kimman Skrevet 23. november 2005 Del Skrevet 23. november 2005 Jeg har jobbet og fått fikset pc, nu er den ren for virus og all driten! Men det som gjenstår er denne bakgrunn som sitter fast. Og det kommer reklamer/cookies hele tida, og jeg bruker firefox så hva må gjøres for å stoppe dem? Dersom dere trenger å se hijackthis loggen så er det her: Logfile of HijackThis v1.99.1 Scan saved at 22:39:32, on 23.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\ltmoh\Ltmoh.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AntSwitch.exe C:\Programfiler\Fujitsu Siemens\Bluetooth Software\BTTray.exe C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wisptis.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\Bruker\LOKALE~1\Temp\Rar$EX00.389\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: ads.offeroptimizer.comm O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpeg: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.com/spyware/Install.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPA~1.DLL O20 - Winlogon Notify: chk - chke.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\g2402chmgf4a2.dll O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\hojcfcal.dll O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\system32\djpedlhh.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE Lenke til kommentar
mosher Skrevet 23. november 2005 Del Skrevet 23. november 2005 Kan anbefale Microsoft sitt eget AntiSpyware program. Plagdes ganske lenge med en pc jeg også, som hadde hijacks og masse pop-ups som jeg aldri fant ut hvor kom fra. Men MS sitt program tok rotta på det. Brukt det en del på pc'er til venner og kjente som har blitt trege og er full av dritt. Det rensker bort alt av dritt og ting funker som det skal etterpå. Litt imponert over denne faktisk. Mosher Lenke til kommentar
Chakl Skrevet 23. november 2005 Del Skrevet 23. november 2005 (endret) Har/hadde samme problem som deg + mer. O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll er trojan Det ser ut som at kun Etrust Antivirus online scan har oppdaget virus i filen med Win32.Soclaip.B For å fikse bakrgunn. Start > Run> Regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop Slett NoChangingWallPaper hvis valuen finnes. Så åpne notpad og lim inn følgende og lagre filen som .reg og kjør: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General] "WallpaperFileTime"=- "WallpaperLocalFileTime"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispAppearancePage"=- "Wallpaper"=- "WallpaperStyle"=- "NoDispBackgroundPage"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktopChanges"=- "ForceActiveDesktopOn"=- [HKEY_CURRENT_USER\Control Panel\Desktop] "Wallpaper"=- "WallpaperStyle"=- [HKEY_CURRENT_USER\Control Panel\Colors] "Background"="0 78 152" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "notepad.exe"=- "notepad2.exe"=- "winlogon.exe"=- "paint.exe"=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] ""="http://home.microsoft.com/access/autosearch.asp?p=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="http://search.msn.com/spbasic.htm" "Use Custom Search URL"= dword:00000000 "Use Search Asst"=- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}] [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}] [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}] [-HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}] [-HKEY_CLASSES_ROOT\CLSID\VMHomepage] [-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1] [-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}] [-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}] [-HKEY_CLASSES_ROOT\VMHomepage] [-HKEY_CLASSES_ROOT\VMHomepage.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Intel system tool"=- "WindowsFZ"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold] Endret 23. november 2005 av chakl Lenke til kommentar
zjulik Skrevet 24. november 2005 Del Skrevet 24. november 2005 Jeg har jobbet og fått fikset pc, nu er den ren for virus og all driten! NOT...disse må bort, kimman: O1 - Hosts: ads.offeroptimizer.comm -atboottime (reklame) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.com/spyware/Install.cab (ikke fall for alle som påstår de kan hjelpe deg!) O20 - Winlogon Notify: chk - chke.dll (file missing) (virusrest) O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll (virus) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\g2402chmgf4a2.dll O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\hojcfcal.dll O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\system32\djpedlhh.dll (disse tre gir ingen resultat på google. få dem vekk) Kryss av for alt i Hijackthis, trykk Fiks. Ta så en omstart i Safe mode og sjekk at ikke noen av disse filene befinner seg på maskinen. Lenke til kommentar
Mendel Skrevet 24. november 2005 Del Skrevet 24. november 2005 Jeg har samme problem som Topicstarter med at jeg ikke kan endre bakgrunnen, kjørte guiden til chalk for å ordne slik at jeg kan endre bakgrunnen. Jeg får også opp mye reklame og drit både i IE og Firefox, popup blokker stopper de ikke og jeg har kjørt alt av spyware cleanere. Her er loggen min fra Hijackthis, vennligst hjelp meg (Er utrolig irreterende med popup som legger ned alle andre programmer): Logfile of HijackThis v1.99.1 Scan saved at 18:41:26, on 24.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe D:\Mine dokumenter\Nedlastede\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [nod32kui] C:\Programfiler\Eset\nod32kui.exe /WAITSERVICE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\j4l4le3q1h.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programfiler\Eset\nod32krn.exe Lenke til kommentar
zjulik Skrevet 24. november 2005 Del Skrevet 24. november 2005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank - http://www.pchell.com/support/aboutblank.shtml O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\j4l4le3q1h.dll - denne krysser du av og fikser. Start så i sikker modus og slett filen det refereres til, hvis den er der. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå