Autostart

[umeboy]

varge gång jag startar datorn öppnas explorer och går tiorn med ll en sida som matar datorn med ISTbar 180serch ist powerscan och en massa skit....när jag kör antispyware tar den bort allting. har letat i startup programs men hittar inget som startar webbläsaren???? vart i helvete har dom lagt in så att webbläsaren startar när jag startar datorn och går till denna helvetes sida???

 

[btener]

Symantec har ett program som tar bort elendet:

 

http://securityresponse.symantec.com/avcenter/Fix180Sh.exe

 

 

[927]

 

kör även ad-aware 1.05, hjälper inte det så posta en hijack logg

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

[umeboy]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\wmplayer.exe

C:\WINDOWS\svchost.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nav32.exe

C:\Program\ICQ\ICQ.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\cs\Fix180Sh.exe

C:\Program\Winamp\Winamp.exe

C:\cs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01'>http://g.msn.se/0SESVSE/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [slXWuoA2] C:\WINDOWS\oageys.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [system] nav32.exe

O4 - HKLM\..\RunServices: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\RunServices: [system] nav32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [system] nav32.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunServices: [system] nav32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &NeoTrace It! - C:\Program\NEOTRA~1\NTXcontext.htm

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Program\NEOTRA~1\NTXtoolbar.htm (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2117287151768e82a817/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104072893397

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

[927]

 

bocka för dessa

 

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

 

O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [slXWuoA2] C:\WINDOWS\oageys.exe

 

O4 - HKCU\..\Run: [system] nav32.exe

 

O4 - HKCU\..\RunServices: [system] nav32.exe

 

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application

 

klicka på fix checked.

 

ta bort filerna (om dom hittas),

går dom inte få bort så får du starta om i felsäkert läge. då funkar det:

 

C:\WINDOWS\svchost.exe

C:\WINDOWS\oageys.exe

nav32.exe

wmplayer.exe

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat <--

 

 

jag är lite osäker på

[slXWuoA2] C:\WINDOWS\oageys.exe

 

om du vill så kolla egenskaper på filen osv, du kan även skicka upp den hit för en scan

http://virusscan.jotti.org