Avatar billede Veerst Nybegynder
18. april 2014 - 10:25 Der er 5 kommentarer og
1 løsning

Kan ikke fjerne Hijack.Host

Jeg har fået snavs på min pc, men har fjernet det meste med

Ccleaner
Revo Unistaller
Malwarebytes Anti-Malware
AdwCleaner

Tilbage har jeg en enkelt som jeg ikke får fjernet, her er loggen fra Malwarebytes:


Malwarebytes Anti-Malware
www.malwarebytes.org
8
Scan Dato: 18-04-2014
Scan Tid: 10:16:14
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
Licens: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
Fil system: NTFS
Bruger: jei

Scan Type: Trussel Scanning
Resultater: Fuldført
Objekter Scannet: 351779
Forløbet Tid: 21 min, 4 sek

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processer: 0
(No malicious items detected)

Moduler: 0
(No malicious items detected)

Nøgle Register: 0
(No malicious items detected)

Værdi Register: 0
(No malicious items detected)

Data Register: 0
(No malicious items detected)

Mapper: 0
(No malicious items detected)

Filer: 7
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.google-analytics.com.), ,[8b403cef25561026b5026ee4f014cc34]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 google-analytics.com.), ,[26a5101b2e4d41f55166ea680103ff01]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 connect.facebook.net.), ,[8a4153d88cef59dd10a7a1b10cf83bc5]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 bing.com.), ,[59721c0fa4d7ad89b502084ac63e8779]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.bing.com.), ,[af1ce348d7a49f976255bd953cc84cb4]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 serach.yahoo.com.), ,[05c6c368ed8e74c2c3f4213159ab46ba]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.search.yahoo.com.), ,[14b7f734314a77bff6c1282acf350ff1]

Physical Sectors: 0
(No malicious items detected)


(end)


Loggen fra AdwCleaner kommerher:

# AdwCleaner v3.023 - Report created 18/04/2014 at 09:45:32
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jei - JENSERIKIVERSEN
# Running from : C:\Users\jei\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : winzipersvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Users\jei\AppData\Local\PackageAware
Folder Deleted : C:\Users\jei\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\jei\AppData\Roaming\SupTab
Folder Deleted : C:\Users\jei\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\jei\Documents\Optimizer Pro
Folder Deleted : C:\Users\jei\AppData\Roaming\Mozilla\Firefox\Profiles\p3a5ai2g.default\adawaretb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (da)

[ File : C:\Users\jei\AppData\Roaming\Mozilla\Firefox\Profiles\p3a5ai2g.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "delta-homes");
Line Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST320LT007-9ZV142_W0Q34E4N&ts=1393413589");

-\\ Google Chrome v

[ File : C:\Users\jei\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7807 octets] - [18/04/2014 09:44:02]
AdwCleaner[S0].txt - [6575 octets] - [18/04/2014 09:45:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6635 octets] ##########


--

Nogen der har et bud?
18. april 2014 - 12:20 #1
Lige en hurtig:

Hår du kører (en opdateret!!!) MalwareBytes så bruge
[HøjreMusseTast - "Kør som Admini..." ]
Avatar billede Veerst Nybegynder
18. april 2014 - 13:29 #2
Det har jeg nu prøvet.

I loggen fra Malwarebytes står der "Removal failed":

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Dato: 18-04-2014
Scan Tid: 13:21:49
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
Licens: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
Fil system: NTFS
Bruger: jei

Scan Type: Trussel Scanning
Resultater: Fuldført
Objekter Scannet: 352005
Forløbet Tid: 14 min, 12 sek

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processer: 0
(No malicious items detected)

Moduler: 0
(No malicious items detected)

Nøgle Register: 0
(No malicious items detected)

Værdi Register: 0
(No malicious items detected)

Data Register: 0
(No malicious items detected)

Mapper: 0
(No malicious items detected)

Filer: 7
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.google-analytics.com.), Removal Failed,[a427a8832f4c2f075f58b49e06fe44bc]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 google-analytics.com.), Removal Failed,[676473b8710a132327904a087193c13f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 connect.facebook.net.), Removal Failed,[9437e7449be023137d3af959bc48649c]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 bing.com.), Removal Failed,[b318ab803645d264199e0e448c78d729]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.bing.com.), Removal Failed,[943780ab473480b6378022304db725db]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 serach.yahoo.com.), Removal Failed,[03c89794f388b482eec960f253b1619f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (79.142.66.242 www.search.yahoo.com.), Removal Failed,[b615da517ffcd85e407774de758f9f61]

Physical Sectors: 0
(No malicious items detected)


(end)
Avatar billede 220661 Ekspert
18. april 2014 - 16:52 #3
Har du prøvet at gå til destinationen og slettet dem manuelt?
Min hostfil her på Windows 8 maskinen ser sådan ud, og åbnes med Notepad:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97    rhino.acme.com          # source server
#      38.25.63.10    x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1      localhost


De burde så stå som linjer under lokal host 127.0.0.1 som der normalt står
19. april 2014 - 08:11 #4
Enig med #3 ...

Den skal dog 'åbnes' / gemmes med ADM. rettigheder ...
Avatar billede Veerst Nybegynder
23. april 2014 - 09:07 #5
#3 Der var en lang række tomme linjer i hostfilen og så nederst nede var der linjer der ikke skulle være der...

Når jeg nu har fjernet disse, melder Malwarebytes ikke om infektioner :-)

Smid et svar!
Avatar billede 220661 Ekspert
23. april 2014 - 16:06 #6
Det var godt.
Lokal hosten har du ikke slettet vel?
#    127.0.0.1      localhost
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB