Ulsy Posted March 30, 2005 Share Posted March 30, 2005 Hej! Har fått något galet i datorn. Det jag kan förknippa till detta är: StarPage.gr.dll Dldr.TW.DLL se.dll Vad kan detta vara? Link to comment Share on other sites More sharing options...
Zipp. Posted March 30, 2005 Share Posted March 30, 2005 Troligtvis en hijacker Ladda ner HijackThis.exe och scanna datorn med det. Skicka hit loggen sen så tar vi en titt vad som finns där. http://koti.mbnet.fi/pattaya1/HijackThis.exe Link to comment Share on other sites More sharing options...
Ulsy Posted March 30, 2005 Author Share Posted March 30, 2005 Här är loggen från hijack this. Hur gör vi nu? [log] Logfile of HijackThis v1.99.1 Scan saved at 17:14:15, on 2005-03-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program\AVPersonal\AVGUARD.EXE C:\Program\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\gearsec.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\VeriSign\NAVI\naviagent.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Smtray.exe C:\WINNT\system32\Promon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\QuickTime\qttask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Delade filer\eAcceleration\eanthology.exe C:\Program\AVPersonal\AVGNT.EXE C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\WINNT\system32\ctfmon.exe C:\Program\WinZip\WZQKPICK.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program\Palm\HOTSYNC.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINNT\System32\HPZipm12.exe C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\SMR\Skrivbord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL (file missing) O1 - Hosts: 60.50.170.0 O1 - Hosts: 60.50.170.0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - (no file) O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O2 - BHO: (no name) - {FF12D6BB-2C49-4647-B29A-26C76D3C8EE4} - C:\WINNT\system32\omja.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\googlenav.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [smapp] Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Opware12] "C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [EanthologyApp] "C:\Program\Delade filer\eAcceleration\eanthology.exe" /b Startup O4 - HKLM\..\Run: [AVGCtrl] "C:\Program\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [CreateCD] C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsimilar.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp'>http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://212.209.141.125/iNotes6.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/sv/big/1.1.62-big/GoogleNav.cab O16 - DPF: {DF261D01-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v2.1 [sVE]) - https://eredovisning2.postgirot.se/ddrint/content/iejpwsve.cab O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab O18 - Filter: text/html - {6C43AA0E-8373-4A23-9C9D-D921E879A135} - C:\WINNT\system32\omja.dll O18 - Filter: text/plain - {6C43AA0E-8373-4A23-9C9D-D921E879A135} - C:\WINNT\system32\omja.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Gear-säkerhetstjänster (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program\VeriSign\NAVI\naviagent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe [/log] Link to comment Share on other sites More sharing options...
Zipp. Posted March 30, 2005 Share Posted March 30, 2005 Ladda ner SpSeHjfix110.exe http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix Sen öppna och klicka på start disinfection När den har scannat klart så startas datorn om. Skicka en ny Hijack logg när datorn har startat om. [inlägget ändrat 2005-03-30 18:17:36 av Zipp.] Link to comment Share on other sites More sharing options...
Ulsy Posted March 30, 2005 Author Share Posted March 30, 2005 Har nu kört SpSeHjfix110.exe och fixat lite i felsäkertläge. Här är en ny Hijack logg: SpSeHjfix110.exe Logfile of HijackThis v1.99.1 Scan saved at 21:27:17, on 2005-03-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program\AVPersonal\AVGUARD.EXE C:\Program\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\gearsec.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\VeriSign\NAVI\naviagent.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Smtray.exe C:\WINNT\system32\Promon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\QuickTime\qttask.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program\iPod\bin\iPodService.exe C:\Program\AVPersonal\AVGNT.EXE C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\WINNT\system32\ctfmon.exe C:\Program\WinZip\WZQKPICK.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program\Palm\HOTSYNC.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINNT\System32\HPZipm12.exe C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRAM\WINZIP\winzip32.exe C:\Documents and Settings\SMR\Lokala inställningar\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL (file missing) O1 - Hosts: 60.50.170.0 O1 - Hosts: 60.50.170.0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - (no file) O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\googlenav.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [smapp] Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Opware12] "C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [CreateCD] C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsimilar.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://212.209.141.125/iNotes6.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/sv/big/1.1.62-big/GoogleNav.cab O16 - DPF: {DF261D01-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v2.1 [sVE]) - https://eredovisning2.postgirot.se/ddrint/content/iejpwsve.cab O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Gear-säkerhetstjänster (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program\VeriSign\NAVI\naviagent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe Var gång jag öppnar en IE eller utforskaren kommer ett meddelande om att "De aktuella säkerhetsinställningarna tillåter inte att Active-X-kontroller körs på den här sidan" Vad gör man åt det? Link to comment Share on other sites More sharing options...
Zipp. Posted March 30, 2005 Share Posted March 30, 2005 Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked [log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SMR\LOKALA~1\Temp\se.dll/spage.html R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINNT\System32\SEARCH~1.DLL (file missing) O1 - Hosts: 60.50.170.0 O1 - Hosts: 60.50.170.0 O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm Sen töm denna Temp mappen C:\DOCUME~1\SMR\LOKALA~1\Temp\ < > Vad gör man åt det? < Tror att det är nån inställning här Verktyg > Internet-alternativ > Säkerhet Vet inte exakt vilken,pröva med Normal[/log] Link to comment Share on other sites More sharing options...
Ulsy Posted March 30, 2005 Author Share Posted March 30, 2005 Tack! Nu har jag "fixat" de rader som Du skrev. Har fortfarande problem när jag går in i utforskaren, mapparna på vänstersidan syns men jag kan inte se filerna på höger sida och så kommer samma medelande upp som tidigare. Här är senaste logg: Logfile of HijackThis v1.99.1 Scan saved at 22:37:02, on 2005-03-30 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program\AVPersonal\AVGUARD.EXE C:\Program\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\gearsec.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\VeriSign\NAVI\naviagent.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Smtray.exe C:\WINNT\system32\Promon.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\QuickTime\qttask.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program\iPod\bin\iPodService.exe C:\Program\AVPersonal\AVGNT.EXE C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\WINNT\system32\ctfmon.exe C:\Program\WinZip\WZQKPICK.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program\Palm\HOTSYNC.EXE C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINNT\System32\HPZipm12.exe C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRAM\WINZIP\winzip32.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\googlenav.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [smapp] Smtray.exe O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Opware12] "C:\Program\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [CreateCD] C:\Program\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsimilar.html O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_0.dll O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://212.209.141.125/iNotes6.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/sv/big/1.1.62-big/GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {DF261D01-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v2.1 [sVE]) - https://eredovisning2.postgirot.se/ddrint/content/iejpwsve.cab O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Gear-säkerhetstjänster (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program\VeriSign\NAVI\naviagent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe Link to comment Share on other sites More sharing options...
Zipp. Posted March 30, 2005 Share Posted March 30, 2005 Loggen är ok. Tyvärr har ingen svar till det andra. Link to comment Share on other sites More sharing options...
Cecilia Posted March 31, 2005 Share Posted March 31, 2005 Var gång jag öppnar en IE eller utforskaren kommer ett meddelande om att "De aktuella säkerhetsinställningarna tillåter inte att Active-X-kontroller körs på den här sidan" Sökte lite på nätet hittade lite olika förslag: Try this: Tools > Internet Options > Advanced > Browsing Uncheck the Enable 3rd party browser extensions internet alt>säkerhet>intenet>(välj)aktuell nivå>aktivera kör active-x kontroller Säger dig de här sidorna något: http://support.microsoft.com/default.aspx?scid=kb;en-us;833633 http://electra.cs.ucy.ac.cy/helpdesk/scripts/myanswer.asp?which=2157 http://channel9.msdn.com/User/Profile.aspx?UserID=7291&viewtype=1 Link to comment Share on other sites More sharing options...
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.