Søppel fra MSN Pluss

[b21a]

Ok jeg gir opp

 

Kjærringa installerte msn pluss og dessverre valgte hun reklame med

 

Har kjørt omtrent alle adaware programmer og virus programmer jeg vet om, men får altså ikke fjernet den#¤%!¤#¤%/%¤% skjiten.

 

Er det noen som kan hjelpe?!? Under er logen fra hijack this:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:41:06, on 22.04.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe

D:\Programfiler\SPAMfighter\SFAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Internet Explorer\iexplore.exe

D:\Programfiler\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\msiexec.exe

c:\progra~1\intern~1\iexplore.exe

D:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

D:\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://goeuurphsw.com/bcoLib5nOsrCQZ9UCefb...nQDPKmmJOM.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.online.no/~b21a

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.online.no/~b21a

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programfiler\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [gcasServ] "D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Programfiler\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [WarnSupportKindComp] C:\Documents and Settings\All Users\Programdata\new extra warn support\Program ball.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] D:\Programfiler\Logitech\\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Yahoo! Pager] D:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [soap Lies] C:\DOCUME~1\SLUTTB~1\PROGRA~1\STOREA~1\Bird Cdrom Manager.exe

O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb11.pogo.com/game/deluxe/insa...aploader_v6.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

 

EDIT: Jada, jeg vet at jeg ikke skulle brukt IE, men kjærringa liker ikke noen andre web browsere, og siden hun har kjøpt denne maskinen må jeg vel gi meg

Endret 22. april 2005 av b21a

[b21a]

Hmmmmmm, gikk inn på MS antispyware og valgte "System explorers" under advanced tools.

 

Fant to oppføringer der som jeg blokkerte, og EUREKA!!!!!!!! skjit'n vart borte. (i hvertfall ser det sånn ut)

 

ActiveX Virtools WebPlayer Class

 

This ActiveX Download has been blocked.

 

To un-block this ActiveX Download, navigate to the Security Agents > Application Agents > View Blocked Events.

----------------------------------------------------------------

(Blocked) StartUp bird cdrom manager.exe bird cdrom manager.exe

 

This Startup program has been blocked.

 

To un-block this Startup program, navigate to the Security Agents > Application Agents > View Blocked Events.

-----------------------------------------------------------------

(Blocked) StartUp program ball.exe program ball.exe

 

This Startup program has been blocked.

 

To un-block this Startup program, navigate to the Security Agents > Application Agents > View Blocked Events.

 

Håper dette funker