Just nu i M3-nätverket
Gå till innehåll
TAL

Ofrivillig startsida i Explorer

Rekommendera Poster

1 http://www.gigasearch.biz/?126 har etablerat sig som startsida i Intetnet Explorer. Om jag ställer omdet till min vanliga Startsida under Internet Alernativ då kommer det ändå tillbaka när jag öppnar Explorer igen.

 

2 Det har också installerat en sökrad (liknande som Google har) vilken kommer upp huvudet även när jag öppnar en vanlig mapp. Jag har stängt av raden genom att välja bort den vid högerklicksval. Men den kommer också tillbaka vid nästa öppning.

 

3 Under Windows/Application Data finn en GIGASoft mapp men i den finns bara .ini filer. Själva startfilen finns gömd någon annanstans. När jag slänger bort hela mappen den dyker upp igen när jag nästa gång öppnar datorn.

 

4 I mappen Läggtill-ta bort program finns GIGA Soft men det "hoppar undan" när jag vill ta bort det. Jag har försökt med Ad-aware men den hittar inget med liknande namn. Jag har slängt bort ett stort antal misstänkta filer dock utan resultat.

 

Hjälp!!!!!

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

Förlåt! Jag fattade lite trögt. Här kommer det:

Logfile of HijackThis v1.98.2

Scan saved at 19:44:41, on 2004-10-09

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE

C:\WINDOWS\SYSTEM\SMARTSCAPS.EXE

C:\WINDOWS\SYSTEM\ATI2PLXX.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\IRMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM\NUCAM CORP\CAMCHECK\CAMCHECK.EXE

C:\PROGRAM\VANLIGA FILER\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\PROGRAM\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\ATI2CWXX.EXE

C:\PROGRAM\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE

C:\PROGRAM\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE

C:\WINDOWS\START-MENYN\PROGRAM\AUTOSTART\CDCONTROL.EXE

C:\PROGRAM\DATE MANAGER\DATEMANAGER.EXE

C:\PROGRAM\PRECISIONTIME\PRECISIONTIME.EXE

C:\PROGRAM\NETSCAPE\NETSCAPE\NETSCAPE.EXE

C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NEHOTKEY.EXE

C:\PROGRAM\ICQ\ICQ.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SKRIVBORD\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/'>http://search123.biz/'>http://search123.biz/'>http://search123.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2'>http://4-counter.com/?a=2'>http://4-counter.com/?a=2'>http://4-counter.com/?a=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm'>http://awebfind.biz/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search123.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search123.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gigasearch.biz/?126

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.runsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.myhandysearch.com/s.html

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://search123.biz/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GIGA32.DLL

N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Mina dokument\\Startsida.htm"); (C:\Program\Netscape\Users\consus\prefs.js)

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM\DAP\DAPIEBAR.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\SYSTEM\MSHELPER.DLL (file missing)

O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\IGUOOXE.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GIGA32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Sök i NE - {ACECC8E8-45A5-41ec-A82A-B3363103E293} - C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL

O3 - Toolbar: GIGA Search - {D941BEA3-81E9-4033-8822-A733E2A91698} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GIGA32.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [CamCheck] "C:\Program\NuCam Corp.\CamCheck\CamCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\NDetect.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [spy] C:\WINDOWS\Agent007.exe -X

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [instantAccess] C:\PROGRAM\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRAM\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE /service

O4 - HKLM\..\RunServices: [smartScaps] C:\WINDOWS\SYSTEM\Smartscaps.exe

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe

O4 - HKCU\..\Run: [service Manager] C:\windows\dxsound.exe

O4 - HKCU\..\RunOnce: [iCQ] C:\PROGRAM\ICQ\ICQ.EXE -trayboot

O4 - Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O4 - Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program\Vanliga filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Cdcontrol.exe

O4 - Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe

O4 - Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Mail & Newsgroups.lnk = C:\Program\Netscape\Netscape\netscape.exe

O4 - Startup: NE sökverktyg 2.0.lnk = C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeHotKey.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRAM\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O8 - Extra context menu item: Sök i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeSearch.html

O8 - Extra context menu item: Översätt i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeTranslate.html

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRAM\DAP\DAP.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .sgn: C:\PROGRAM\INTERN~1\PLUGINS\npSign.dll

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://bpterkep.index.hu/MGViewer/ActiveX/mgaxctrl.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.184.2.137/activex/AxisCamControl.cab

O16 - DPF: Oracle Express Web Agent 6_3_2 - http://www.ksh.hu/oew-install/java/owa632.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.05.04&http://62.3.133.18/SE/24_3d_view_my_car_pop.jsp

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/se/win/QuickTimeFullInstaller.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - http://support.telia.se/sdccommon/download/tgctlsr.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://66.98.190.22//04/msits.exe

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.ne.se/sokverktyg/installation/setup.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/1085/online.chm::/on-line.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

ojdå...

gör så att du kollar i lägg till/ta bort program och avinst de som inte ska va där.

sen tankar du ad-aware se 1.05, uppdaterar programmet och väljer full system scan, scannar datorn o tar bort det som hittas.

posta sen en ny hjt logg

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Som jag skrev under punkt 4 i mitt första brev hade jag redan gjort båda delarna. Jag har gjort om det en gång till. Nu har jag också försökt rensning såväl med Hijack this som med Spybot och även rensat upp lite med regedit. Problemet är att jag inte vet riktigt var i min dator har de gömt den skadliga botfilen/-filerna och under vilket namn. Här är log filen efter de senaste åtgärderna:

 

Logfile of HijackThis v1.98.2

Scan saved at 07:40:41, on 2004-10-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE

C:\WINDOWS\SYSTEM\SMARTSCAPS.EXE

C:\WINDOWS\SYSTEM\ATI2PLXX.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\IRMON.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM\NUCAM CORP\CAMCHECK\CAMCHECK.EXE

C:\PROGRAM\VANLIGA FILER\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\PROGRAM\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\PROGRAM\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\ATI2CWXX.EXE

C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE

C:\PROGRAM\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE

C:\PROGRAM FILES\WINDOWS SYNCROAD\WINSYNC.EXE

C:\PROGRAM\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE

C:\WINDOWS\START-MENYN\PROGRAM\AUTOSTART\CDCONTROL.EXE

C:\PROGRAM\DATE MANAGER\DATEMANAGER.EXE

C:\PROGRAM\PRECISIONTIME\PRECISIONTIME.EXE

C:\PROGRAM\NETSCAPE\NETSCAPE\NETSCAPE.EXE

C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NEHOTKEY.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SKRIVBORD\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\Mina dokument\Startsida.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:1080

N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Mina dokument\\Startsida.htm"); (C:\Program\Netscape\Users\consus\prefs.js)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Sök i NE - {ACECC8E8-45A5-41ec-A82A-B3363103E293} - C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [CamCheck] "C:\Program\NuCam Corp.\CamCheck\CamCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [spy] C:\WINDOWS\Agent007.exe -X

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [instantAccess] C:\PROGRAM\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRAM\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe"

O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE /service

O4 - HKLM\..\RunServices: [smartScaps] C:\WINDOWS\SYSTEM\Smartscaps.exe

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O4 - Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program\Vanliga filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Cdcontrol.exe

O4 - Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe

O4 - Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Mail & Newsgroups.lnk = C:\Program\Netscape\Netscape\netscape.exe

O4 - Startup: NE sökverktyg 2.0.lnk = C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeHotKey.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRAM\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O8 - Extra context menu item: Sök i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeSearch.html

O8 - Extra context menu item: Översätt i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeTranslate.html

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRAM\DAP\DAP.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .sgn: C:\PROGRAM\INTERN~1\PLUGINS\npSign.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://bpterkep.index.hu/MGViewer/ActiveX/mgaxctrl.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.184.2.137/activex/AxisCamControl.cab

O16 - DPF: Oracle Express Web Agent 6_3_2 - http://www.ksh.hu/oew-install/java/owa632.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - http://support.telia.se/sdccommon/download/tgctlsr.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.ne.se/sokverktyg/installation/setup.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c5506aad20fecaa3d5cb04acf413928adc29db9811cc8be69f59a9ce37bcd2e04a72cc6864f2ba73aeb16c3c268cdf5afe25d7:9306d5722541017638288ee59daa1811

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

blir ett snabbsvar för jag måste till jobbet nu...

