Monshi Posted June 30, 2004 Share Posted June 30, 2004 About:blank terrorriserar min datorn, likt många andras. Nu nyttjar jag Forefox så något jätteproblem för mig är det inte. Det har även fått andra i hemmet att äntligen överge IE. Men till saken - man vil ju inte ha någon form av spy/ad/virus/trojan/... i datorn. Dags att kontrollera burken med andra ord. Men - Housecall Online virusscan kraschar IE! http://housecall.antivirus.com/housecall/start_corp.asp Och när jag ska testa SpywareBlaster, som Esc skrivit om i annan tråd, går det ej att starta det nyinstallerade programmet. "Programmet ändrat, virus eller skadad sektor trolig orsak. Installera om programmet". Ungefär det står i en dialogruta. Och när jag skulle starta upp min gamla installation av SpyBot, ja då var det något fel på en .dll-fil. En nyinstallation löste dock detta. Men, på det hela, lite för många konstigheter i datorn... Låter nu Norton AV gå igenom datorn, men betvivlar att något kommer att hittas. Har kört AdAware, SpyBot, CWSchredder, HijackThis och StartUpList. Lite smågrejer hittas alltid av AdAware och SpyBot och CWschredder rensade bort något. Men i Hijackthis och Startuplist hittas ingenting konstigt. Vart vill jag komma med detta inlägg? Jo Har Housecall problem? Krävs viss version av Java eller dylikt för att den ska fungera? Har Java 1.3.1_12. IE kraschar, Firefox stöds ej. Några problem med den upplaga av Spywareblaster som finns att ladda hem idag? About:Blank - återkommer ibland, utan att någon surfat/nyttjat IE. Inte vid varje omstart av datorn eller omstart av IE, men ibland. Kanske en gång per dag eller dylikt. Någon som listat ut vad/vilka det är som ligger bakom about:blank? De ActiveX-kontroller som IE laddat hem - kan man rakt av radera alla dessa eller är det något man bör spara? Gissar att om IE saknar något tar den bara och laddar hem det igen, eller kan jag skada IE genom att ta bort något där? Ok, några loggar kan jag även ge er. Jag ser inte att jag lämnat något misstänkt kvar där, men kanske: [log]Logfile of HijackThis v1.97.7 Scan saved at 11:32:23, on 2004-06-30 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program\Norton Internet Security\SymProxySvc.exe C:\Program\Norton Internet Security\NISSERV.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program\NORTON~1\navapw32.exe C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\rundll32.exe C:\Program\Internet\DU Meter\DUMeter.exe C:\Program\Norton Internet Security\IAMAPP.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program\girder32\Girder.exe C:\Program\Internet\Mozilla Firefox 0.9\firefox.exe c:\Program\Delade filer\Symantec Shared\NMain.exe c:\Program\NORTON~1\navw32.exe c:\Program\Norton AntiVirus\QSERVER.EXE C:\Program\Internet\Thunderbird\thunderbird.exe C:\Documents and Settings\Tomas\Skrivbord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NAV Agent] c:\Program\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] C:\Program\Internet\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\Program\Symantec\LIVEUP~1\SNDMon.EXE O4 - Startup: Girder3.lnk = C:\Program\girder32\Girder.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Informationshanteraren (HKLM) O12 - Plugin for .bcf: C:\Program\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab'>http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB'>http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab'>http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab'>http://office.microsoft.com/productupdates/content/opuc.cab'>http://office.microsoft.com/productupdates/content/opuc.cab'>http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/184b21c2fcdfab0fb006/netzip/RdxIE601.cab'>http://207.188.7.150/184b21c2fcdfab0fb006/netzip/RdxIE601.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab'>http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37590.2662962963'>http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37590.2662962963 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab'>http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab'>http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab'>http://www.creative.com/SU/ocx/12119/CTPID.cab[/log] [log]StartupList report, 2004-06-30, 11:32:47 StartupList version: 1.52 Started from : C:\Documents and Settings\Tomas\Skrivbord\StartupList.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program\Norton Internet Security\SymProxySvc.exe C:\Program\Norton Internet Security\NISSERV.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program\NORTON~1\navapw32.exe C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\rundll32.exe C:\Program\Internet\DU Meter\DUMeter.exe C:\Program\Norton Internet Security\IAMAPP.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program\girder32\Girder.exe C:\Program\Internet\Mozilla Firefox 0.9\firefox.exe c:\Program\Delade filer\Symantec Shared\NMain.exe c:\Program\NORTON~1\navw32.exe c:\Program\Norton AntiVirus\QSERVER.EXE C:\Program\Internet\Thunderbird\thunderbird.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Tomas\Skrivbord\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Tomas\Start-meny\Program\Autostart] Girder3.lnk = C:\Program\girder32\Girder.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run hpsysdrv = c:\windows\system\hpsysdrv.exe KBD = C:\HP\KBD\KBD.EXE Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE PS2 = C:\WINDOWS\system32\ps2.exe NAV Agent = c:\Program\NORTON~1\navapw32.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit DU Meter = C:\Program\Internet\DU Meter\DUMeter.exe iamapp = C:\Program\Norton Internet Security\IAMAPP.EXE WINDVDPatch = CTHELPER.EXE CTHelper = CTHELPER.EXE -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Symantec NetDriver Monitor = C:\Program\Symantec\LIVEUP~1\SNDMon.EXE -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run MMTray2k = MMTray2k.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\SETIHOME.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NAV Helper - c:\Program\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: QSD.job Symantec NetDetect.job tomas_backup.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program\Apps\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab [OPUCatalog Class] InProcServer32 = C:\WINDOWS\System32\opuc.dll CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab [RdxIE Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll CODEBASE = http://207.188.7.150/184b21c2fcdfab0fb006/netzip/RdxIE601.cab [OPUCatalog Class] InProcServer32 = C:\WINDOWS\System32\opuc.dll CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab [update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37590.2662962963 [symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Microsoft Office Tools on the Web Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL CODEBASE = http://dgl.microsoft.com/downloads/outc.cab [Creative Software AutoUpdate Support Package] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx CODEBASE = http://www.creative.com/SU/ocx/12119/CTPID.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\Program\internet\NetLimiter\nl_lsp.dll Protocol #2: C:\Program\internet\NetLimiter\nl_lsp.dll Protocol #3: C:\Program\internet\NetLimiter\nl_lsp.dll Protocol #4: C:\Program\internet\NetLimiter\nl_lsp.dll Protocol #5: C:\Program\internet\NetLimiter\nl_lsp.dll Protocol #21: C:\Program\internet\NetLimiter\nl_lsp.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\Tomas\LOKALA~1\Temp\_iu14D2N.tmp -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll --------------------------------------------------[/log] /T Even when we know we´ll never find the answers, we have to keep on asking questions. [inlägget ändrat 2004-06-30 11:37:51 av Monshi] Link to comment Share on other sites More sharing options...
Stefan Eklinder Posted June 30, 2004 Share Posted June 30, 2004 Besvärande problem det där. Jag provade köra Housecall i mitt IE, men det kraschade inte alls. Lät det bara ladda in så att jag kunde se vyn med mina hårddiskar och det gick bra hela vägen. Får folk den där skumma startsidan auto:blank från någon speciell sida eller är det något folk sitter och klickar "JA" på och får in i datorn? Det är rena hysterin härinne med just den sidan. :-) --- C:\Eforum\Stefan Eklinder>| Boota datorn: ge den en sked hostmedicin när den hackar för mycket. Link to comment Share on other sites More sharing options...
Monshi Posted June 30, 2004 Author Share Posted June 30, 2004 Nu kanske jag tagit ett steg i rätt rikting. Körde PandaSofts onlinescanner. Den hittar givetvis ett antal virus, några e-postbilagor som jag redan tror att Norton tagit hand om samt ett som Norton helt verkar ha missat! Nämligen denna: http://www.pandasoftware.com/virus_info/encyclopedia/ficha.aspx?iddeteccion=105595 Av vad jag läser där ser jag att denna trojan troligen var orsaken till de problem som funnits(?) med IE i denna dator, dvs About:Blank. Intressant att att Norton AV ignorerade denna trojan... /T Even when we know we´ll never find the answers, we have to keep on asking questions. Link to comment Share on other sites More sharing options...
.thumb.JPG.a7f98fcf4231ab407810fba3dc9b4085.JPG)
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
.thumb.JPG.3e82d4144efd88a901bb8d25a8b2e943.JPG)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.