2bb1 Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 (endret) Hei, det driver å popper opp all slags "WARNING!! You are infected" osv. og at jeg kan kjøpe antivirus og masse piss. Legger ved et bilde av en av pop-upene som er svært populære: Poppet opp et til nå: Noen som vet hvordan jeg blir kvitt dette? Kan legge ved et bilde av "Legg til/fjern programmer"-listen om det er ønskelig. Endret 23. mai 2007 av 2bb1 Lenke til kommentar
Centuss Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Error safe. Verste jeg vet. Hvis du har mistanke om at du har fått noe dritt på dataen så anbefaler jeg deg sterkt å formatere. Lenke til kommentar
2bb1 Skrevet 23. mai 2007 Forfatter Del Skrevet 23. mai 2007 Tror jeg heller lever med det fremfor å formatere, hehe. Ingen som vet hvordan man får det vekk uten å formatere? Lenke til kommentar
frohmage Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Det finnes masse tips om dette på nettet, men det er en stund siden jeg var igjennom dette, så jeg husker ikke hvilken fremgangsmåte jeg brukte. Prøv å google "errorsafe removal" Lenke til kommentar
norbat Skrevet 23. mai 2007 Del Skrevet 23. mai 2007 Hent SAS, installer og oppdater. Kjør en 'Complete' scan. Pc'n vil restarte. Hent deretter Hijackthis, legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen men loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
2bb1 Skrevet 24. mai 2007 Forfatter Del Skrevet 24. mai 2007 SAS logfile: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/24/2007 at 09:42 PM Application Version : 3.8.1002 Core Rules Database Version : 3243 Trace Rules Database Version: 1254 Scan type : Complete Scan Total Scan Time : 00:37:39 Memory items scanned : 516 Memory threats detected : 3 Registry items scanned : 4763 Registry threats detected : 45 File items scanned : 51472 File threats detected : 62 Trojan.WinFixer C:\WINDOWS\SYSTEM32\AWTSP.DLL C:\WINDOWS\SYSTEM32\AWTSP.DLL HKLM\Software\Classes\CLSID\{9D408F9F-CF72-4C51-BD87-176D6BED84A0} HKCR\CLSID\{9D408F9F-CF72-4C51-BD87-176D6BED84A0} HKCR\CLSID\{9D408F9F-CF72-4C51-BD87-176D6BED84A0}\InprocServer32 HKCR\CLSID\{9D408F9F-CF72-4C51-BD87-176D6BED84A0}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D408F9F-CF72-4C51-BD87-176D6BED84A0} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsp Adware.Vundo Variant C:\WINDOWS\SYSTEM32\XXYXYXU.DLL C:\WINDOWS\SYSTEM32\XXYXYXU.DLL HKLM\Software\Classes\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32 HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\XDHTEDPB.DLL HKLM\Software\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B} HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B} HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32 HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\KCAAANVQ.DLL HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32 HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\LTUQFWUW.DLL HKLM\Software\Classes\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A} HKCR\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A} HKCR\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A}\InprocServer32 HKCR\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32 HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\LUGOCFDI.DLL HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32 HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\NMDEEEOU.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68218620-3D65-43F6-AD47-D38D84B5412A} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{68218620-3D65-43F6-AD47-D38D84B5412A} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxyxyxu HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{68218620-3D65-43F6-AD47-D38D84B5412A} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A} Trojan.Downloader-CREW C:\WINDOWS\SYSTEM32\YQNDSPXT.DLL C:\WINDOWS\SYSTEM32\YQNDSPXT.DLL HKLM\Software\Classes\CLSID\{44838946-68EE-4F7A-B226-553C8D8504B6} HKCR\CLSID\{44838946-68EE-4F7A-B226-553C8D8504B6} HKCR\CLSID\{44838946-68EE-4F7A-B226-553C8D8504B6}\InprocServer32 HKCR\CLSID\{44838946-68EE-4F7A-B226-553C8D8504B6}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44838946-68EE-4F7A-B226-553C8D8504B6} Adware.Tracking Cookie C:\Documents and Settings\Torbjørn\Cookies\torbjørn@tradedoubler[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@hitbox[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@imrworldwide[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@doubleclick[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][4].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@usenext[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@adultfriendfinder[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@adrevolver[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@drivecleaner[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@mediaplex[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@atdmt[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@fastclick[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@overture[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@clicktorrent[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@serving-sys[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@cpvfeed[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@advertising[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@partypoker[2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][2].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@winantivirus[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjørn@zedo[1].txt C:\Documents and Settings\Torbjørn\Cookies\torbjø[email protected][1].txt Trojan.Downloader-SpyTool C:\WINDOWS\SYSTEM32\GGUHLBJY.DLL C:\WINDOWS\SYSTEM32\HUUGODDT.DLL C:\WINDOWS\SYSTEM32\JRGWASQF.DLL C:\WINDOWS\SYSTEM32\MESRJFVF.DLL Adware.WhenU D:\PROGRAMFILER\DAEMON TOOLS\SETUPDTSB.EXE Hijack This logfile: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 21:48:45, on 24.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\programfiler\steam\steam.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\ATKKBService.exe D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe D:\Fritid\Programmer\Hijackthis_sfx\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.vg.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file) O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9D408F9F-CF72-4C51-BD87-176D6BED84A0} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ajrtlstq.dll",realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles\48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles/48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe Lenke til kommentar
norbat Skrevet 24. mai 2007 Del Skrevet 24. mai 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file) O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9D408F9F-CF72-4C51-BD87-176D6BED84A0} - (no file) O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ajrtlstq.dll",realset Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\ajrtlstq.dll Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + en ny HJT-logg Lenke til kommentar
2bb1 Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Combofix: Fikk noen errors på slutten, men her er den i allefall: Klikk for å se/fjerne innholdet nedenfor "Torbj›rn" - 2007-06-01 21:43:18 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Torbj›rn\Skrivebord\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\epydfkux.dll C:\WINDOWS\system32\exkedhik.dll C:\WINDOWS\system32\gesirgxk.dll C:\WINDOWS\system32\gwbsfptr.dll C:\WINDOWS\system32\habarent.dll C:\WINDOWS\system32\hebukewx.dll C:\WINDOWS\system32\hgifjmxw.dll C:\WINDOWS\system32\hwqqfnnh.dll C:\WINDOWS\system32\nijpuicd.dll C:\WINDOWS\system32\pcsqivnq.dll C:\WINDOWS\system32\qdpkmdjg.dll C:\WINDOWS\system32\quavibdc.dll C:\WINDOWS\system32\rgalragw.dll C:\WINDOWS\system32\rsjnnmvu.dll C:\WINDOWS\system32\scedsjjm.dll C:\WINDOWS\system32\syrxqkmg.dll C:\WINDOWS\system32\uxwyuetu.dll C:\WINDOWS\system32\vbaijovt.dll C:\WINDOWS\system32\gmkqxrys.ini C:\WINDOWS\system32\pstwa.bak1 C:\WINDOWS\system32\pstwa.bak2 C:\WINDOWS\system32\pstwa.ini2 C:\WINDOWS\system32\pstwa.tmp * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 )))))))))))))))))))))))))))))))))) 2007-06-01 21:29 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2007-06-01 21:29 127,720 --a------ C:\WINDOWS\system32\mucltui.dll 2007-06-01 17:29 <DIR> d-------- C:\Programfiler\Windows Live 2007-06-01 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\WLInstaller 2007-06-01 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\WindowsLiveInstaller 2007-05-24 21:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-24 21:03 <DIR> d-------- C:\DOCUME~1\TORBJR~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-24 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-24 16:18 <DIR> d-------- C:\Documents and Settings\TORBJR~1\Bluetooth Software 2007-05-24 16:18 <DIR> d-------- C:\DOCUME~1\TORBJR~1\Bluetooth Software 2007-05-24 14:43 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys 2007-05-24 14:42 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-05-13 17:04 <DIR> d-------- C:\DOCUME~1\TORBJR~1\PROGRA~1\SopCast 2007-05-06 17:13 <DIR> d-------- C:\DOCUME~1\TORBJR~1\PROGRA~1\Azureus 2007-05-03 15:05 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-05-03 15:05 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2007-05-03 15:05 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-05-03 15:05 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-05-03 15:05 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-05-03 15:05 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2007-05-03 15:05 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-05-03 15:05 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 19:41:45 -------- d-----w C:\Programfiler\Steam 2007-06-01 19:40:37 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2007-06-01 19:40:37 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2007-06-01 18:01:39 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-10001102}.dat 2007-06-01 18:01:39 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-10001102}.dat 2007-05-31 17:08:02 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\uTorrent 2007-05-24 14:17:31 66,876 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-05-24 14:17:31 396,894 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-04-30 11:19:14 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Help 2007-04-25 16:15:12 -------- d-----w C:\Programfiler\Creative 2007-04-25 16:12:58 -------- d-----w C:\Programfiler\Windows Media Connect 2 2007-04-22 01:12:33 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Nokia Multimedia Player 2007-04-21 14:45:21 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Hamachi 2007-04-20 20:41:30 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Nokia 2007-04-20 18:26:51 -------- d-----w C:\Programfiler\DIFX 2007-04-20 18:26:35 -------- d-----w C:\Programfiler\Fellesfiler\PCSuite 2007-04-20 18:26:33 -------- d-----w C:\Programfiler\Fellesfiler\Nokia 2007-04-20 18:26:31 -------- d-----w C:\Programfiler\Nokia 2007-04-20 18:25:48 -------- d-----w C:\Programfiler\PC Connectivity Solution 2007-04-20 18:19:57 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\PC Suite 2007-04-16 16:00:13 -------- d--h--w C:\Programfiler\Zero G Registry 2007-04-15 14:07:51 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Hewlett-Packard 2007-04-15 14:01:14 -------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard 2007-04-09 17:34:10 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Smart PC Solutions 2007-04-05 19:37:15 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Lavasoft 2007-04-05 18:19:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-04 16:34:35 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-04-04 09:15:46 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Logitech 2007-04-02 16:06:01 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\AdobeAUM 2007-04-02 16:05:59 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\AdobeUM 2007-04-02 01:07:18 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-01 15:11:27 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Creative 2007-04-01 13:32:51 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\Leadertech 2007-04-01 13:27:04 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-01 01:38:59 -------- d-----w C:\DOCUME~1\TORBJR~1\PROGRA~1\SmartFTP 2007-03-31 21:16:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-03-31 21:16:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-03-31 18:28:40 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-03-31 15:38:11 184 ----a-w C:\WINDOWS\system32\e000002.dat 2007-03-31 00:32:46 1,164 ----a-w C:\WINDOWS\mozver.dat 2007-03-30 23:36:15 8,464 ----a-w C:\WINDOWS\system32\sporder.dll 2007-03-30 21:51:32 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-30 16:23:29 184 ----a-w C:\WINDOWS\system32\e000001.dat 2007-03-30 15:11:58 0 --sha-r C:\MSDOS.SYS 2007-03-30 15:11:58 0 --sha-r C:\IO.SYS 2007-03-30 15:11:58 0 ----a-w C:\CONFIG.SYS 2007-03-30 15:11:58 0 ----a-w C:\AUTOEXEC.BAT 2007-03-30 15:09:16 21,704 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-20 09:37:46 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-06 19:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-03-02 20:57:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-03-02 20:54:35 307,200 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-03-02 20:53:36 265,728 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-03-02 20:47:51 118,784 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-03-02 20:47:42 110,592 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-02 20:47:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-03-02 20:47:30 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-03-02 20:47:19 110,592 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-03-02 20:46:12 446,464 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-03-02 20:45:32 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-03-02 20:38:53 2,824,512 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-03-02 20:29:23 1,288,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-03-02 20:29:08 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat 2007-03-02 20:21:15 5,398,528 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-03-02 20:17:37 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-03-02 20:16:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-03-02 20:11:44 348,160 ----a-w C:\WINDOWS\system32\ati2cqag.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12] "PCSuiteTrayApplication"="D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "Steam"="c:\programfiler\steam\steam.exe" [2007-05-31 19:07] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [] "SUPERAntiSpyware"="D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles\48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles/48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=D:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a262c2-ded9-11db-87cf-806d6172696f}] AutoRun\command- E:\setup.exe Contents of the 'Scheduled Tasks' folder 2007-06-01 14:08:00 C:\WINDOWS\tasks\WebReg 20070415160812.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-01 21:44:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-01 21:46:47 C:\ComboFix-quarantined-files.txt ... 2007-06-01 21:46 --- E O F --- Ny HJK-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 21:49:11, on 01.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\programfiler\steam\steam.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE D:\Programfiler\DAEMON Tools\daemon.exe D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\ATKKBService.exe D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.vg.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {9D408F9F-CF72-4C51-BD87-176D6BED84A0} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles\48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Torbjørn\Programdata\Mozilla\Firefox\Profiles/48gehwc3.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programfiler\BT WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Hvordan går det med popupsen? Lenke til kommentar
2bb1 Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Ikke lagt merke til noe i det siste, så kan se ut som det virker! Hjertelig takk Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 I 'Scheduled Tasks' ligger det en jobb som heter C:\WINDOWS\tasks\WebReg 20070415160812.job. Er dette noe du kjenner til? (Du kan åpne tasks-mappa ved å gå til Start -> Kjør, skriv/kopier inn C:\WINDOWS\tasks Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
2bb1 Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Den .job-greia er ikke noe jeg kjenner til nei. Skal ta å nullstille gjenopprettingsmappa. Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Hvis du åpner tasks-mappa, så finner du kanskje mer info om hvilket program denne jobben hører til. Hvis ukjent, tar du bare å sletter jobben. Lenke til kommentar
VesleKim Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 For hver mistenkelig pop-up trykker jeg < Alt+F4 > Da er du ikke nær vinduet Men dette hjelper ikke etter du har trykka på det. Lenke til kommentar
2bb1 Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Når jeg går inn på egenskapene kan jeg se at den har noe med denne plasseringen å gjøre: "D:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe" /TaskName 20070415160812 /N "HP psc 1200 Series" /M Q1662A /S $SerialNumber$ /AP 303 /F /T Så det er vel skriveren min/programvaren til skriveren min det har med å gjøre. Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Da kan du bare la den få være i fred. Lenke til kommentar
2bb1 Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Flott, da var det alt? I'm clean now? Lenke til kommentar
norbat Skrevet 2. juni 2007 Del Skrevet 2. juni 2007 Ja, HJT-loggen så fin ut Surf trygt. Lenke til kommentar
2bb1 Skrevet 2. juni 2007 Forfatter Del Skrevet 2. juni 2007 Okei, takk nok en gang! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå