckeln som ger upphov till O21-raden i HijackThis-loggen borta?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...