Just nu i M3-nätverket
Jump to content

Rensat det mesta, men får inte bort CID-reklam.


Pazzil

Recommended Posts

Hjälper en vän som har lite väl klåfingriga barn.

Rensat bort det mesta med både NOD32 och SUPERAntiSpyware Free Edition.
Men kan inte få bort CID-reklam som ploppar upp hela tiden.
Söker man även via google så blir det stopp direkt...

Hoppas på hjälp för denna gång vägrar jag göra ominstallation, måste gå att lösa...

Körde först NoLop och fick denna logg:

NoLop! Log by Skate_Punk_21

Fix running from: H:\
[2008-06-30]
[22:30:17]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A80D8704918A3940.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\A32w
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\David\Application Data\Adobe
C:\Documents and Settings\David\Application Data\Ashampoo
C:\Documents and Settings\David\Application Data\Dvdcss
C:\Documents and Settings\David\Application Data\Getrighttogo
C:\Documents and Settings\David\Application Data\Google
C:\Documents and Settings\David\Application Data\Hamachi
C:\Documents and Settings\David\Application Data\Help  -- EMPTY Directory
C:\Documents and Settings\David\Application Data\Identities
C:\Documents and Settings\David\Application Data\Installshield
C:\Documents and Settings\David\Application Data\Leadertech
C:\Documents and Settings\David\Application Data\Macromedia
C:\Documents and Settings\David\Application Data\Media Player Classic
C:\Documents and Settings\David\Application Data\Microsoft
C:\Documents and Settings\David\Application Data\Mirc
C:\Documents and Settings\David\Application Data\Mozilla
C:\Documents and Settings\David\Application Data\Opera
C:\Documents and Settings\David\Application Data\Securom
C:\Documents and Settings\David\Application Data\Skype
C:\Documents and Settings\David\Application Data\Sony Ericsson
C:\Documents and Settings\David\Application Data\Sports Interactive
C:\Documents and Settings\David\Application Data\Sun
C:\Documents and Settings\David\Application Data\Superantispyware.com
C:\Documents and Settings\David\Application Data\Teamspeak2
C:\Documents and Settings\David\Application Data\Teleca
C:\Documents and Settings\David\Application Data\Thunkreal
C:\Documents and Settings\David\Application Data\Turbine
C:\Documents and Settings\David\Application Data\Utorrent
C:\Documents and Settings\David\Application Data\Ventrilo
C:\Documents and Settings\David\Application Data\Vlc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

Körde sedan Hijackthis och fick denna logg:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:43, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\razer\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
D:\razer\razerofa.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: {a4cb7be7-5d87-97ca-d6f4-a8a8672f76bd} - {db67f276-8a8a-4f6d-ac79-78d57eb7bc4a} - C:\WINDOWS\system32\ejgahi.dll (file missing)
O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Diamondback] D:\razer\razerhid.exe
O4 - HKLM\..\Run: [00bd5895] rundll32.exe "C:\WINDOWS\system32\mwiurchc.dll",b
O4 - HKLM\..\Run: [bM038e6b09] Rundll32.exe "C:\WINDOWS\system32\qrbxciay.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5474 bytes

Hoppas på hjälp. MVH Staffan som sliter sig i håret just nu!!!

Link to comment
Share on other sites

Verkar som det faktiskt gar löst sig nu! Nu kan man äntligen göra Windows Update, nu kommer inga popupfönster med, datorn startar igång snabbare.

Malwarebytes Antimalware hittade flertalet saker.

Har gjort som du sa 927. Har kört Malwarebytes antimalware, startat om datorn, kört igen (då hittade den inget) och lägger upp den nya loggen här:

Malwarebytes' Anti-Malware 1.19
Databasversion: 899
Windows 5.1.2600 Service Pack 2

20:29:50 2008-07-01
mbam-log-7-1-2008 (20-29-50).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)
Antal skannade objekt: 85391
Förfluten tid: 20 minute(s), 53 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)


Och här är den nya hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:42, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
D:\razer\razerofa.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: {a4cb7be7-5d87-97ca-d6f4-a8a8672f76bd} - {db67f276-8a8a-4f6d-ac79-78d57eb7bc4a} - C:\WINDOWS\system32\ejgahi.dll (file missing)
O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Diamondback] D:\razer\razerhid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5211 bytes


Det jag mest tycker ser fel ut är raden:

"O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe"


Link to comment
Share on other sites

den raden du nämner är rester av Lop, bocka för och fixa den raden i hjt.
ta bort mappen C:\Documents and Settings\David\Application Data\Thunkreal

Link to comment
Share on other sites

Nu är datorn helt som den ska vara. Hittar inget onormalt överhuvudtaget nu!
Tog bort raden via hjt, tog bort mappen, starta om datorn och allt är perfekt.

Tack för hjälpen 927, det var Malwarebytes Antimalware som gjorde biffen!
Det var verkligen värt att rensa bort det som var fel istället för att göra en ominstallation.
Nu är datorn som den var innan sketungarna pilla på den.

Åter, tack för hjälpen.

Link to comment
Share on other sites

du hade en även en vundoinfektion och just detta är MBAM speciellt bra emot men det var bra av dig att köra nolop!

Link to comment
Share on other sites

  • 3 months later...

Har precis samma problem. Har testat det jag hittat här på forumet men inget har hjälpt.
Kan du hjälpa till?
Loggen ser ut så här:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:26, on 2008-10-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\AVG\AVG8\avgam.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ägaren\Skrivbord\NoLop.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Comp Download.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209530381171
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 7536 bytes

Link to comment
Share on other sites

Ladda ner NoLop till Skrivbordet:
http://www.spywareedge.net/nolop/NoLop.exe
Stäng alla program för datorn kommer att startas om.
Dubbelklicka på NoLop för att starta det.
Klicka på Search and Destroy
Om något hittas så kommer det ett meddelande om att starta om datorn, klicka då på OK
Klicka på Reboot
Ett meddelande borde komma upp från NoLop, om inte så dubbelklicka på programmet igen och det kommer att göra det sista.

Klistra in C:\NoLop.log och en ny HijackThis-logg i ditt svar.

Link to comment
Share on other sites

  • 3 weeks later...

Då får du börja med HijackThis. Ladda ner från en av länkarna:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Link to comment
Share on other sites

@ Pbj:
Vet inte om det bara blev fel när du klistrade in loggtexten men...

C:\WINDOWS\system3 2\lsass.exe
C:\WINDOWS\system 32\svchost.exe

Ta en titt på ovanstående rader i din HJT-logg och observera noga mellanslagen mellan

  • 3:an och 2:an i första raden
  • system och 32 i andra raden
Kolla om du hittar de mapparna och ta bort dem men kontrollera noga eftersom dessa filer och mappar i vanliga fall finns och ska finnas kvar i Windows.

Ta endast bort de mappar med mellanslag i namnet (om du hittar några såna)!
Link to comment
Share on other sites

@ Pbj:
Vet inte om det bara blev fel när du klistrade in loggtexten men...

C:\WINDOWS\system3 2\lsass.exe
C:\WINDOWS\system 32\svchost.exe

Ta en titt på ovanstående rader i din HJT-logg och observera noga mellanslagen mellan

  • 3:an och 2:an i första raden
  • system och 32 i andra raden
Kolla om du hittar de mapparna och ta bort dem men kontrollera noga eftersom dessa filer och mappar i vanliga fall finns och ska finnas kvar i Windows.

Ta endast bort de mappar med mellanslag i namnet (om du hittar några såna)!

Det är forumet som lägger in mellanrum då och då i loggar utav någon outgrundlig anledning.
Så inget att bry sig om.
Link to comment
Share on other sites

Det är forumet som lägger in mellanrum då och då i loggar utav någon outgrundlig anledning.
Så inget att bry sig om.

Det var det jag misstänkte... Torr
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.×
×
  • Create New...