Just nu i M3-nätverket
Jump to content

Kapad startsida


Guest idgadmin

Recommended Posts

Guest idgadmin

Hej

Trots Adaware och andra mirakelkurer är det förbaskat svårt att bli av med det elände som bara snor min startsida hela tiden. Efter att ha läst i detta forum har jag nu tankat hem Hijackthis och fått fram följande loggfil. Kan någon hjälpa mig att sortera ut vad som ska bort?

 

Logfile of HijackThis v1.98.0

Scan saved at 18:54:34, on 2004-07-14

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\Zanda.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\appdk.exe

C:\WINDOWS\system32\ntzh.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\WINDOWS\Explorer.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\SlySoft\CloneCD\CloneCDTray.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Java\j2re1.4.2_04\bin\jusched.exe

C:\NORMAN\Nvc\BIN\NYMSE.EXE

C:\NORMAN\Nvc\BIN\NIP.EXE

C:\Program\Real\RealPlayer\RealPlay.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Creative\MediaSource\Go\CTCMSGo.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program\SpywareGuard\sgmain.exe

C:\Program\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE

C:\Program\SpywareGuard\sgbhp.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Christer\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qaidm.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://azosw.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azosw.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azosw.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://azosw.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {24F78739-A22D-5617-763F-DB4FC94378C5} - C:\WINDOWS\system32\sdkzj32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [etshn] C:\WINDOWS\System32\etshn.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [OfferApp] C:\Program Files\OfferApp\OfferApp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\Run: [ntzh.exe] C:\WINDOWS\system32\ntzh.exe

O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\system32\appdk.exe

O4 - HKLM\..\RunOnce: [ipha32.exe] C:\WINDOWS\system32\ipha32.exe

O4 - HKLM\..\RunOnce: [sdkuq.exe] C:\WINDOWS\sdkuq.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Poss] C:\Documents and Settings\Christer\Application Data\etre.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program\Creative\MediaSource\Go\CTCMSGo.exe /SCB

O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program\NETGEAR\MA111 Configuration Utility\wlancfg.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

 

 

Link to comment
Share on other sites

titta lite närmare på dessa

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qaidm.dll/sp.html#96676

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/

 

Och sedan byt virusprogram fort Norman släpper genom mycket..

 

Scanna datorn omedelbart på denna länk nedan..

http://housecall.trendmicro.com/

 

Sedan sök efter Spy sweeper 3.0 och installera och köp sedan slipper du dessa problem i framtiden...

 

 

 

Uppdatera Mera :)

 

[inlägget ändrat 2004-07-14 20:46:19 av TalisMan]

Link to comment
Share on other sites

Jag är ingen expert på detta men följande ser konstigt ut...

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qaidm.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://azosw.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azosw.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azosw.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://azosw.dll/index.html#96676

O2 - BHO: (no name) - {24F78739-A22D-5617-763F-DB4FC94378C5} - C:\WINDOWS\system32\sdkzj32.dll

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Titta närmare på?

Den andra - http://10.0.0.6 är den startsida jag vill ha.

Någon som kan instruera mig vidare?

Är det samma gäng som först smittar och sedan erbjuder bot för en peng - eller är jag bara onormalt konspiratorisk?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...