Jobbigt verktygsfält!!

[Moy]

Hej!

När jag startar webläsaren kommer det upp ett blått verktygsfält i nedre kanten. Vad kommer den ifrån? Finns det något sätt att ta bort den / förhindra att den kommer upp?

 

 

 

 

[inlägget ändrat 2004-10-21 22:44:46 av Moy]

[Zipp.]

 

Ladda ner HijackThis och scanna dator med det och skicka hit loggen sen så ska vi ta en titt på den.

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

 

[Moy]

Okej! Här är loggen:

 

Logfile of HijackThis v1.98.2

Scan saved at 23:23:54, on 2004-10-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

D:\saker\powerstrip\pstrip.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\WINDOWS\SM1BG.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\csc32.exe

C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

D:\saker\Daemon\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

D:\spel\steam\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Ventrilo\Ventrilo.exe

D:\saker\VTserver\ventrilo_srv.exe

d:\spel\steam\steamapps\mattias1990@hotmail.com\counter-strike\hl.exe

C:\Program Files\mIRC\mirc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\HjT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hicracltavrzxeynmndk.com/k4rx771qz8V2Jh5/jshdIWQ8OvbiERqNf3TqPjbWEF_rx_atdhKuF7Do0dBC99h7.cgi

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program\NewDotNet\newdotnet6_38.dll

O2 - BHO: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O2 - BHO: (no name) - {8BC56EB2-2537-19E7-4551-575A4100C02C} - C:\DOCUME~1\Fredrik\APPLIC~1\SLOWBU~1\fraggram.exe

O2 - BHO: (no name) - {D0069B14-B8E9-1DBF-1368-4CBC85D558E0} - C:\DOCUME~1\Mattias\APPLIC~1\SLOWBU~1\fraggram.exe (file missing)

O2 - BHO: C:\WINDOWS\lbbho.dll - {FA8E40A4-69E1-41E3-9F7C-50D0F59FBFB7} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\program\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerStrip] d:\saker\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [svchot] C:\WINDOWS\System32\svchot.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\csc32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sysA] C:\windows\system32\wincfh32.exe

O4 - HKLM\..\Run: [infoPenMSN] C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

O4 - HKLM\..\Run: [sTART BIKE DENT FAST] C:\Documents and Settings\All Users\Application Data\online bolt start bike\five bat.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\saker\Daemon\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\Program\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Flap Ooze Soft Eq] C:\Documents and Settings\All Users\Application Data\JoyRectFlapOoze\HoleAmok.exe

O4 - HKCU\..\Run: [steam] "d:\spel\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O8 - Extra context menu item: AltaVista Sökning - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Translate - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (ALTAVISTA) - http://toolbar.altavista.com/static/toolbar/altavista.cab?r=1098303341

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098293380750

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

 

 

 

 

[Zipp.]

 

Ladda ner whndnfix.zip

 

http://digital-solutions.co.uk/lavasoft/whndnfix.zip

 

Sen avinstallera via Kontrollpanelen

 

New.Net eller NewDot.Net

 

Får du problem att komma in på nätet efter det så unzippa och kör whndnfix.zip

 

Skicka sen en ny Hijack logg

 

[Moy]

Här är den nya loggen:

 

Logfile of HijackThis v1.98.2

Scan saved at 00:23:57, on 2004-10-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\saker\powerstrip\pstrip.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\csc32.exe

C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

C:\Program\Internet Explorer\iexplore.exe

D:\saker\Daemon\daemon.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

D:\spel\steam\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Personal Firewall\ccPxySvc.exe

C:\Program\Symantec\LiveUpdate\AUpdate.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\HjT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hicracltavrzxeynmndk.com/k4rx771qz8V2Jh5/jshdIWQ8OvbiERqNf3TqPjbWEF_rx_atdhKuF7Do0dBC99h7.cgi

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O2 - BHO: (no name) - {8BC56EB2-2537-19E7-4551-575A4100C02C} - C:\DOCUME~1\Fredrik\APPLIC~1\SLOWBU~1\fraggram.exe

O2 - BHO: (no name) - {D0069B14-B8E9-1DBF-1368-4CBC85D558E0} - C:\DOCUME~1\Mattias\APPLIC~1\SLOWBU~1\fraggram.exe (file missing)

O2 - BHO: C:\WINDOWS\lbbho.dll - {FA8E40A4-69E1-41E3-9F7C-50D0F59FBFB7} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\program\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerStrip] d:\saker\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [svchot] C:\WINDOWS\System32\svchot.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\csc32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sysA] C:\windows\system32\wincfh32.exe

O4 - HKLM\..\Run: [infoPenMSN] C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

O4 - HKLM\..\Run: [sTART BIKE DENT FAST] C:\Documents and Settings\All Users\Application Data\online bolt start bike\five bat.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\saker\Daemon\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Flap Ooze Soft Eq] C:\Documents and Settings\All Users\Application Data\JoyRectFlapOoze\HoleAmok.exe

O4 - HKCU\..\Run: [steam] "d:\spel\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O8 - Extra context menu item: AltaVista Sökning - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Translate - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (ALTAVISTA) - http://toolbar.altavista.com/static/toolbar/altavista.cab?r=1098303341

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098293380750

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

 

 

[inlägget ändrat 2004-10-22 00:25:22 av kort]

[Zipp.]

Avinstallera via Kontrollpanelen om dom finns där

 

MyWay

MessengerPlus3

 

 

Sätt dolda filer synliga titta här hur man gör

 

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20020927

15262339

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hicracltavrzxeynmndk.com/k4rx771qz8V2Jh5/jshdIWQ8OvbiE

RqNf3TqPjbWEF_rx_atdhKuF7Do0dBC99h7.cgi

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: (no name) - {8BC56EB2-2537-19E7-4551-575A4100C02C} - C:\DOCUME~1\Fredrik\APPLIC~1\SLOWBU~1\fraggram.exe

O2 - BHO: (no name) - {D0069B14-B8E9-1DBF-1368-4CBC85D558E0} - C:\DOCUME~1\Mattias\APPLIC~1\SLOWBU~1\fraggram.exe (file missing)

O2 - BHO: C:\WINDOWS\lbbho.dll - {FA8E40A4-69E1-41E3-9F7C-50D0F59FBFB7} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [svchot] C:\WINDOWS\System32\svchot.exe

O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\csc32.exe

O4 - HKLM\..\Run: [sysA] C:\windows\system32\wincfh32.exe

O4 - HKLM\..\Run: [sTART BIKE DENT FAST] C:\Documents and Settings\All Users\Application Data\online bolt start bike\five bat.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Flap Ooze Soft Eq] C:\Documents and Settings\All Users\Application Data\JoyRectFlapOoze\HoleAmok.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O9 - Extra button: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3B662F7A-A611-49DB-AC7E-CF4F2E68EF4E} - (no file) (HKCU)

 

 

 

Starta sen i felsäket läge sök och ta bort

 

lbbho.dll

svchot.exe

csc32.exe

wincfh32.exe

 

C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

- ta bort MyWay mappen

 

C:\DOCUME~1\Fredrik\APPLIC~1\SLOWBU~1\fraggram.exe

- ta bort SLOWBU~1 mappen

 

:\Documents and Settings\All Users\Application Data\online bolt start bike\five bat.exe

- ta bort online bolt start bike mappen

 

C:\Program\Messenger Plus! 3\MsgPlus.exe"

- ta bort Messenger Plus! 3 mappen

 

C:\Documents and Settings\All Users\Application Data\JoyRectFlapOoze\HoleAmok.exe

- ta bort JoyRectFlapOoze mappen

 

 

Starta sen normalt och skicka en ny Hijack logg så tittar jag på den i morgon

 

[Moy]

Jag hittade inte allt men tog bort det mesta. Det blåa verktygsfältet har försvunnit! Tack så mycket!

 

När man gör en scan med Hijack, hur vet man vad man ska ta bort??

 

Här är den senaste loggen:

 

Logfile of HijackThis v1.98.2

Scan saved at 10:06:12, on 2004-10-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\saker\powerstrip\pstrip.exe

C:\WINDOWS\SM1BG.EXE

C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

D:\saker\Daemon\daemon.exe

D:\spel\steam\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\HjT\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O3 - Toolbar: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\ALTAVI~1.DLL

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\program\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerStrip] d:\saker\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [infoPenMSN] C:\Program\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\saker\Daemon\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\csc32.exe

O4 - HKCU\..\Run: [steam] "d:\spel\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

O8 - Extra context menu item: AltaVista Sökning - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Translate - file://C:\Program\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (ALTAVISTA) - http://toolbar.altavista.com/static/toolbar/altavista.cab?r=1098303341

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098293380750

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{07FA4ABC-2174-4364-A38A-3F877BADA0E8}: NameServer = 81.26.226.3,81.26.229.3

 

 

 

 

[inlägget ändrat 2004-10-22 10:11:03 av kort]

[Zipp.]

 

Bocka i raden och FIX:sa

 

O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\csc32.exe

 

 

Starta sen i felsäket läge sök och ta bort om du hittar

 

csc32.exe

 

 

 

>När man gör en scan med Hijack, hur vet man vad man ska ta bort??<

 

Man måste känna igen vilken rad är ok och vilken är typ spyware,adware virus ,trojan...osv

 

 

 

 

 

[Moy]

 

Okej men tack!