Hjælp til fjernelse af Hijack

Af Superbruger Lerdue | 07-12-2004 23:03 | 876 visninger | 1 svar, hop til seneste

Hej Jeg har mega problemer med nogle popup fra et poker porn site Her er min ijackthis log hvad kan jeg fjerne for at stoppe dette problem? log Logfile of HijackThis v1.98.2 Scan saved at 20:23:26, on 07-12-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:PROGRA~1NORTON~1 avapw32.exe C:Program FilesNetLimiterNetLimiter.exe C:WINDOWSSystem32 mctrl.exe C:Program FilesNorton Personal FirewallIAMAPP.EXE C:WINDOWSSystem32ctfmon.exe C:Program FilesWinTVIr.exe C:Program FilesSpeedFanspeedfan.exe C:Program FilesNorton AntiVirus avapsvc.exe C:Program FilesNorton Personal FirewallNISUM.EXE C:WINDOWSSystem32 vsvc32.exe C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe C:WINDOWSSystem32wdfmgr.exe C:Program FilesNorton Personal FirewallNISSERV.EXE C:Program FilesNorton Personal FirewallSymProxySvc.exe C:Program FilesNorton Personal FirewallATRACK.EXE C:Program FilesMessengermsmsgs.exe C:Program FilesInternet Exploreriexplore.exe C:WINDOWSSystem32odcfg.exe C:WINDOWSSystem32getdns.exe F:ProgramAdAwarehijackthis.exe R1 - HKCUSoftwareMicrosoftInternet Explorer,(Default) = http://fastsearchweb.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = *new-search.net*;*x-google.net* R3 - Default URLSearchHook is missing O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:WINDOWSSystem32iecust.dll O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1 avapw32.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [NetLimiter] C:Program FilesNetLimiterNetLimiter.exe /s O4 - HKLM..Run: [RemoteControl] C:WINDOWSSystem32 mctrl.exe O4 - HKLM..Run: [iamapp] C:Program FilesNorton Personal FirewallIAMAPP.EXE O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - Startup: SpeedFan.lnk = C:Program FilesSpeedFanspeedfan.exe O4 - Global Startup: AutoStart IR.lnk = C:Program FilesWinTVIr.exe O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.aalsem.dk[...] O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtmlile://C:foo.mht! http://82.179.166.145[...] O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com[...] O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com[...] venlig hilsen Lerdue
--

ecs k7a5s xp1900 60gb deskstar 80gb seagate 512mb samsung pc2700 daytona gf4 ti4200

#1
Kim In Chul
Mega Supporter
07-12-2004 23:34

Rapporter til Admin

Hej der er lidt som skal fikses... Start med at deaktivere systemgendannelsen: Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Åbn Hijackthis => Scan og så sæt flueben ud foran: R1 - HKCUSoftwareMicrosoftInternet Explorer,(Default) = http://fastsearchweb.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = *new-search.net*;*x-google.net* R3 - Default URLSearchHook is missing O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:WINDOWSSystem32iecust.dll O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtmlile://C:foo.mht! http://82.179.166.145[...] Luk derefter alle browservinduer og klik på "Fix Checked" Nu skal du til at slette så du skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen. Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved "Skjul beskyttede operativsystemfiler". Fjern flueben ved "Skjul filtypenavne for kendte filtyper". Sæt prik i "Vis skjulte filer og mapper". Start derefter op i fejlsikret tilstand (F8 eller F5 under opstart) Find og slet: C:\WINDOWS\System32\iecust.dll <<< Slet filen Start derefter op normalt, kom med en ny hijackthis til kontrol... //Kim In Chul
--
MSN: [email protected]