xaroncss Skrevet 14. mai 2008 Skrevet 14. mai 2008 (endret) Jeg får 2 pop-ups ca hvert min. Først fra Firefox, og så en fra iexplorer. Veldig irriterende. Har prøvd å fikse det ved hjelp av flere spyware og anti-virus programmer. , Hadde vært trivelig med litt hjelp =) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:08, on 14.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\SPYWAREfighter\spftray.exe C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\SPYWAREfighter\spfprc.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Stian\Skrivebord\HJ\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Programfiler\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191589338359 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programfiler\SPYWAREfighter\spfprc.exe -- End of file - 10343 bytes Endret 16. mai 2008 av xaroncss
snippsat Skrevet 14. mai 2008 Skrevet 14. mai 2008 (endret) Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Fjern alt denne spywaresofware som ikke har så mye for seg tar en del ressurser Bruk denne når du fjerner. http://www.revouninstaller.com/ Skal scanne med sas senere. Endret 14. mai 2008 av SNIPPSAT
xaroncss Skrevet 15. mai 2008 Forfatter Skrevet 15. mai 2008 (endret) Jeg skjønte ikke helt hva jeg skulle fjærne, og hvordan..? hær er combofix loggen: ComboFix 08-05-12.1 - Stian 2008-05-15 16:56:20.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.481 [GMT 1:00] Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))) . 2008-05-13 19:22 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-05-13 19:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-05-13 19:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-05-13 19:22 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-04-25 20:13 . 2008-04-25 20:13 <DIR> d-------- C:\USB_DRV 2008-04-25 19:39 . 2008-04-25 19:39 <DIR> d-------- C:\Drivers 2008-04-25 19:39 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys 2008-04-25 19:39 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys 2008-04-25 19:39 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL 2008-04-25 19:39 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys 2008-04-25 19:39 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys 2008-04-25 19:39 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll 2008-04-25 19:38 . 2008-04-25 19:39 <DIR> d-------- C:\USB driv 2008-04-24 20:13 . 2008-04-24 20:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Control Panels 2008-04-24 20:10 . 2008-04-24 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ALM 2008-04-24 19:42 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-04-24 19:42 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-04-24 19:25 . 2008-04-24 19:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d-------- C:\Programfiler\MagicISO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 16:02 167,545 ------w C:\WINDOWS\system32\drivers\core.cache.dsk 2008-05-11 22:21 --------- d-----w C:\Documents and Settings\Stian\Programdata\AVG7 2008-05-08 15:28 --------- d-----w C:\Programfiler\Steam 2008-04-30 20:11 --------- d-----w C:\Documents and Settings\Stian\Programdata\LimeWire 2008-04-25 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-24 19:14 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-04-23 17:42 --------- d-----w C:\Programfiler\DivX 2008-04-22 14:23 --------- d-----w C:\Programfiler\Winamp 2008-04-22 14:17 --------- d-----w C:\Documents and Settings\Stian\Programdata\Winamp 2008-04-16 20:08 --------- d-----w C:\Programfiler\LimeWire 2008-04-12 14:28 --------- d-----w C:\Documents and Settings\Stian\Programdata\dvdcss 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 21:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-19 21:09 --------- d-----w C:\Programfiler\Lavasoft 2008-03-19 04:40 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-18 16:06 --------- d-----w C:\Programfiler\SPYWAREfighter 2008-03-18 16:06 --------- d-----w C:\Programfiler\Fellesfiler\Application 2008-03-15 15:51 --------- d-----w C:\Documents and Settings\Stian\Programdata\AdobeUM 2008-03-12 15:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-02-21 14:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-12 20:01 1 ----a-w C:\Documents and Settings\Stian\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08 813912] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 22:21 1838592] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:08 579584] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "spywarefighterguard"="C:\Programfiler\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344] "Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 23:14 219136] C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-04 14:44:13 106496] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-15 00:28:35 692224] Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-08-15 00:26:46 536576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Steam\\steamapps\\xazumi\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Steam\\steamapps\\xazumi\\counter-strike\\hl.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\StepMania CVS\\Program\\StepMania.exe"= "C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 enum13944;enum13944;C:\WINDOWS\system32\drivers\enum13944.sys [2008-01-13 23:14] R3 SpyFighter;SpyFighter Guard Device;C:\Programfiler\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programfiler\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b380f7d-2103-11dd-a553-001109dccddc}] \Shell\AutoRun\command - autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7524cb3-415d-11dc-8590-806d6172696f}] \Shell\AutoRun\command - F:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-03-12 14:04:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 17:03:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-05-15 17:17:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-15 16:16:11 ComboFix2.txt 2008-01-13 17:02:47 Pre-Run: 35,026,231,296 byte ledig Post-Run: 35,134,578,688 byte ledig 184 --- E O F --- 2008-05-14 14:50:10 Endret 15. mai 2008 av xaroncss
r2d290 Skrevet 15. mai 2008 Skrevet 15. mai 2008 Tror han mener at du skal fjerne spywaresoftwaren (altså som du sier selv "ved hjelp av flere spyware og anti-virus programmer.") Du skal altså bruke http://www.revouninstaller.com/ når du sletter disse programmene (siden visse program kan være vanskelig å fjerne) Dette skal du gjøre fordi programmene du har brukt sikkert ikke er de beste, samt at de tar mye resurser. Vi skal fikse problemet ditt manuelt, og så kan vi gi deg råd om spyware/antivirusprogram etterpå
xaroncss Skrevet 15. mai 2008 Forfatter Skrevet 15. mai 2008 Sånn! Tror jeg er klar for neste steg =) Btw, Revo Uninstaller var utrolig høvelig Fikk rydda opp i masse x)
snippsat Skrevet 15. mai 2008 Skrevet 15. mai 2008 (endret) Ad-Aware---SPYWAREfighter---SPYBOT du kan god ha disse,det jeg mener at SAS gjør jobben disse gjør alene. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\drivers\core.cache.dsk Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Si litt om pcen kjører greit så fjerner vi combofix etter dette. Endret 15. mai 2008 av SNIPPSAT
xaroncss Skrevet 15. mai 2008 Forfatter Skrevet 15. mai 2008 (endret) SAS logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/15/2008 at 09:03 PM Application Version : 4.0.1154 Core Rules Database Version : 3461 Trace Rules Database Version: 1452 Scan type : Complete Scan Total Scan Time : 00:25:19 Memory items scanned : 383 Memory threats detected : 0 Registry items scanned : 4409 Registry threats detected : 0 File items scanned : 23521 File threats detected : 13 Adware.Tracking Cookie C:\Documents and Settings\Stian\Cookies\[email protected][1].txt C:\Documents and Settings\Stian\Cookies\[email protected][1].txt C:\Documents and Settings\Stian\Cookies\stian@revsci[2].txt C:\Documents and Settings\Stian\Cookies\stian@serving-sys[1].txt C:\Documents and Settings\Stian\Cookies\stian@atdmt[2].txt C:\Documents and Settings\Stian\Cookies\[email protected][2].txt C:\Documents and Settings\Stian\Cookies\[email protected][2].txt C:\Documents and Settings\Stian\Cookies\[email protected][1].txt C:\Documents and Settings\Stian\Cookies\[email protected][2].txt C:\Documents and Settings\Stian\Cookies\stian@adtech[1].txt C:\Documents and Settings\Stian\Cookies\[email protected][1].txt RootKit.TnCore/Trace C:\WINDOWS\system32\drivers\core.cache.dsk Rootkit.TNCore-Variant/A C:\WINDOWS\SYSTEM32\DRIVERS\ENUM13944.SYS Skal laste ned CCleaner nå =) Endret 15. mai 2008 av xaroncss
xaroncss Skrevet 15. mai 2008 Forfatter Skrevet 15. mai 2008 Ser ut som at PCen kjører som den skal Hærlig
r2d290 Skrevet 15. mai 2008 Skrevet 15. mai 2008 Fint. Start->kjør->skriv: combofix /u Dette vil avinstallere combofix, slette filer i karantene, og opprette et nytt gjennoprettingspunkt (et "friskt" punkt du kan sette pc-en tilbake til hvis du får problemer senere). SAS beholder du. Hold det oppdatert og scan litt av og til, og avinstaller andre antispyware-programmer Ccleaner kan du også gjerne beholde, eller avinstallere fra legg til/fjern programmer Avenger vet jeg ikke helt hvordan du avinstallerer, men se om den ligger i legg til/fjern programmer Kan også gjerne avinstallere hijackthis. Er så lite, at det går raskt å laste ned på nytt. Avinstalleres fra legg til/fjern programmer. Bruk pc-en ut kvelden, og hvis alt er som det skal, endrer du emnetittelen din, ved å redigere førstepost med FULL redigering, og skrive: [LØST] foran emnetittelen din Dette vil gjøre det mer ryddig på forumet...
xaroncss Skrevet 16. mai 2008 Forfatter Skrevet 16. mai 2008 Alt virker som det skal Tusen takk for hjelpen!
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå