[hannyp]

Hjelp !!!!!

Maskinen min vil ikke la meg gå i legge til eller slette programmer, står det at tilgang denier som jeg ikke har myndighet og til å kontakte systemansvarlig, dette er min PC (laptop) og bare meg selv og min mann har kontoer satt opp på datamaskin, jeg har prøvd under hans konto, og sier det samme. Hvordan kan jeg finne dette sorteres?

Vi får stadig denne meldingen vises en Windows sikkerhetsadvarselen Advarsel Potensielle spyware drift. Hvordan kan jeg stoppe dette vises?

Takk
Hannah

[philthomas]

Du kan bli bedre oppslaget dette i Virus, spionprogrammer og sikkerhet forum

[hannyp]

Tråder fusjonert.

[evilfantasy]

Flyttet til virus, spionprogrammer og sikkerhet forum.

La oss se en logg fra HijackThis takk.

Laste ned HijackThis på skrivebordet.
Dobbeltklikke på filen du nettopp lastet ned.
Klikk på "Installer"For å installere.
Det vil som standard installert i katalogen -- C: \ Programfiler \ Trend Micro \ HijackThis
Vennligst ikke endre standard installere sted.
Ved å installere, HijackThis skal åpne for deg.

Neste klikk på "Gjør et system skanne og lagre en loggfil " knappen.
HijackThis skanner og deretter en logg åpnes i notepad.
I øvre venstre i notepad vindu klikker "Fil" > "Lagre som" name it hijackthis og deretter lagre den til Desktop.
Lagre logg som tekst (. tXT-Fil) eller. Loggen
Gjøre IKKE feste MS-Word . DOC filene, vil de ikke bli sett på!
I innlegget ditt, legger loggen som Vedlegg.
* Ikke har Hijackthis fikse noe ennå. Det meste av det de finner vil være harmløs eller nødvendig.
** Ikke bruk Analyse Denne knappen. Det er funn er farlig hvis feiltolkes.

Guide for vedlegger loggene til et innlegg

[hannyp]

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 7:42:43 PM, on 11/25/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ Programfiler \ Norton AntiVirus \ navapsvc.exe
C: \ Programfiler \ Norton AntiVirus \ iwp \ NPFMntor.exe
C: \ Programfiler \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ printer.exe
C: \ Programfiler \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programfiler \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Programfiler \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programfiler \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
C: \ Programfiler \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Programfiler \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Programfiler \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Programfiler \ Fellesfiler \ PCPrivacyTool \ mc.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Programfiler \ FinePixViewer \ QuickDCF2.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programfiler \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Programfiler \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Programfiler \ Fellesfiler \ AVSystemCare \ bm.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Easy SpyRemover \ EasySpyRemover.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Programfiler \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Programfiler \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [EDS] C: \ Programfiler \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Programfiler \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Programfiler \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Programfiler \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Programfiler \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Programfiler \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Programfiler \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ progra ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Forbruker
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Programfiler \ REGSHAVE \ REGSHAVE.EXE / AutoRun
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Programfiler \ Fellesfiler \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Programfiler \ Fellesfiler \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Programfiler \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Microsoft Finn Fast.lnk = C: \ Programfiler \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C: \ Programfiler \ Microsoft Office \ Office \ Osa.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: DSLMON.lnk = C: \ Programfiler \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1
O8 - Extra sammenheng menyelement: & D & ownload & med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra sammenheng menyelement: & D & ownload all video med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenheng menyelement: & D & ownload all with BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Hewlett-Packard Company - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ iwp \ NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C: \ Programfiler \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - c: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Programfiler \ samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
End of file - 9608 bytes

Håper dette hjelper?

[evilfantasy]

Du definitivt har noen veldig ekle infeksjoner.

1. Laste ned Malwarebytes' RogueRemover Free
2. Dobbeltklikk på ikonet for å installere RogueRemover og deretter starte programmet.
3. Trykk Se etter oppdateringer.
4. Dette vil vise om det er en nyere versjon av databasen. Trykk på Last ned.
5. Gå tilbake til hovedskjermbildet og trykk Scan.
6. Hvis og når en infeksjon blir funnet, Fjern alle gjenstander funnet.

=====

Laste ned, installere og oppdatere Superantispyware (SAS) Ikke kjør dette ennå.

SUPERAntispyware Free Edition

=====
Det kan være lurt å skrive ut eller kopiere og lime inn resten av instruksjonene og lagre dem i et tekstdokument til skrivebordet. Du vil ikke kunne se dem fra sikkermodus.

Start på nytt i sikkermodus

* Restart datamaskinen.
* Når du ser svart-hvitt Starte Windows linjen nederst på skjermen, begynner å trykke på F8 nøkkel.
* Når du kommer til oppstartsmenyen, bruk piltastene til å velge Sikkermodus
* Trykk deretter Angi.
* Datamaskinen starter på nytt i sikkermodus.

=====

Åpne HijackThis og velg "Do et system scan only"

Sett et merke ved siden av: (hvis det finnes)

F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Programfiler \ Fellesfiler \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Programfiler \ Fellesfiler \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Programfiler \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1

Nå kan du klikke "Fix checked"

Avslutt HijackThis

=====

Nå konfigurere og kjøre SUPERAntiSpyware i sikkermodus.