 

datemanager ska bort, kan du inte avinst det på vanligt vis?

 

denna tjänst är jag lite undrande över

O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE /service

 

stäng ner internet bocka i desa i hjt

 

O4 - Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe

 

O16 - DPF: Oracle Express Web Agent 6_3_2 - http://www.ksh.hu/oew-install/java/owa632.cab

 

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c5506aad20

 

vad har du för problem just nu?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tack för dina ansträngningar!

Nu har jag gjort alla föreslagna ändringar. Jag avlägsnadedet praktiska datamanager programmet och de övriga raderna. Det sistnämnda resulterade i en mindre kaos i systemet och att jag råkade ut för "Prorammap" syndromen - det dök upp vid start av dator. Nu har jag fixat alla nya problem och saknar Data managers praktiska funktion men såväl startsida problemet som det generella "toolbar" spöket har jag kvar. Jag bifogar senaste logfilen om du har ork och ev idéer kvar.

Logfile of HijackThis v1.98.2

Scan saved at 14:21:38, on 2004-10-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\SYSTEM32\RDM\NETWORKD.EXE

C:\WINDOWS\SYSTEM\SMARTSCAPS.EXE

C:\WINDOWS\SYSTEM\ATI2PLXX.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\IRMON.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM\NUCAM CORP\CAMCHECK\CAMCHECK.EXE

C:\PROGRAM\VANLIGA FILER\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\PROGRAM\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\ATI2CWXX.EXE

C:\PROGRAM\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE

C:\PROGRAM\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE

C:\WINDOWS\START-MENYN\PROGRAM\AUTOSTART\CDCONTROL.EXE

C:\PROGRAM\NETSCAPE\NETSCAPE\NETSCAPE.EXE

C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NEHOTKEY.EXE

C:\PROGRAM\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SKRIVBORD\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\Mina dokument\Startsida.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Mina dokument\\Startsida.htm"); (C:\Program\Netscape\Users\consus\prefs.js)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Sök i NE - {ACECC8E8-45A5-41ec-A82A-B3363103E293} - C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [CamCheck] "C:\Program\NuCam Corp.\CamCheck\CamCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [spy] C:\WINDOWS\Agent007.exe -X

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [instantAccess] C:\PROGRAM\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRAM\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [Windows SyncroAd] "C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe"

O4 - HKLM\..\RunServices: [smartScaps] C:\WINDOWS\SYSTEM\Smartscaps.exe

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O4 - Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program\Vanliga filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Cdcontrol.exe

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Mail & Newsgroups.lnk = C:\Program\Netscape\Netscape\netscape.exe

O4 - Startup: NE sökverktyg 2.0.lnk = C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeHotKey.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRAM\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O8 - Extra context menu item: Sök i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeSearch.html

O8 - Extra context menu item: Översätt i NE - res://C:\PROGRAM\NATIONALENCYKLOPEDIN\NE_SOKVERKTYG_20\NETOOLBAR.DLL/NeTranslate.html

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRAM\DAP\DAP.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .sgn: C:\PROGRAM\INTERN~1\PLUGINS\npSign.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://bpterkep.index.hu/MGViewer/ActiveX/mgaxctrl.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.184.2.137/activex/AxisCamControl.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/se/win/QuickTimeFullInstaller.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - http://support.telia.se/sdccommon/download/tgctlsr.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.ne.se/sokverktyg/installation/setup.exe

 

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Prova CWshredder och kör i felsäkert läge. Sök hämtplats med hjälp av google

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

Tack alla hjhälpsamma! Eftersom ingenting hjälpte gick jag i ren desperation in i regedit och sökte efter "GIGA". Jag hittade ett 20-tal keys mm. När jag manuellt tagit bort dem de var problemet borta.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

ärligt talat så glömde jag bort det problemet med att du inte kunde ta bort det programmet, för nåt gigasoft syntes ju inte i hjt loggen.

 

ang date manager som ju är en slags kalender men det programmet kommer ifrån det ökända företaget gator.

här finns lite info

http://www.gainpublishing.com/about/

 

vill ha date mangager så är det ju bara att du inst det igen men om det går så försöka att välja bort tilläggs programmen som jag antar följer med.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...