Just nu i M3-nätverket
Jump to content

Får in elakingar


owen

Recommended Posts

Hej!

 

Jag har en kompis som får in en massa elakingar så fort han kopplar upp sig mot nätet.

 

Vi installerade AdAware och plockade bort vad det hittade samt installerade Zone Alarm

gratisversion. Men problemen kvarstår.

 

Det synliga problemet är att startsidan byts ut mot "about blank" vid varje start av IE.

 

Bifogar loggfilen från HijackThis och hoppas någon kunnig vill kolla den och föreslå

åtgärd.

 

Hälsningar

 

Owen

 

Logfile of HijackThis v1.97.7

Scan saved at 12:23:44, on 2004-08-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\sp.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Microsoft Office 97\Office\FINDFAST.EXE

C:\Program\Microsoft Office 97\Office\OSA.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\K-H\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {00BB61C2-EA8A-45D0-A875-565BE9F16460} - C:\WINDOWS\System32\ipp.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe

O4 - HKCU\..\Run: [sp] C:\sp.exe

O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office 97\Office\FINDFAST.EXE

O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office 97\Office\OSA.EXE

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

 

[inlägget ändrat 2004-08-23 23:28:46 av owen]

Link to comment
Share on other sites

Ladda ner Cwshredder

 

http://koti.mbnet.fi/pattaya1/CWShredder1.59.1.exe

 

Ladda ner APM och installera den

 

http://www.diamondcs.com.au/index.php?page=apm

 

 

Sätt dolda filer synliga titta här hur man gör

 

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

 

 

 

Skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe

 

Bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {00BB61C2-EA8A-45D0-A875-565BE9F16460} - C:\WINDOWS\System32\ipp.dll

O4 - HKCU\..\Run: [sp] C:\sp.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe

 

 

Öppna sedan APM och i övre fönster välj C:/Windows/Explorer.exe

Välj den här filen i nedre fönster om den är synlig

C:\WINDOWS\System32\ipp.dll

Klicka på filen och välj Unload Dll. och Ok.

 

Starta om sedan i felsäkert läge leta och ta bort filen

 

sp.exe

 

om den finns.

 

Starta sen normalt och putsa med Cwshredder.

 

Posta sen en ny Hijack logg

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Hej Zipp!

 

Mycket tack för din hjälp.

Datorn verkar vara helt OK efter de

åtgärder du föreslog.

Du har fått poäng.

 

Hälsningar

Owen

 

Här följer ny logg:

 

Logfile of HijackThis v1.97.7

Scan saved at 15:08:53, on 2004-08-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Microsoft Office 97\Office\FINDFAST.EXE

C:\Program\Microsoft Office 97\Office\OSA.EXE

C:\Program\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [spyware Stormer] C:\Program\Spyware Stormer\SpywareStormer.Exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe

O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office 97\Office\FINDFAST.EXE

O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office 97\Office\OSA.EXE

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

 

 

 

Link to comment
Share on other sites

Bocka i raden och stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe

 

Ta bort sen filen

 

wuamgrd.exe

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...