* Under Konfigurering og PreferanserKlikk Preferanser knappen.
* Klikk Scanning Control tab.
* Under Scanner Valg sørg for at følgende er kontrollert:
+ Close nettlesere før skanning
+ Scan for sporingskapsler
+ Terminate minne trusler før quarantining.
+ Vennligst la andre ukontrollert.
+ Klikk Lukke knappen for å forlate kontrollsenter skjermen.
* På hovedskjermen under Scan for skadelig programvare Klikk Skanner datamaskinen.
* På venstre sjekk C: \ Fixed Drive.
* På høyre, under Complete Scan, Velger Utfør Complete Scan.
* Klikk Neste å starte skanningen. Vær tålmodig mens den skanner datamaskinen din.
* Når skanningen er fullført et sammendrag boks. Klikk OK.
* Kontroller at alt i den hvite boksen har et merke ved siden av den, klikk Neste.
* Det vil karantene hva det er funnet, og hvis den spør om du vil starte på nytt, klikker du Ja.
* Hvis du vil hente fjerningen informasjon, vennligst gjør følgende:
+ Etter omstart, dobbeltklikker SUPERAntiSpyware ikon på skrivebordet.
+ Klikk Preferanser. Klikk Statistikk / Logs tab.
+ Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Logg.
+ Det åpnes i standard tekstredigeringsprogram (for eksempel Notepad / Wordpad).
+ Lagre notepad filen på skrivebordet ved å klikke (i notepad) "Fil""Lagre som"
* Lagre logg sted du lett kan finne den. (normalt skrivebordet)
* Klikk nært og tett igjen for å avslutte programmet.
* Vennligst legg loggen som vedlegg sammen med en ny HijackThis loggen i neste innlegg.

=====

Neste innlegg kan du legge til som vedlegg
SUPERAntiSpyware logg
Ny HijackThis log

[hannyp]

Dette er SuperAntiSpyware Resultater:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 08:56
Application Version: 3.9.1008
Core Rules Database Version: 3259
Trace Rules Database Version: 1270
Scan type: Quick Scan
Total Scan Time: 00:09:24
Minne eks skannet: 564
Minne trusler oppdages: 0
Registerelementene skannet: 720
Registerverdi trusler oppdages: 0
Fil eks skannet: 8656
Fil trusler oppdages: 84
Adware.Tracking Cookie
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@archant.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfmigoajiko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4widpifo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ overture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wflokpczkbq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.errclean [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.associatedconte nt [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070878818 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ burstnet [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmywjdjokp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ atdmt [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ roiservice [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@122.2o7 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ apmebf [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyehcjkdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wblogncpagp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ mediaplex [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ indextools [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgmyagajsdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@phillyburbscom.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1069870899 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ questionmarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4cpcjshq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1057062368 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adserver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ Haymarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyalcpcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [3]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adrevolver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ehg-autotrader.hitbox [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ revsci [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ a [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wckigncpmfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ whatcar [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjkoejdjmgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.webdiversi ty.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wglyuiazacp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ pistonheads [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgl4qic5mlp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ neste [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6whkiaodzcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ hitbox [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@haynet.adbureau [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliujajshp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066670941 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgliglc5aco.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@h.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgkiohcpmgo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfkysjazkgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@amazonms.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ bluestreak [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliemdzahq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1071238990 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1070144314 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlycmajsfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ annonsering [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ 1066767647 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@media.adrevolver [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ adtech [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyqgd5ido.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ tacoda [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.summitmedi a.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmikjczihq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstnet [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ statcounter [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@try.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ Hannah @ clickbank [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wbliskcjibo.stats.esomniture [2]. Txt


Og her er HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 9:02:38 AM, on 11/26/2007
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ Programfiler \ Norton AntiVirus \ navapsvc.exe
C: \ Programfiler \ Norton AntiVirus \ iwp \ NPFMntor.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Programfiler \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programfiler \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Programfiler \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programfiler \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
C: \ Programfiler \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Programfiler \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Programfiler \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Programfiler \ FinePixViewer \ QuickDCF2.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programfiler \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Programfiler \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Programfiler \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Programfiler \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [EDS] C: \ Programfiler \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Programfiler \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Programfiler \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Programfiler \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Programfiler \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Programfiler \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Programfiler \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ progra ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Forbruker
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Programfiler \ REGSHAVE \ REGSHAVE.EXE / AutoRun
O4 - HKLM \ .. \ Run: [Easy SpyRemover] C: \ Programfiler \ Easy SpyRemover \ EasySpyRemover.exe / smart
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Microsoft Finn Fast.lnk = C: \ Programfiler \ Microsoft Office \ Office \ FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C: \ Programfiler \ Microsoft Office \ Office \ Osa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C: \ Programfiler \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra sammenheng menyelement: & D & ownload & med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra sammenheng menyelement: & D & ownload all video med BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra sammenheng menyelement: & D & ownload all with BitComet - res: / / C: \ Programfiler \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Hewlett-Packard Company - C: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ iwp \ NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C: \ Programfiler \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programfiler \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - c: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Programfiler \ samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
End of file - 9092 bytes

Great skritt å følge, selv jeg greide det.

Takk, hva nå??

[evilfantasy]

Kan du komme til å legge til / fjern programmer nå?

Hvis så gå dit og se etter og avinstallere East Spy Remover.

[hannyp]

Nei, jeg fortsatt får advarselen vises som lyder:
Denne operasjonen har blitt avbrutt på grunn av restriksjoner i bruk på denne datamaskinen, kan du kontakte din system administator '.

[MJM]

Boot i sikker modus.

Start maskinen på nytt og holde trykket F8. Du burde få en meny. Velg den ytterste (safe mode). Når du velger kontoer bør du velge administratorkontoen.
Gå inn Legg til / fjern programmer. Det skal fungere. Ellers kan du prøve å drepe prosessen (som kan være kalt "EasySpyRemover.exe" eller lignende). Prøv å åpne Legg til / fjern igjen.