NSXR Skrevet 14. juni 2006 Del Skrevet 14. juni 2006 Et program driver og spretter opp bokser som sier at PC'n min er infisert av virus og spyware! Når jeg klikker på boksen kommer jeg til en nettside som hete spywarequake. Jeg finner ikke programmet i listen over programmer som kan avinnstalleres så jeg får ikke fjernet dette! Det er ekstremt irriterende og jeg aner ikke hvordan jeg skal fjerne det! Kan noen plis hjelpe meg? Tror også jeg har andre slike programmer som spretter opp beskjeder Her er en loggfil fra HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 00:41:22, on 15.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\Programfiler\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\LEXPPS.EXE c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe D:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Programfiler\Analog Devices\SoundMAX\spkrmon.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Programfiler\D-Link\Air USB Utility\AirCFG.exe D:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe D:\Programfiler\ATI Technologies\ATI HYDRAVISION\HydraDM.exe D:\Programfiler\ATI Technologies\ATI.ACE\cli.exe D:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe D:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe D:\Programfiler\Labtec\Media Keyboard\V5.0\KbdAp32A.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\MSN Messenger\msnmsgr.exe D:\Programfiler\ATI Technologies\ATI.ACE\cli.exe D:\Programfiler\ATI Technologies\ATI.ACE\cli.exe c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Mine Dokumenter\NordicMafia bot\NordicMafia bot\nordicmafia.exe D:\DOCUME~1\Eier\LOKALE~1\Temp\par-Eier\cache-1144311174\nordicmafia.exe D:\WINDOWS\system32\ntvdm.exe C:\Programfiler\Firefox\firefox.exe D:\WINDOWS\system32\dcomcfg.exe D:\WINDOWS\system32\atmclk.exe D:\Programfiler\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msgplus.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C7E3137C99A575760EA83FA5EF80752B94E3D87C5B7A452D39C5 - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file) O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - D:\WINDOWS\system32\hp100.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] D:\Programfiler\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Programfiler\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [ATICCC] "D:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "D:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [CaAvTray] "c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [LWBKEYBOARD] D:\Programfiler\Labtec\Media Keyboard\V5.0\KbdAp32A.exe O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Programfiler\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140366955406 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll,wbsys.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: spkrmon - Unknown owner - D:\Programfiler\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - c:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe Lenke til kommentar
zjulik Skrevet 14. juni 2006 Del Skrevet 14. juni 2006 Halvparten av postene i sikkerhetsforumet handler om dette - søkte du før du postet? Det skal stå greit forklart med bilder her: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Det er riktig at du har det. Prøv å gå skikkelig gjennom den siden. Får du det til, post en ny logg tilslutt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå