owen Posted August 23, 2004 Share Posted August 23, 2004 Hej! Jag har en kompis som får in en massa elakingar så fort han kopplar upp sig mot nätet. Vi installerade AdAware och plockade bort vad det hittade samt installerade Zone Alarm gratisversion. Men problemen kvarstår. Det synliga problemet är att startsidan byts ut mot "about blank" vid varje start av IE. Bifogar loggfilen från HijackThis och hoppas någon kunnig vill kolla den och föreslå åtgärd. Hälsningar Owen Logfile of HijackThis v1.97.7 Scan saved at 12:23:44, on 2004-08-23 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Smartscaps.exe C:\Program\NORTON~1\navapw32.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\sp.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program\Microsoft Office 97\Office\FINDFAST.EXE C:\Program\Microsoft Office 97\Office\OSA.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\K-H\Skrivbord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {00BB61C2-EA8A-45D0-A875-565BE9F16460} - C:\WINDOWS\System32\ipp.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - HKCU\..\Run: [sp] C:\sp.exe O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office 97\Office\FINDFAST.EXE O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office 97\Office\OSA.EXE O4 - Global Startup: Certificate Mover.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [inlägget ändrat 2004-08-23 23:28:46 av owen] Link to comment Share on other sites More sharing options...
Zipp. Posted August 24, 2004 Share Posted August 24, 2004 Ladda ner Cwshredder http://koti.mbnet.fi/pattaya1/CWShredder1.59.1.exe Ladda ner APM och installera den http://www.diamondcs.com.au/index.php?page=apm Sätt dolda filer synliga titta här hur man gör http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339 Skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe Bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\K-H\LOKALA~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {00BB61C2-EA8A-45D0-A875-565BE9F16460} - C:\WINDOWS\System32\ipp.dll O4 - HKCU\..\Run: [sp] C:\sp.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe Öppna sedan APM och i övre fönster välj C:/Windows/Explorer.exe Välj den här filen i nedre fönster om den är synlig C:\WINDOWS\System32\ipp.dll Klicka på filen och välj Unload Dll. och Ok. Starta om sedan i felsäkert läge leta och ta bort filen sp.exe om den finns. Starta sen normalt och putsa med Cwshredder. Posta sen en ny Hijack logg Link to comment Share on other sites More sharing options...
owen Posted August 24, 2004 Author Share Posted August 24, 2004 Hej Zipp! Mycket tack för din hjälp. Datorn verkar vara helt OK efter de åtgärder du föreslog. Du har fått poäng. Hälsningar Owen Här följer ny logg: Logfile of HijackThis v1.97.7 Scan saved at 15:08:53, on 2004-08-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Smartscaps.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program\NORTON~1\navapw32.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\Program\Microsoft Office 97\Office\FINDFAST.EXE C:\Program\Microsoft Office 97\Office\OSA.EXE C:\Program\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [spyware Stormer] C:\Program\Spyware Stormer\SpywareStormer.Exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office 97\Office\FINDFAST.EXE O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office 97\Office\OSA.EXE O4 - Global Startup: Certificate Mover.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Link to comment Share on other sites More sharing options...
Zipp. Posted August 24, 2004 Share Posted August 24, 2004 Bocka i raden och stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe Ta bort sen filen wuamgrd.exe Link to comment Share on other sites More sharing options...
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.