messagebroadcaste pop-ups

[Radhoo]

Min bror sliter med pop-ups på Exploreren sin. Han får opp pop-ups der det står: Are you fed up woth spam and pop-ups. I adresse baren så står det http://messagebroadcaster.net <-for all del ikke logg dere inn der. Har prøvd ad-aware, spybot search and destroy og cwshredder. De to første fant ingenting. cwshredder fant noe. Han får også linker på visse ord. Når han søker på google så kommer det først en fakeside med reklame greier. Siden er formet som en googlesøkeside med google logo og alt. Begynner å gå på nervene hans nå. Har søkt på nettet, men finner lite om problemet. Tror det er relativt nytt... Noen som kan hjelpe? siste utvei er vel format tenker jeg, men jeg vil ha det som aller siste utvei...

[Radhoo]

Hackthis-log:

 

Logfile of HijackThis v1.97.7

Scan saved at 20:39:22, on 30.04.2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Programfiler\Norton AntiVirus\SAVScan.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\rmctrl.exe

C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe

C:\Programfiler\Logitech\MouseWare\system\em_exec.exe

E:\Progs\Winamp\Winamp\winampa.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Messenger Plus! 2\MsgPlus.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\dhbrwsr.exe

C:\WINDOWS\TimeSynchronize.exe

C:\WINDOWS\System32\ctfmon.exe

E:\games\steam\steam.exe

E:\Progs\I Hate This Key\ihtk.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WINXP\3COMU11GMonitor.exe

E:\Progs\WinZip\WZQKPICK.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\dhsvr.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

E:\PROGS\WINZIP\winzip32.exe

C:\Documents and Settings\ZapL0n\Lokale innstillinger\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mskpkc.dll

O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll

O2 - BHO: (no name) - {4912AEE3-CD6F-CCAE-2147-D3EA62F1CF47} - (no file)

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll

O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] E:\Progs\Winamp\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe

O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe

O4 - HKLM\..\Run: [TimeSyncApp] C:\WINDOWS\TimeSynchronize.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "e:\games\steam\steam.exe" -silent

O4 - HKCU\..\Run: [iHateThisKey] E:\Progs\I Hate This Key\ihtk.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programfiler\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: 3Com OfficeConnect Wireless 11g USB Adapter Utility.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WINXP\3COMU11GMonitor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Progs\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8044.4915972222

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D1BC43-525F-441C-954F-4FD16D520BD4}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED904517-2DCB-4242-8018-66D6918CCEDC}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B47FB5-9E44-4F7E-8921-AB4C7D568DFA}: NameServer = 192.168.0.1

[Alex_2xA]

For å fjerne popups og slik reklame drit, prøve Ad-aware, den funker ganske greit. (Laget av Lavasof, husker ikke adressen akuratt nå, man søk for Ad Aware i google så burde du finne den)

[Radhoo]

Har prøvd ad-aware, spybot search and destroy og cwshredder.

Har prøvd...

[Alex_2xA]

Har prøvd ad-aware, spybot search and destroy og cwshredder.

Har prøvd...

(Du oppdaterte den vel?)

Ellers vet jeg ikke.

[Radhoo]

*bump* Fortsatt samme problemet... argh..