Scorpio45 Skrevet 18. oktober 2008 Del Skrevet 18. oktober 2008 (endret) Hei, lurte på om noen kunne hjelpe meg med å fjerne de CiD popupsa. takker på forhånd PS:fikk dette når jeg lastet ned MSN plus tror jeg, prøvde å avinstallere men hjalp ikke Endret 19. oktober 2008 av Scorpio45 Lenke til kommentar
snippsat Skrevet 18. oktober 2008 Del Skrevet 18. oktober 2008 Følg veiledningen. https://www.diskusjon.no/index.php?showtopic=691246 Loggene poster du her i tråden din. Lenke til kommentar
Scorpio45 Skrevet 18. oktober 2008 Forfatter Del Skrevet 18. oktober 2008 MBAM logg: Malwarebytes' Anti-Malware 1.29 Database versjon: 1276 Windows 6.0.6001 Service Pack 1 18.10.2008 22:43:53 mbam-log-2008-10-18 (22-43-53).txt Skanntype: Rask Skann Objekter skannet: 42570 Tid tilbakelagt: 3 minute(s), 28 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1 mags 16 more (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\ProgramData\Bold dart site.80wn94 (Trojan.Agent) -> Quarantined and deleted successfully. COMBOFIX logg: ComboFix 08-10-18.01 - Erik 2008-10-18 23:03:03.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2508 [GMT 2:00] Running from: C:\Users\Erik\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\install.exe . ---- Previous Run ------- . C:\Windows\system32\jusched.exe . ((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))))) . 2008-10-18 22:39 . 2008-10-18 22:39 <DIR> d-------- C:\Users\Erik\AppData\Roaming\Malwarebytes 2008-10-18 22:39 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-18 22:39 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-18 22:38 . 2008-10-18 22:38 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-18 22:38 . 2008-10-18 22:38 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-18 22:38 . 2008-10-18 22:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-18 22:23 . 2008-10-18 22:23 <DIR> d-------- C:\Program Files\EA GAMES 2008-10-18 22:19 . 2008-10-18 22:19 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar 2008-10-18 22:19 . 2008-10-18 22:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-10-18 22:16 . 2008-10-18 22:16 <DIR> d-------- C:\Users\Erik\AppData\Roaming\DAEMON Tools 2008-10-18 22:16 . 2008-10-18 22:16 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-10-17 18:34 . 2008-10-17 18:34 <DIR> d-------- C:\NVIDIA 2008-10-17 18:23 . 2008-10-17 18:23 <DIR> d-------- C:\Users\Erik\SystemRequirementsLab 2008-10-17 18:23 . 2008-10-17 18:24 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-10-17 18:01 . 2008-10-17 18:01 <DIR> d-------- C:\Users\All Users\Media Center Programs 2008-10-17 18:01 . 2008-10-17 18:01 <DIR> d-------- C:\ProgramData\Media Center Programs 2008-10-17 18:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll 2008-10-17 18:01 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll 2008-10-17 18:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll 2008-10-17 18:01 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll 2008-10-17 18:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll 2008-10-17 18:01 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll 2008-10-17 18:01 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll 2008-10-17 17:57 . 2008-10-17 17:57 <DIR> d-------- C:\Program Files\Electronic Arts 2008-10-16 15:34 . 2008-10-18 21:42 30 --a------ C:\Users\Erik\jagex_runescape_preferences.dat 2008-10-16 15:33 . 2008-10-16 15:33 <DIR> d-------- C:\.jagex_cache_32 2008-10-15 21:16 . 2008-09-03 05:59 468,992 --a------ C:\Windows\System32\newdev.dll 2008-10-15 21:16 . 2008-09-03 05:58 74,752 --a------ C:\Windows\System32\newdev.exe 2008-10-14 17:46 . 2008-10-14 18:08 <DIR> d-------- C:\Program Files\Two and a Half Men 2008-10-12 19:52 . 2008-10-16 21:38 <DIR> d-------- C:\Users\Erik\AppData\Roaming\SUPERAntiSpyware.com 2008-10-12 19:52 . 2008-10-12 19:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-10-12 19:52 . 2008-10-12 19:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-10-12 19:52 . 2008-10-16 21:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-11 18:51 . 2008-10-11 18:51 <DIR> d-------- C:\Users\All Users\TechSmith 2008-10-11 18:51 . 2008-10-11 18:51 <DIR> d-------- C:\ProgramData\TechSmith 2008-10-08 22:36 . 2008-10-08 22:36 <DIR> d-------- C:\Windows\Profiles 2008-10-08 22:05 . 2008-10-08 22:05 <DIR> d-------- C:\Users\Erik\AppData\Roaming\URSoft 2008-10-08 21:55 . 2008-10-08 22:00 <DIR> d-------- C:\Program Files\VS Revo Group 2008-10-08 18:01 . 2008-10-08 18:01 <DIR> d-------- C:\Program Files\Desktoptopia 2008-10-08 11:46 . 2008-10-08 11:46 <DIR> d-------- C:\Users\All Users\LightScribe 2008-10-08 11:46 . 2008-10-08 11:46 <DIR> d-------- C:\ProgramData\LightScribe 2008-10-05 18:08 . 2008-10-05 18:09 <DIR> d-------- C:\Program Files\CCleaner 2008-10-04 13:09 . 2008-10-12 19:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-04 13:09 . 2008-10-12 19:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-04 11:49 . 2008-10-04 11:50 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-10-04 11:49 . 2008-10-04 11:50 <DIR> d-------- C:\ProgramData\Lavasoft 2008-10-04 10:51 . 2008-10-05 11:41 <DIR> d-------- C:\Program Files\NoAdware 2008-10-01 15:33 . 2008-10-01 15:34 <DIR> d-------- C:\Program Files\RegCure 2008-09-29 16:46 . 2008-10-18 21:06 <DIR> d-------- C:\Program Files\Fraps 2008-09-29 16:38 . 2008-10-08 18:53 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-09-29 16:06 . 2008-10-18 22:20 <DIR> d-------- C:\Windows\System32\drivers\Avg 2008-09-29 16:06 . 2008-09-29 16:06 <DIR> d-------- C:\Users\All Users\avg8 2008-09-29 16:06 . 2008-09-29 16:06 <DIR> d-------- C:\ProgramData\avg8 2008-09-29 16:06 . 2008-09-29 16:06 <DIR> d-------- C:\Program Files\AVG 2008-09-29 16:06 . 2008-09-29 16:06 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-09-29 16:06 . 2008-09-29 16:06 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys 2008-09-29 16:06 . 2008-09-29 16:06 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-09-24 22:02 . 2008-10-17 19:30 <DIR> d-------- C:\Users\All Users\TimeJumpEach 2008-09-24 22:02 . 2008-10-17 19:30 <DIR> d-------- C:\Users\All Users\Admin Inter 1 Mags 2008-09-24 22:02 . 2008-10-17 19:30 <DIR> d-------- C:\ProgramData\TimeJumpEach 2008-09-24 22:02 . 2008-10-17 19:30 <DIR> d-------- C:\ProgramData\Admin Inter 1 Mags . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 21:00 --------- d-----w C:\Program Files\Google 2008-10-18 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-18 20:01 --------- d-----w C:\Users\Erik\AppData\Roaming\uTorrent 2008-10-18 19:06 --------- d---a-w C:\ProgramData\TEMP 2008-10-17 17:17 --------- d-----w C:\ProgramData\NVIDIA 2008-10-16 19:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-16 13:14 --------- d-----w C:\Program Files\Windows Mail 2008-10-08 20:50 --------- d-----w C:\Program Files\RivaTuner v2.09 2008-10-08 09:47 --------- d-----w C:\ProgramData\Skype 2008-10-02 08:07 453,152 ----a-w C:\Windows\System32\nvuninst.exe 2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-09-29 13:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-29 13:31 --------- d-----w C:\ProgramData\Symantec 2008-09-25 15:07 --------- d-----w C:\Program Files\World of Warcraft 2008-09-21 14:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys 2008-09-15 13:18 --------- d-----w C:\Program Files\Vidomi 2008-09-15 13:17 --------- d-----w C:\Program Files\Game Cam V2 2008-09-12 16:50 --------- d-----w C:\Program Files\HP 2008-09-10 06:37 81,920 ----a-w C:\Windows\System32\frapsvid.dll 2008-09-05 22:15 174 --sha-w C:\Program Files\desktop.ini 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Sidebar 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Journal 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Defender 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Collaboration 2008-09-05 22:07 --------- d-----w C:\Program Files\Windows Calendar 2008-09-05 17:09 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-09-05 17:09 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-09-04 13:29 --------- d-----w C:\Users\Erik\AppData\Roaming\Ventrilo 2008-09-04 13:21 --------- d-----w C:\Program Files\Ventrilo 2008-08-31 21:33 --------- d-----w C:\Users\Erik\AppData\Roaming\CyberLink 2008-08-27 13:26 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys 2008-08-25 17:48 --------- d-----w C:\ProgramData\Sony 2008-08-25 17:48 --------- d-----w C:\Program Files\Vstplugins 2008-08-25 17:48 --------- d-----w C:\Program Files\Sony 2008-08-24 19:02 --------- d-----w C:\Users\Erik\AppData\Roaming\Sony 2008-08-24 18:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-24 18:57 --------- d-----w C:\Program Files\Sony Setup 2008-08-21 14:18 --------- d-----w C:\Users\Erik\AppData\Roaming\DivX 2008-08-21 14:09 --------- d-----w C:\Program Files\DivX 2008-08-21 14:09 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-08-07 19:23 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-08-07 19:23 56 ---ha-w C:\ProgramData\ezsidmv.dat 2008-08-07 14:29 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-08-07 14:29 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-07 13:48 988,216 ----a-w C:\Windows\System32\winload.exe 2008-08-07 13:48 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-08-07 13:48 615,992 ----a-w C:\Windows\System32\ci.dll 2008-08-07 13:48 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-08-07 13:48 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-08-07 13:48 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-08-07 13:48 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-08-07 13:48 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-08-07 13:48 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-08-07 13:48 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-08-07 13:45 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-08-07 13:45 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-08-07 13:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-08-07 13:44 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-08-07 13:43 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll 2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bolt win"="C:\ProgramData\wave ping ping.b9n0vi1" [X] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-10-07 13584928] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-10-07 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Desktoptopia.lnk - C:\Program Files\Desktoptopia\Desktoptopia.exe [2008-08-07 1572864] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-16 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{21B22A80-A293-4DC0-A471-1E4F4D6F2659}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{4E1C454C-F129-4767-9958-F8DDE1379793}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D33A44A2-EAC6-494F-8E2E-816BA795451F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2AD03479-AFBA-4A99-876B-7325AA65989C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{F38B72CD-E042-4556-9851-B97F2D222268}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{E92329AA-8206-48A5-ABBE-DD2A37979E41}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{78DD3EA1-4B1E-4FF4-B82F-0D0D4A56C378}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{905CF5C4-E01E-4971-A45D-A9A80D6DE9CD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{3F336008-F3F2-4C0B-881B-A301B222823E}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "UDP Query User{5FECF3EE-86D1-47BC-BD2A-453AE59C71BB}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "TCP Query User{DBB318F5-BE5F-4872-9AEA-6F4361F42DF3}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare "UDP Query User{555744A8-C80E-4137-AC70-78D3AAA60EB5}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare "{D48FD893-83A6-4F26-B724-B64EB3B8FE57}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9F395C77-7D29-48BA-842E-F9C6EE2DE12B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{DEF35497-93F7-4007-88BF-FAB0755F6095}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{A33F503C-4E30-451B-8A83-F525B97810D5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo "{719E29E3-31D8-4D82-8296-AF564A8F0053}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{C2698A84-1F36-4C21-8219-8C1E4A982E7B}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-29 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704] R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-29 69128] R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] S2 gupdate1c92ad758556273;Google Update Service (gupdate1c92ad758556273);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-10-10 133104] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8829984-9d51-11dd-88df-001fc60fd93b}] \shell\AutoRun\command - K:\Autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\Windows\Tasks\GoogleUpdateTaskMachine.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-10-10 14:54] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3uehiu4w.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - C:\Program Files\Google\Update\1.2.131.25\npGoogleOneClick6.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 23:06:58 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-18 23:08:24 ComboFix-quarantined-files.txt 2008-10-18 21:08:20 Pre-Run: 122,918,658,048 byte ledig Post-Run: 122,879,262,720 byte ledig 275 --- E O F --- 2008-10-17 13:45:06 Resten kommer Lenke til kommentar
Scorpio45 Skrevet 18. oktober 2008 Forfatter Del Skrevet 18. oktober 2008 (endret) HJT Logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:15:17, on 18.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\system32\schtasks.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Desktoptopia\Desktoptopia.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\hp\kbd\kbd.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer.4.24.0\gears.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bolt win] "C:\ProgramData\wave ping ping.b9n0vi1" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Desktoptopia.lnk = C:\Program Files\Desktoptopia\Desktoptopia.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer.4.24.0\gears.dll O9 - Extra 'Tools' menuitem: Innstillinger for &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer.4.24.0\gears.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c92ad758556273) (gupdate1c92ad758556273) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6918 bytes Håper du kan hjelpe med noe ut av dette Endret 18. oktober 2008 av Scorpio45 Lenke til kommentar
Scorpio45 Skrevet 18. oktober 2008 Forfatter Del Skrevet 18. oktober 2008 ops, når jeg gjorde HJT scannet.La jeg bare HJT på skrivebordet..har dette mye og si? Lenke til kommentar
snippsat Skrevet 18. oktober 2008 Del Skrevet 18. oktober 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKCU\..\Run: [bolt win] "C:\ProgramData\wave ping ping.b9n0vi1" O13 - Gopher Prefix: Hent NoLop legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. post logg C:\NoLop txt. Start->kjør eller søk(vista) Lim inn fet tekst. notepad %systemroot%\system32\drivers\etc\hosts 127.0.0.1 localhost <er det CID her fjerner du det eller alt som er her.> Se om problemet er borte. Endret 18. oktober 2008 av SNIPPSAT Lenke til kommentar
Scorpio45 Skrevet 18. oktober 2008 Forfatter Del Skrevet 18. oktober 2008 Får ikke startet NoLop.exe fordi "Component 'mscomctl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid" det som står på den host filen er: 127.0.0.1 localhost ::1 localhost Lenke til kommentar
snippsat Skrevet 18. oktober 2008 Del Skrevet 18. oktober 2008 Ok bruk pcen litt og se om problemet er borte. Lenke til kommentar
Scorpio45 Skrevet 18. oktober 2008 Forfatter Del Skrevet 18. oktober 2008 (endret) Virker som det er borte når jeg bruker Internet Explorer popper de alltid opp. såå håper på det beste. TUSEN takk for hjelpen :!: Endret 18. oktober 2008 av Scorpio45 Lenke til kommentar
r2d290 Skrevet 18. oktober 2008 Del Skrevet 18. oktober 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
snippsat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. MBAM beholder du. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå