Sliter med pop-ups etc.

[stumpert]

Legger ved logfilen til HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:38:26, on 03.08.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\SYSTEM32\spider.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\GameDeviceDriver\RFPIcon.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\NetLimiter\NetLimiter.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe

C:\Program Files\GameDeviceDriver\RFPIcon.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\NetLimiter\NetLimiter.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Music Manager\OD2State.exe

C:\Program Files\Messenger\msmsgs.exe

E:\Ole Jørgen\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Load Itch] C:\DOCUME~1\OLEJRG~1\APPLIC~1\BODYER~1\Lite Slow Amok.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.start.no

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {63B8AED1-4475-4FF4-A280-4B48572E1354} - http://www.buypass.no/Installasjoner/jnipc...ate_4.4.5.0.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Problemet mitt er at det dukker opp en del pop-ups når jeg surfer. Har fått en Search bar som dukker opp nederst som et egen IE vindu (den vises ikke på taskbaren, men dersom jeg bruker alt+tab.)

Har fått en toolbar øverst i IE. Når jeg lukker denne får jeg beskjed om at den kan avistalleres under ControlPanel, men jeg finner den ikke der.

 

Følgende ikoner dukker opp på desktopen:

- My Antivirus Update

- Find a Date

- Casino Online

- Tune Up My PC

- Cellphone Ringtones

 

Jeg har prøvd de fleste spy/ad programmer (Spybot S&D, Ad-aware,Spy Sweeper og Microsoft Anti Spyware, men ingenting ser ut til å klare å stoppe det.) Det kan forsvinne, men dukker opp igjen etter neste restart.

 

Jeg lånte bort PC'en min og MSN Plus var blitt installert, og jeg tror det var etter dette problemene dukket opp.

 

Noen som kan hjelpe meg med dette?

[zjulik]

Du får begynne med å be HijackThis fikse denne - kryss av for sletting:

 

O4 - HKCU\..\Run: [Load Itch] C:\DOCUME~1\OLEJRG~1\APPLIC~1\BODYER~1\Lite Slow Amok.exe

 

Etter det bør du seriøst vurdere en gjennomgang av alle prosessene som starter med maskinen din - loggen er lang som et vondt år. Mye av det som går hos deg er fullstendig unødvendig.

[Alastor]

MSN Plus er synderen her ja.

 

En venninne av meg hadde samme problemet, og ingen antispywareprogrammer klarte å fikse det automatisk.

 

Men, ved å gå inn i ms antispyware sine avanserte verktøy, og se på oppstartslisten der, så fant vi et program som het bike.exe, ved å hindre det i å starte opp slapp man problemet, og fikk endelig fjerna alt.

 

Så se etter programmer i den listen som ikke skal være der, eller med rare navn og lignende, som du VET ikke har noen funksjon. For det programmet gjenoppretter spywaren.

[Goscinny]

Hvor ser man ALLE programmer som durer og går ikke bare dei som står i TaskManager)?

 

Har ikke Hijack this

[Alastor]

Oppgavebehandling skal vise alle...

 

Om du ikke har hijackthis så last det ned da vel? .

 

Ms antispyware kan også gi oversikt og råd ang kjørende prosesser.