Ta bort "Search the web" toolbar.

[Gäst idgadmin]

Har fått ett verktygsfält installerat som heter "Search the web" och kan ej bli av med det, hur får jag bort den? Nu är den reg. som "First Army" i visa fältet. Den poppar upp hela tiden även om jag bockar av den.

 

[Mij]

Ladda hem Ad-Aware, konfigurera det enligt info, uppdatera och scanna.

Tag bort det som hittas.

 

Ladda även hem HiJack This, och kör det efter att du har rensat med Ad-Aware.

Det är bara att dubbelklicka, klicka sedan på "Scan", sedan "Save log".

 

Spara loggen någonstans, tex på Skrivbordet.

Den öppnas med en gång, och då kopierar du hela innehållet, och klistrar in det här.

 

Sedan får du hjälp med att tolka den.

Tag inte bort något själv, det mesta är filer som tillhör systemet.

 

Ad-Aware:

http://www.lavasoftusa.com/swedish/support/download/

 

Inställningar av Ad-Aware:

http://www.lavasoftsupport.com/index.php?showtopic=14136

 

HiJack This:

http://www.spywareinfo.com/~merijn/downloads.html

 

 

 

[Gäst idgadmin]

 

Tack för tipsen, här är nuvarande log , vad skall bort?!!!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 20:36:10, on 2004-06-15

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\MSI\Live Update 2\LMonitor.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Microsoft Hardware\Mouse\point32.exe

C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program\PANICW~1\POP-UP~1\dpps2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Messenger Plus! 2\MsgPlus.exe

C:\Program\PestPatrol\PPControl.exe

C:\Program\PestPatrol\PPMemCheck.exe

C:\Program\PestPatrol\CookiePatrol.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Winamp\winampa.exe

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\WAVEPH~1\body joy.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE

C:\Program\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Program\MSI\Common\Bin\WinCinemaMgr.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\macromed\flash\GetFlash.exe

C:\Program\Delade filer\Real\Update_OB\rnathchk.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Theo\Lokala inställningar\Temporary Internet Files\Content.IE5\OXY3WXEV\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.google.se/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BC3CF42D-64A4-79AA-9A3D-2EFF0C184BDA} - C:\Program\JUMPPU~1\4 fork.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LiveMonitor] C:\Program\MSI\Live Update 2\LMonitor.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Program\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Program\PestPatrol\CookiePatrol.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Live Bike] C:\Program\WAVEPH~1\body joy.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [TaskTray] C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe

O4 - HKCU\..\Run: [TaskBar] C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\MSI\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Aurigma Image Uploader 2.0 - http://www.order.proprint.se/ImageUploader2.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

Tack på förhand

 

[Mij]

Hej.

 

Stäng alla öppna fönster, inklusive detta, och kör HJT igen.

Bocka i följande:

[FET]

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.google.se

/

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

 

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

 

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

 

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

 

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148

[/FET]

 

Detta kan tillhöra något program, tex skärmsläckare, om du har laddat ner/installerat något sådant:

[FET]

C:\Program\WAVEPH~1\body joy.exe

 

O4 - HKLM\..\Run: [Live Bike] C:\Program\WAVEPH~1\body joy.exe

[/FET]

Annars får du se om det får att avinstallera via

Lägg till/ta bort program i kontrollpanelen.

 

Klicka sedan på "Fix".

Starta om datorn.

Skapa en ny logg, och kopiera in den här.

-----------------------------------------------------------------

 

Mail: Mij@idgmail.se

 

[Gäst idgadmin]

 

Hej

 

Har bockat av enligt lista men de kommer tillbaka, här är log efter ytterligare en borttagning skall mer bort?

 

Scan saved at 11:20:44, on 2004-06-27

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\MSI\Live Update 2\LMonitor.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Microsoft Hardware\Mouse\point32.exe

C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program\PANICW~1\POP-UP~1\dpps2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\PestPatrol\PPControl.exe

C:\Program\PestPatrol\PPMemCheck.exe

C:\Program\PestPatrol\CookiePatrol.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Winamp\winampa.exe

C:\Program\WAVEPH~1\body joy.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Program\MSI\Common\Bin\WinCinemaMgr.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Real\Update_OB\rnathchk.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Theo\Lokala inställningar\Temporary Internet Files\Content.IE5\VE0AHIDN\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BC3CF42D-64A4-79AA-9A3D-2EFF0C184BDA} - C:\Program\JUMPPU~1\Mathsave.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LiveMonitor] C:\Program\MSI\Live Update 2\LMonitor.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Program\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Program\PestPatrol\CookiePatrol.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Live Bike] C:\Program\WAVEPH~1\body joy.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [TaskTray] C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe

O4 - HKCU\..\Run: [TaskBar] C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\MSI\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Aurigma Image Uploader 2.0 - http://www.order.proprint.se/ImageUploader2.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

Gör jag sök på progam C:\Program\WAVEPH~1\body joy.exe

och kommer det upp, hur får jag bort det? Söker jag C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe kommer det upp att platsen ej är tillgänglig eller vid sista sökningen till mapp med samma namn att sökningen är färdig, det går inte att söka på övriga delar av datorn. Tacksam för all hjälp att bli av med detta elände