Sliter med en toolbar som dukker opp

[stumpert]

Jeg har prøvd alt mulig får å få bort noe dritt som har dukket opp på PC'en min. Den toolbaren som viser trodde jeg endelig hadde klart å fjerne, men den dukket nå plutselig opp 45 minutt etter at jeg hadde restartet PC'en.

 

Når denne dukket opp fikk jeg og følgende meldinger fra Microsoft Antispyware

(det kom flere tilsvarende meldinger etterpå)

 

Jeg klikker block hver gang dette dukker opp, men like forbanna så blir URL'en endret.

 

Jeg kan poste HijackThis loggen også:

Logfile of HijackThis v1.99.1

Scan saved at 11:09:27, on 10.08.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\NetLimiter\NetLimiter.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\SYSTEM32\mspaint.exe

C:\Program Files\WS_FTP\WS_FTP95.exe

E:\Ole Jørgen\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.omozvfsjkhcbpooj.net/F9rJ2SQgal...G1/sk9uubRj.jpg

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xixnkgfpqeajcspwenttsg.info/F9r...kpqb2ao_TEU.php

F2 - REG:system.ini: UserInit=userinit.exe,

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {63B8AED1-4475-4FF4-A280-4B48572E1354} - http://www.buypass.no/Installasjoner/jnipc...ate_4.4.5.0.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab

O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[zjulik]

Kryss av og fiks i HijackThis:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.omozvfsjkhcbpooj.net/F9rJ2SQgal...G1/sk9uubRj.jpg

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xixnkgfpqeajcspwenttsg.info/F9r...kpqb2ao_TEU.php

 

Tøm tempmapper med f eks Crap Cleaner.

Omstart.

[Alastor]

Sjekk også igjennom microsoft antispyware sine avanserte verktøy, spesiellt oppstartslisten. Finner du noe der som ser mistenksomt ut, gjerne en exe-fil med navn sammensatt av noen vanlige engelske ord, blokker/slett denne.

 

Slett også alt annet du finner mistenkelig når du går igjennom alle de avanserte verktøyene.