Just nu i M3-nätverket
Jump to content

about:blank


Hagbard

Recommended Posts

Finns det verkligen ingen som kan lösa problemet med kapad startsida.

Jag är drabbad ännu en gång.

ADaware och diverse andra verktyg hittar ju inte detta problem.

Förra gången fick jag hjälp av en klok "inläggare" som sa:

Starta om i felsäkert läge.

Kör virusscanning.

Gå till .txt-filen "den och den" och ta bort en IP-adress som skapats. (det ska bara vara en IP-adress kvar).

Jag, min idiot, noterade inte vad .txt-filen hetta, kommer inte ihåg var jag hittade inlägget, vet bara att jag blev av med "Search the web".

Någon som kan friska upp minnet?

 

 

Link to comment
Share on other sites

Here it is!

 

Logfile of HijackThis v1.98.2

Scan saved at 16:07:44, on 04-10-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program\Winamp3\winampa.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Real\Update_OB\rnathchk.exe

C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\PC\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PC\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///C:/Documents%20and%20Settings/PC/Mina%20dokument/Hemsidor/startsidan/index.html"); (C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\n8ykdwmt.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\n8ykdwmt.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6C580465-3B26-4E19-A295-FB18D33449A8} - C:\WINDOWS\System32\hngnah.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [WebInstall2] C:\DOCUME~1\PC\LOKALA~1\Temp\ins5CF.tmp /R

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [Miconrec] C:\Program\Miconrec\conspy.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9701F900-7759-4A8A-95FE-9499689EBC02}: NameServer = 195.67.199.30 195.67.199.31

O18 - Filter: text/html - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

O18 - Filter: text/plain - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

 

 

 

Link to comment
Share on other sites

 

Ladda ner DllCompare.exe

 

http://download.broadbandmedic.com/DllCompare.exe

 

 

Öppna den och klicka Run Locate.com

Sen klicka Compare och vänta tills den analyserar färdigt

Sen klicka Make Log of what was found

 

 

Sen kopiera texten nedan i notepad

 

 

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv

ren windows1.hiv windows.txt

 

 

Spara den på skrivbordet med namn Appinit.bat

i Filformat sätter du alla filer

 

Sen dubbelklicka på Appinit.bat på skrivbordet och ut kommer windows.txt logg.

 

Kopiera båda loggar och skicka hit dom

 

DllCompare logg

windows.txt logg

 

 

 

Link to comment
Share on other sites

Logfiler

 

* DLLCompare Log version(1.0.0.125)

Files Found that Windows does not See or cannot Access

*Not everything listed here means you are infected!

________________________________________________

 

O^E says: "There were no files found :)"

________________________________________________

 

1 287 items found: 1 287 files, 0 directories.

Total of file sizes: 257 513 576 bytes 245,58 M

 

Administrator Account = True

 

--------------------End log---------------------

 

 

 

 

och

 

 

 

regf

 

 

hmm... konstigt, eller?

 

Link to comment
Share on other sites

 

>regf

 

hmm... konstigt, eller?<

 

 

Alltså du har kopierat bara överdelen av windows.txt loggen.

Titta längre ner och kopiera hit det.

 

Skicka också en ny Hijack logg.

 

 

Link to comment
Share on other sites

Nytt försök. Lika konstigt??!!

 

* DLLCompare Log version(1.0.0.125)

Files Found that Windows does not See or cannot Access

*Not everything listed here means you are infected!

________________________________________________

 

O^E says: "There were no files found :)"

________________________________________________

 

1 287 items found: 1 287 files, 0 directories.

Total of file sizes: 257 513 576 bytes 245,58 M

 

Administrator Account = True

 

--------------------End log---------------------

 

 

Logfile of HijackThis v1.98.2

Scan saved at 21:20:43, on 04-10-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Winamp3\winampa.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe

c:\program\intern~1\iexplore.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Real\Update_OB\rnathchk.exe

C:\Documents and Settings\PC\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yzeumqfvaqtywyixjl.net/0ITliMaZhJeWDce4HEsqmNsq5PxlvPQnjXipmgNKKEJsBIJFtzOMnzjAZHcCK//H.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///C:/Documents%20and%20Settings/PC/Mina%20dokument/Hemsidor/Startsidan/index.html"); (C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\n8ykdwmt.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\n8ykdwmt.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5A8679A3-E1E2-900B-EDD4-CC2911653A84} - C:\DOCUME~1\PC\APPLIC~1\ABOUTS~1\ONE 64.exe

O2 - BHO: (no name) - {6C580465-3B26-4E19-A295-FB18D33449A8} - C:\WINDOWS\System32\hngnah.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [WebInstall2] C:\DOCUME~1\PC\LOKALA~1\Temp\ins5CF.tmp /R

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [Miconrec] C:\Program\Miconrec\conspy.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [site team slow obj] C:\Documents and Settings\All Users\Application Data\partbaitsiteteam\Win Roam.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [castsafe] C:\DOCUME~1\PC\APPLIC~1\CLOSES~1\IDLE GLOBAL OOZE.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9701F900-7759-4A8A-95FE-9499689EBC02}: NameServer = 195.67.199.30 195.67.199.31

O18 - Filter: text/html - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

O18 - Filter: text/plain - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

 

 

---------------------------------

 

 

 

regf Pugf hbin ¨ÿÿÿnk, Š X›Ä ÿÿÿÿ ÿÿÿÿÿÿÿÿ ° x ÿÿÿÿ 0 8 ¡Q Windowsýÿÿÿsk x x Ô „¸ È ¤ ! € ! ? ? Øÿÿÿvk € fùAppInit_DLLsÖ?æG h Ðÿÿÿvk È ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 Ø(ÍWðÿÿÿ9 0 Ð Ðÿÿÿvk €' zGDIProcessHandleQuota"þàÿÿÿvk 8 °ºSpooler2ðÿÿÿy e s , h ˜ è ` àÿÿÿvk € =pswapdiskÐÿÿÿvk Ø R¿TransmissionRetryTimeoutàÿÿÿh ˜ è ` € Ð Ðÿÿÿvk €' ìäUSERProcessHandleQuotaá

 

 

Link to comment
Share on other sites

 

Ok ingen dold fil.

Avinstallera via Kontrollpanelen

 

P2P Networking

MessengerPlus3

 

 

Ladda ner och installera APM

 

http://www.diamondcs.com.au/index.php?page=apm

 

 

Skippa inte detta

 

Skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe

 

Sätt dolda filer synliga titta här hur man gör

 

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20020927

15262339

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yzeumqfvaqtywyixjl.net/0ITliMaZhJeWDce4HEsqmNsq5PxlvPQ

njXipmgNKKEJsBIJFtzOMnzjAZHcCK//H.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {5A8679A3-E1E2-900B-EDD4-CC2911653A84} - C:\DOCUME~1\PC\APPLIC~1\ABOUTS~1\ONE 64.exe

O2 - BHO: (no name) - {6C580465-3B26-4E19-A295-FB18D33449A8} - C:\WINDOWS\System32\hngnah.dll

O4 - HKLM\..\Run: [WebInstall2] C:\DOCUME~1\PC\LOKALA~1\Temp\ins5CF.tmp /R

O4 - HKLM\..\Run: [Miconrec] C:\Program\Miconrec\conspy.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [site team slow obj] C:\Documents and Settings\All Users\Application Data\partbaitsiteteam\Win Roam.exe

O4 - HKCU\..\Run: [castsafe] C:\DOCUME~1\PC\APPLIC~1\CLOSES~1\IDLE GLOBAL OOZE.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O18 - Filter: text/html - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

O18 - Filter: text/plain - {E01BC2D7-618B-4086-B769-8B5DC0E5119B} - C:\WINDOWS\System32\hngnah.dll

 

 

Sen öppna APM och i övre fönster klicka på

C:/Windows/explorer.exe

 

Nedre fönster väljer du detta

 

C:\WINDOWS\System32\hngnah.dll

 

Klicka på filen och Unload Dll och Ok.

Stäg av APM sen.

 

 

Starta sen i felsäkert läge sök och ta bort

 

hngnah.dll

P2P Networking.exe

 

C:\Program\Miconrec\conspy.exe

- ta bort Miconrec mappen

 

C:\Program\Messenger Plus! 3\MsgPlus.exe"

- ta bort Messenger Plus! 3 mappen

 

C:\Documents and Settings\All Users\Application Data\partbaitsiteteam\Win Roam.exe

- ta bort partbaitsiteteam mappen

 

C:\DOCUME~1\PC\APPLIC~1\CLOSES~1\IDLE GLOBAL OOZE.exe

- ta bort CLOSES~1 mappen

 

 

Sen töm alla Temp mappar.

 

Starta sen normalt och putsa med Cwshredder och Ad-Aware.

 

Skicka sen en ny Hijack logg.

 

 

 

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...