Gå til innhold

» Data » IKT-drift og sikkerhet

[Løst] hjelp med å fjerne: "Kiwi Toolbar"

magmanthe

Av magmanthe
23. januar 2009 i IKT-drift og sikkerhet

Anbefalte innlegg

magmanthe

magmanthe

Skrevet 23. januar 2009

- Del

Skrevet 23. januar 2009

Hei, en venn av familien har fått installert "Kiwi Toolbar" på sin maskin.

Den ligger som en Plug-in i FireFox

ligger som en egen mappe i startmenyen

Ligger også som en egen mappe på C:

og den finns i "Legg til/fjern maskinvare"

Det virker som om dette programmet ødelegger for Msn Live Messenger og Internet Explorer.

Når maskina starter opp, og MSN skal prøve å logge på, kommer det opp en feilmelding boks, hvor det helt enkelt står: "NULL" og en OK-knapp. Boksens tittel er: "pyagcore.search."

De kan heller ikke gå inn på nettet via IE, kun Firefox som virker.

Jeg har prøvd å gå inn i "legg til/fjern" og avinstallere den der, men det går ikke. Trykker på uninstall, men det skjer ingenting.

Kjørt: AdAware og AdAware AE, SpyBot Search and Destroy, men de klarer ikke å fjerne den.

Som sagt, den ligger som Add-on i FireFox, og der kan jeg velge å slå den av og på, men uninstall-knappen er "grå-markert" (altså, går ikke å trykke på den)

Er det noen her som har vært borti dette programmet før?

Noen som har forlag på hvordan jeg skal få den bort, helst uten å formatere?

Mvh Magmanthe

Lenke til kommentar

Videoannonse

Annonse

raWrz

raWrz

Skrevet 23. januar 2009

- Del

Skrevet 23. januar 2009

hei kjør igjennom veiledningen som er linket øverst i signaturen min

Lenke til kommentar

3 uker senere...

magmanthe

magmanthe

Skrevet 9. februar 2009

Forfatter

- Del

Skrevet 9. februar 2009 (endret)

Okey, jeg har NÅ fått tak i programmene jeg trenger, OG pcen det er snakk om.

Har også fått kjørt de 2 programmene, og her kommer rapportene fra scannene:

MBAM:

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1740

Windows 5.1.2600 Service Pack 3

09.02.2009 17:34:18

mbam-log-2009-02-09 (17-34-18).txt

Skanntype: Rask Skann

Objekter skannet: 59356

Tid tilbakelagt: 11 minute(s), 7 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

COMBOFIX

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-02-08.02 - Hanne 2009-02-09 17:38:35.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.556 [GMT 1:00]

Kjører fra: c:\documents and settings\Hanne\Mine dokumenter\Ny mappe\ComboFix.exe

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-09 til 2009-02-09 )))))))))))))))))))))))))))))))))

.

2009-02-09 17:35 . 2009-02-05 06:06 <DIR> d-------- C:\32788R22FWJFW

2009-02-09 17:21 . 2009-02-09 17:21 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-02-09 17:21 . 2009-02-09 17:21 <DIR> d-------- c:\documents and settings\Hanne\Programdata\Malwarebytes

2009-02-09 17:21 . 2009-02-09 17:21 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-02-09 17:21 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-09 17:21 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-25 10:13 . 2009-01-25 10:13 <DIR> d--hs---- C:\FOUND.000

2009-01-23 11:14 . 2009-01-23 11:14 <DIR> d-------- c:\documents and settings\Bruker\Tracing

2009-01-21 21:57 . 2009-01-21 21:58 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy

2009-01-21 21:57 . 2009-01-21 21:58 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2009-01-21 21:14 . 2009-01-21 21:15 <DIR> d-------- c:\documents and settings\Hanne\Tracing

2009-01-21 21:08 . 2009-01-21 21:08 <DIR> d-------- c:\programfiler\Microsoft

2009-01-21 21:07 . 2009-01-21 21:07 <DIR> d-------- c:\programfiler\Windows Live SkyDrive

2009-01-21 21:02 . 2009-01-21 21:02 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live

2009-01-21 19:56 . 2009-01-21 19:56 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-01-21 19:54 . 2009-01-21 19:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft

2009-01-21 19:54 . 2009-01-21 19:54 <DIR> d--h----- c:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-21 19:21 . 2009-01-21 19:21 77,312 --a------ c:\windows\ua2.dll

2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Iomatic

2009-01-21 19:12 . 2009-01-21 19:12 <DIR> d-------- c:\programfiler\Lavasoft

2009-01-21 19:12 . 2009-01-21 19:12 <DIR> d-------- c:\documents and settings\Hanne\Programdata\Lavasoft

2009-01-15 21:40 . 2009-01-15 21:40 <DIR> d--hs---- C:\FOUND.011

2009-01-15 21:34 . 2009-01-15 21:34 <DIR> d--hs---- C:\FOUND.010

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-01 17:19 --------- d-----w c:\programfiler\GameSpy Arcade

2008-12-30 20:44 --------- d-----w c:\programfiler\Bonjour

2008-12-30 20:37 --------- d-----w c:\documents and settings\NetworkService\Programdata\agi

2008-12-30 19:25 --------- d-----w c:\programfiler\iTunes

2008-12-30 19:25 --------- d-----w c:\programfiler\iPod

2008-12-30 19:25 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-30 19:23 --------- d-----w c:\programfiler\QuickTime

2008-12-30 19:21 --------- d-----w c:\programfiler\Apple Software Update

2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-12-12 03:08 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-12-09 10:10 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

2008-11-18 18:52 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL

2008-07-06 20:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008070620080707\index.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

2008-09-23 20:01 277648 --a------ c:\programfiler\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\programfiler\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-09-23 277648]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\programfiler\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-09-23 277648]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]

"RemoteControl"="c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"ntiMUI"="c:\programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 438272]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-12-10 185896]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-02 509784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-07-19 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-06-29 45056]

Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"KiweeHook"=c:\programfiler\Kiwee Toolbar\2.8.167\kwtbaim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-21 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2008-12-21 362544]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.005\IDSxpx86.sys [2009-01-29 276344]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

R2 Norton AntiVirus;Norton AntiVirus;c:\programfiler\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-21 115560]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-07-16 99376]

S2 AGWinService;AG Windows Service;c:\programfiler\AGI\common\win32\pythonservice.exe [2008-09-19 10240]

S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]

S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [2008-06-22 83208]

S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [2008-06-22 15112]

S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [2008-06-22 108552]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-01-09 32000]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 19:56]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.online.no/

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Hanne\Programdata\Mozilla\Firefox\Profiles\d6eg0k46.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.online.no

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - component: c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Hanne\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-09 17:41:18

Windows 5.1.2600 Service Pack 3 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\programfiler\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programfiler\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

.

Tidspunkt ferdig: 2009-02-09 17:42:31

ComboFix-quarantined-files.txt 2009-02-09 16:42:30

Pre-Run: 9ÿ889ÿ873ÿ920 byte ledig

Post-Run: 13,689,946,112 byte ledig

191 --- E O F --- 2009-01-15 17:00:32

Så tilbake til mitt orginale spørsmål. Kiwi Toolbar, hvordan i søren får man tatt bort den?

Veldig takknemlig for eventuelle svar

Mvh Magmanthe

Endret 9. februar 2009 av magmanthe

Lenke til kommentar

r2d290

r2d290

Skrevet 9. februar 2009

- Del

Skrevet 9. februar 2009

Ut ifra loggene går jeg ut ifra at du mener kiwee toolbar?

Vi ser toolbaren i loggen til combofix, men prøv et av løsningene i denne tråden: http://www.pcanswers.co.uk/node/3162 og se om ikke noe av dette kan fungere først. Det enkle er ofte det beste

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...