b21a Skrevet 22. april 2005 Del Skrevet 22. april 2005 (endret) Ok jeg gir opp Kjærringa installerte msn pluss og dessverre valgte hun reklame med Har kjørt omtrent alle adaware programmer og virus programmer jeg vet om, men får altså ikke fjernet den#¤%!¤#¤%/%¤% skjiten. Er det noen som kan hjelpe?!? Under er logen fra hijack this: Logfile of HijackThis v1.99.1 Scan saved at 09:41:06, on 22.04.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe D:\Programfiler\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\iexplore.exe D:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\msiexec.exe c:\progra~1\intern~1\iexplore.exe D:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe D:\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://goeuurphsw.com/bcoLib5nOsrCQZ9UCefb...nQDPKmmJOM.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.online.no/~b21a R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.online.no/~b21a R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] D:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [gcasServ] "D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Programfiler\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [WarnSupportKindComp] C:\Documents and Settings\All Users\Programdata\new extra warn support\Program ball.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] D:\Programfiler\Logitech\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] D:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [soap Lies] C:\DOCUME~1\SLUTTB~1\PROGRA~1\STOREA~1\Bird Cdrom Manager.exe O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb11.pogo.com/game/deluxe/insa...aploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE EDIT: Jada, jeg vet at jeg ikke skulle brukt IE, men kjærringa liker ikke noen andre web browsere, og siden hun har kjøpt denne maskinen må jeg vel gi meg Endret 22. april 2005 av b21a Lenke til kommentar
b21a Skrevet 22. april 2005 Forfatter Del Skrevet 22. april 2005 Hmmmmmm, gikk inn på MS antispyware og valgte "System explorers" under advanced tools. Fant to oppføringer der som jeg blokkerte, og EUREKA!!!!!!!! skjit'n vart borte. (i hvertfall ser det sånn ut) ActiveX Virtools WebPlayer Class This ActiveX Download has been blocked. To un-block this ActiveX Download, navigate to the Security Agents > Application Agents > View Blocked Events. ---------------------------------------------------------------- (Blocked) StartUp bird cdrom manager.exe bird cdrom manager.exe This Startup program has been blocked. To un-block this Startup program, navigate to the Security Agents > Application Agents > View Blocked Events. ----------------------------------------------------------------- (Blocked) StartUp program ball.exe program ball.exe This Startup program has been blocked. To un-block this Startup program, navigate to the Security Agents > Application Agents > View Blocked Events. Håper dette funker Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå