Barry White Skrevet 24. juli 2004 Skrevet 24. juli 2004 (endret) Hei! Jeg har et problem med internet explorer, det virker som om det er et script som gjør følgende ting : 1. Når jeg starter internet explorer kommer det plutselig opp "handling avbrutt", og IE redirectes til en "search the web" side 2. Også når jeg trykker på linker skjer dette, handlingen avbrytes, og jeg kommer til den jævla søkesia me porno og mere til. i head, eller neppå task barn står det "about:blank trusted start page" Jeg har prøvd med Ad-Aware, Spybot og hijackthis. Her er min logg fra hijackthis: Logfile of HijackThis v1.97.7 Scan saved at 19:50:38, on 24.07.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\sstray.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe C:\Programfiler\D-Tools 3.46\daemon.exe C:\Programfiler\Winamp 2.91\Winampa.exe C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE C:\Programfiler\Logitech\ImageStudio\LogiTray.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\REGIST~1.3\RCrawler.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Programfiler\Common\Bin\WinCinemaMgr.exe C:\Programfiler\Logitech\ImageStudio\LowLight.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\Programfiler\NetLimiter 1.30\NetLimiter.exe C:\Programfiler\Adobe Premiere Pro 7\Adobe Premiere Pro.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\SmartFTP\SmartFTP.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {2545E3AB-050A-48EB-8B3F-FF2CEADB2172} - C:\WINDOWS\System32\hdh.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy 1.3\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NetLimiter] C:\Programfiler\NetLimiter 1.30\NetLimiter.exe /s O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools 3.46\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programfiler\Winamp 2.91\Winampa.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programfiler\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\REGIST~1.3\RCrawler.exe -TRAYONLY O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8169.4634143518 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab Noen som har no peil på hva jeg skal gjøre? Endret 17. september 2008 av Barry White
Syar-2003 Skrevet 24. juli 2004 Skrevet 24. juli 2004 La hjackthis fjerne disse : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\FOILLT~1\LOKALE~1\Temp\sp.html O2 - BHO: (no name) - {2545E3AB-050A-48EB-8B3F-FF2CEADB2172} - C:\WINDOWS\System32\hdh.dll (file missing) Hvis det ikke hjelper last ned cwshredder og rens med den . http://www.majorgeeks.com/download4086.html ....
Barry White Skrevet 24. juli 2004 Forfatter Skrevet 24. juli 2004 jeg gjorde noe anna, installerte explorer på nytt, da ble scriptet lei seg og begynte å skrike med feilmeldinger, deretter fant jeg navnet og sletta alle registernøkler med "backweb"
Syar-2003 Skrevet 24. juli 2004 Skrevet 24. juli 2004 Backweb har ikke noe med problemet du hadde å gjøre. Process File: backweb-8876480 or backweb-8876480.exe Process Name: Logitech Desktop Messenger Description: Comes with the software for Logitech products. Automatically checks for software upgrades and new products, services, and special offerings from Logitech. Company: Logitech System Process: No Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No .............
Barry White Skrevet 24. juli 2004 Forfatter Skrevet 24. juli 2004 oida....jeg sletta de jeg...men nå har faen tute meg scriptet kommet tilbake :'( buhuu
Syar-2003 Skrevet 24. juli 2004 Skrevet 24. juli 2004 cwshredder ...... Etter det spybot 1.3 , åpne det og enable immunize .
Barry White Skrevet 27. juli 2004 Forfatter Skrevet 27. juli 2004 altså nå har jeg prøvd : Spybot Ad-Aware SpySweeper Hijackthis CWShredder Jeg har fjerna "DSO Exploit" manuelt i registeret...men problemet er der enda. Jeg har alle windows update oppdateringer og norton antivirus 2004 oppdateringer oppdatert. Hva nå?!
Syar-2003 Skrevet 28. juli 2004 Skrevet 28. juli 2004 CWS.Aboutblank Variant 35: CWS.Aboutblank - It's just a fad Approx date first sighted: March 2, 2004 Log reference: Reconstruction Symptoms: IE pages changed to about-blank.ws and 213.159.118.226 (1-se.com), hijack returning on system restart Cleverness: 5/10 Manual removal difficulty: Involves some Registry editing and deleting a randomly named file Identifying lines in HijackThis log: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.ws/page/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.ws/ O1 - Hosts: 213.159.118.226 1-se.com O1 - Hosts: 213.159.118.226 58q.com O1 - Hosts: 213.159.118.226 aifind.cc O1 - Hosts: 213.159.118.226 aifind.info O1 - Hosts: 213.159.118.226 allneedsearch.com O1 - Hosts: 213.159.118.226 approvedlinks.com [..] O1 - Hosts: 213.159.118.226 www.wazzupnet.com O1 - Hosts: 213.159.118.226 www.websearch.com O1 - Hosts: 213.159.118.226 www.windowws.cc O1 - Hosts: 213.159.118.226 www.xgmm.com O1 - Hosts: 213.159.118.226 xwebsearch.biz O1 - Hosts: 213.159.118.226 yourbookmarks.ws O4 - HKLM\..\Run: [Network Service] C:\WINNT\svchost.exe-sr -0 O4 - HKCU\..\Run: [Network Service] C:\WINNT\svchost.exe-sr -0 O19 - User stylesheet: C:\WINNT\system32\xea2108l.9zt This variant does everything in its powers to redirect you to a domain owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to redirect about 100 porn and CWS domains to 1-se.com, and a randomly named stylesheet is dropped that redirects to 1-se.com when certain keywords appear in webpages. Restoring the IE pages by searching the Registry for about-blank.ws, removing the hosts file, the svchost.exe file in the Windows directory (the one in the System32 folder is legit) and the randomly named stylesheet (1079 or 1087 bytes in size) fixed this. http://www.spywareinfo.com/~merijn/cwschro...html#aboutblank Se i hosts filen under C:\windows\system32\drivers\etc Skal bare være localhost 127.0.0.1 som entry i den . Slett alt annet. Spybot : Bruker du versjon 1.3 , oppdaterer du den før scanning . Booter du windows til safemode når du sjekker , og skrur du av system restore (slik at restore points blir slettet , noe gjemmer seg der enkelte ganger , og det kommer igjen )
Barry White Skrevet 6. august 2004 Forfatter Skrevet 6. august 2004 Se i hosts filen under C:\windows\system32\drivers\etcSkal bare være localhost 127.0.0.1 som entry i den . Slett alt annet. hva skal du åpne fila med?
Syar-2003 Skrevet 6. august 2004 Skrevet 6. august 2004 Jøss har du sovet i en hel uke ... Åpne først notpad eller wordpad . Deretter filen (er en vanlig teks basert fil ) .
Barry White Skrevet 6. august 2004 Forfatter Skrevet 6. august 2004 ok, har nå prøvd å sjekke fila med notepad, bare den IP'en ja. Har og oppdatert Spybot og sjekka, men ingenting fremgang...skal jeg og gå i registeret eller?
Barry White Skrevet 9. august 2004 Forfatter Skrevet 9. august 2004 ingen som kan hjelpe meg? Dette search opplegget plager meg virkelig, og herper opp alt!
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå