Just nu i M3-nätverket
Jump to content

startsida theuptodatesafety.com


Mellby

Recommended Posts

 

Jag har problem med följande:

 

Varje gång jag startar internet explorer kommer jag till sidan theuptodatesafety.com, detta trots att jag har www.google.se som startsida.

 

Fick tips om att ändra startsida i registereditorn. Har gjort detta. Hjälper inte.

 

Kan någon hjälpa mig?

 

 

 

Link to comment
Share on other sites

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:21:04, on 2006-09-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\WinMediaCodec\isamonitor.exe

C:\Program\WinMediaCodec\pmsngr.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program\WinMediaCodec\isamini.exe

C:\Program\QuickTime\qttask.exe

C:\Program\WinMediaCodec\pmmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program\WinMediaCodec\isaddon.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.0002.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144088536031

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - (no file)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

[/log]

 

Link to comment
Share on other sites

 

Ladda ner SmitfraudFix på skrivbordet och unzippa den där.

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Starta sen datorn i felsäkert läge.

 

Efter det öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Skicka sen C:\rapport.txt och en ny Hijack logg

 

 

Link to comment
Share on other sites

SmitFraudFix v2.99

 

Scan done at 18:37:15,03, 2006-09-25

Run from C:\Documents and Settings\Bj”rn\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\1024\ Deleted

C:\Documents and Settings\Bj”rn\Application Data\Install.dat Deleted

C:\Documents and Settings\Bj”rn\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk Deleted

C:\DOCUME~1\BJRN~1\START-~1\Program\SpywareQuake Deleted

C:\Program\vb\ Deleted

C:\Program\WinMediaCodec\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:45:20, on 2006-09-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.0002.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144088536031

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

[/log]

 

 

Link to comment
Share on other sites

 

Loggar är ok och dessa kan du lungt ta bort från autostart.

 

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

 

skriv i Kör fältet msconfig och ok

sen autostart och bocka av dom.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...