since91 Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 (endret) Hello! Tidligere hadde jeg problemer med partypoker og noen svenske IE-popups. Og siden jeg ikke bruker IE, slettet jeg det. Men når jeg nå logger inn på MSN eller åpner firefox, popper det opp 64 pop-ups! - Sinnsykt irriterende. Det som er rart, er at jeg har slettet IE, men alikevel kommer disse pop-upsa opp i IE. En annen ting er at de er helt tomme! - Ingen reklame eller noe, bare helt hvite... Håper noen har en løsning Edit: Btw, de popper visst også opp som de vil, fant jeg ut... Endret 31. mai 2007 av Jonatan777 Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Heisann, Start med å kjøre gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246, så tar vi det derfra Lenke til kommentar
since91 Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 (endret) oki Edit: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 15:22:53, on 28.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe D:\Programmer\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\Programmer\DAEMON Tools\daemon.exe D:\Programmer\PC Tools AntiVirus\PCTAV.exe D:\Programmer\iTunes\iTunesHelper.exe D:\Programmer\CounterSpy\SBCSTray.exe C:\Programfiler\Azureus Installer\Azureus-Installer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Jonatan\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCTAVApp] "D:\Programmer\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmer\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sBCSTray] D:\Programmer\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Azureus Installer] "C:\Programfiler\Azureus Installer\Azureus-Installer.exe" hmw O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\Programmer\PC Tools AntiVirus\PCTAVSvc.exe Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-(21-05-07)-LOG, by ejvindh28.05.2007 15:41:53,75 Driver npf (visible) is present. Run COMBOFIX by sUBs. ********************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 15:41:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/28/2007 at 05:11 PM Application Version : 3.8.1002 Core Rules Database Version : 3245 Trace Rules Database Version: 1256 Scan type : Complete Scan Total Scan Time : 01:27:54 Memory items scanned : 416 Memory threats detected : 0 Registry items scanned : 5579 Registry threats detected : 0 File items scanned : 41488 File threats detected : 3 Trojan.NewDotNet C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC3CEBC5-72EA-4575-8B8C-FF55E4013033}\RP68\A0011457.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC3CEBC5-72EA-4575-8B8C-FF55E4013033}\RP68\A0011493.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC3CEBC5-72EA-4575-8B8C-FF55E4013033}\RP68\A0011494.EXE Endret 28. mai 2007 av Jonatan777 Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Loggen viser ingen spesielle ting, men få kjørt en rens med CCleaner og en full scan med SAS (se langversjonen). Ta også å kjør Rootchk. Hvis den finner noe, poster du også den loggen. Lenke til kommentar
norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 Last ned Winsockfix. Denne kan du gjemme på og bruke om nettforbindelsen blir korrupt etter fixet. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) + ny HJT-logg Lenke til kommentar
since91 Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 (endret) Klikk for å se/fjerne innholdet nedenfor 2007-03-09 23:38:49 0 ----a-w C:\AUTOEXEC.BAT2007-03-09 23:37:06 21,704 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-09 07:57:40 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PtiuPbmd"="ptipbm.dll" [2003-01-15 13:41 C:\WINDOWS\system32\ptipbm.dll] "SoundMan"="SOUNDMAN.EXE" [] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 11:54] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "DAEMON Tools"="D:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "PCTAVApp"="D:\Programmer\PC Tools AntiVirus\PCTAV.exe" [2007-05-07 06:30] "iTunesHelper"="D:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "@"="" [] "SBCSTray"="D:\Programmer\CounterSpy\SBCSTray.exe" [2007-03-09 10:31] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-17 21:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Azureus Installer"="C:\Programfiler\Azureus Installer\Azureus-Installer.exe" [2007-03-15 16:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] AutoRun\command- L:\SETUP.EXE /AUTORUN configure\command- L:\SETUP.EXE install\command- L:\SETUP.EXE Contents of the 'Scheduled Tasks' folder 2007-05-26 15:03:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 14:50:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-29 14:50:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-29 14:50 --- E O F --- Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 14:52:39, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\nvsvc32.exe D:\Programmer\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\Programmer\DAEMON Tools\daemon.exe D:\Programmer\PC Tools AntiVirus\PCTAV.exe D:\Programmer\iTunes\iTunesHelper.exe D:\Programmer\CounterSpy\SBCSTray.exe C:\Programfiler\Azureus Installer\Azureus-Installer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jonatan\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCTAVApp] "D:\Programmer\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmer\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sBCSTray] D:\Programmer\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Azureus Installer] "C:\Programfiler\Azureus Installer\Azureus-Installer.exe" hmw O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\fellesfiler\pc tools\lsp\pctlsp.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\Programmer\PC Tools AntiVirus\PCTAVSvc.exe Endret 29. mai 2007 av Jonatan777 Lenke til kommentar
norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 Savner en del av combofix-loggen Hvis den er for lang legger du den bare i 2 "skjul"-tagger Lenke til kommentar
since91 Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Combofixlog: Klikk for å se/fjerne innholdet nedenfor "Jonatan" - 2007-05-29 14:46:19 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Programfiler\Mozilla Firefox\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\WINDOWS\system32\Packet.dll" "C:\WINDOWS\system32\pthreadVC.dll" "C:\WINDOWS\system32\WanPacket.dll" "C:\WINDOWS\system32\wpcap.dll" "C:\WINDOWS\system32\drivers\npf.sys" ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 )))))))))))))))))))))))))))))))))) 2007-05-28 15:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-28 15:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-05-28 15:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-28 15:40 <DIR> d-------- C:\DOCUME~1\Jonatan\PROGRA~1\SUPERAntiSpyware.com 2007-05-28 15:25 <DIR> dr-h----- C:\Documents and Settings\Jonatan\Siste 2007-05-28 15:25 <DIR> dr-h----- C:\DOCUME~1\Jonatan\Siste 2007-05-24 23:28 <DIR> d-------- C:\Programfiler\Xilisoft 2007-05-24 23:01 <DIR> d-------- C:\Programfiler\Super DVD Creator 9.30 2007-05-24 22:26 <DIR> d-------- C:\VideoOutput 2007-05-24 22:24 <DIR> d-------- C:\Programfiler\Allok AVI to DVD SVCD VCD Converter 2007-05-24 22:16 <DIR> d-------- C:\Programfiler\WinAVIVideoConverter 2007-05-22 14:41 <DIR> d-------- C:\Documents and Settings\Jonatan\Shared 2007-05-22 14:41 <DIR> d-------- C:\Documents and Settings\Jonatan\Incomplete 2007-05-22 14:41 <DIR> d-------- C:\DOCUME~1\Jonatan\Shared 2007-05-22 14:41 <DIR> d-------- C:\DOCUME~1\Jonatan\PROGRA~1\LimeWire 2007-05-22 14:41 <DIR> d-------- C:\DOCUME~1\Jonatan\Incomplete 2007-05-22 14:40 <DIR> d-------- C:\Programfiler\LimeWire 2007-05-18 15:30 <DIR> d-------- C:\Programfiler\DivX 2007-05-17 21:08 <DIR> d-------- C:\Programfiler\Google 2007-05-17 18:17 <DIR> d-------- C:\BFU 2007-05-09 17:37 <DIR> d-------- C:\Programfiler\Joost 2007-05-09 17:37 <DIR> d-------- C:\DOCUME~1\Jonatan\PROGRA~1\Joost 2007-05-07 15:18 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys 2007-05-02 17:42 <DIR> d-------- C:\Programfiler\Audio Recorder for FREE 2007-05-02 14:44 21,120 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys 2007-05-02 14:43 <DIR> d-------- C:\Programfiler\NCH Swift Sound 2007-05-02 14:43 <DIR> d-------- C:\DOCUME~1\Jonatan\PROGRA~1\NCH Swift Sound 2007-05-01 12:48 <DIR> d-------- C:\DOCUME~1\Jonatan\PROGRA~1\SnapTeam 2007-05-01 12:43 53,248 --a------ C:\WINDOWS\ap561.exe 2007-05-01 12:43 119,798 --a------ C:\WINDOWS\system32\drivers\SPCA561.SYS 2007-05-01 12:43 118,784 --a------ C:\WINDOWS\ShowBmp.exe 2007-05-01 12:43 <DIR> d-------- C:\WINDOWS\Setup2K 2007-05-01 12:40 <DIR> d-------- C:\Programfiler\Snap 2007-04-29 22:28 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-04-29 22:25 <DIR> d-------- C:\WINDOWS\network diagnostic (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-28 20:21:40 66,686 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-05-28 20:21:40 396,586 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-05-27 17:45:09 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\Azureus 2007-05-24 18:32:30 -------- d-----w C:\Programfiler\Windows Live Safety Center 2007-05-18 13:30:46 3,379 ----a-w C:\WINDOWS\mozver.dat 2007-05-08 12:22:44 -------- d-----w C:\Programfiler\Windows NT 2007-05-01 10:43:49 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-05-01 10:43:46 -------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-05-01 10:23:05 -------- d-----w C:\Programfiler\Syncrosoft 2007-04-21 10:49:04 350 ----a-w C:\WINDOWS\system32\SBFC.dat 2007-04-21 10:49:04 2,151,789 ----a-w C:\WINDOWS\system32\SBSP.dat 2007-04-21 10:14:53 -------- d-----w C:\Programfiler\iPod 2007-04-21 10:10:31 -------- d-----w C:\Programfiler\Apple Software Update 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-13 20:03:17 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\PC Tools 2007-04-13 20:02:33 -------- d-----w C:\Programfiler\Fellesfiler\PC Tools 2007-04-12 20:26:26 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\Google 2007-04-12 13:36:16 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\WebCompiler3 2007-04-11 16:46:24 8,464 ----a-w C:\WINDOWS\system32\sporder.dll 2007-04-11 16:44:00 -------- d-----w C:\Programfiler\Nicknames for Messenger 2007-04-10 13:21:08 -------- d-----w C:\Programfiler\Fellesfiler\NSV 2007-04-08 11:56:55 -------- d-----w C:\Programfiler\Windows Media Connect 2 2007-04-07 17:07:35 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\Steinberg 2007-04-05 11:10:14 -------- d-----w C:\DOCUME~1\Jonatan\PROGRA~1\Ahead 2007-04-04 09:04:37 -------- d-----w C:\Programfiler\ImTOO 2007-03-30 10:28:21 -------- d-----w C:\Programfiler\Blues for Piano and Keyboard 10.0 2007-03-29 14:47:10 -------- d-----w C:\Programfiler\PlayPianoTODAY 2007-03-29 14:47:08 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-29 14:45:52 -------- d-----w C:\Programfiler\Piano Lessons Unlimited 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-10 00:27:12 36 ----a-w C:\WINDOWS\system32\azi.dat 2007-03-10 00:24:30 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-09 23:38:49 0 --sha-r C:\MSDOS.SYS 2007-03-09 23:38:49 0 --sha-r C:\IO.SYS 2007-03-09 23:38:49 0 ----a-w C:\CONFIG.SYS 2007-03-09 23:38:49 0 ----a-w C:\AUTOEXEC.BAT 2007-03-09 23:37:06 21,704 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-09 07:57:40 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys Klikk for å se/fjerne innholdet nedenfor (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PtiuPbmd"="ptipbm.dll" [2003-01-15 13:41 C:\WINDOWS\system32\ptipbm.dll] "SoundMan"="SOUNDMAN.EXE" [] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 11:54] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "DAEMON Tools"="D:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "PCTAVApp"="D:\Programmer\PC Tools AntiVirus\PCTAV.exe" [2007-05-07 06:30] "iTunesHelper"="D:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "@"="" [] "SBCSTray"="D:\Programmer\CounterSpy\SBCSTray.exe" [2007-03-09 10:31] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-17 21:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Azureus Installer"="C:\Programfiler\Azureus Installer\Azureus-Installer.exe" [2007-03-15 16:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] AutoRun\command- L:\SETUP.EXE /AUTORUN configure\command- L:\SETUP.EXE install\command- L:\SETUP.EXE Contents of the 'Scheduled Tasks' folder 2007-05-26 15:03:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 14:50:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-29 14:50:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-29 14:50 --- E O F --- Lenke til kommentar
norbat Skrevet 30. mai 2007 Del Skrevet 30. mai 2007 HJT-loggen ser grei ut. Hvordan går det med popupen? Lenke til kommentar
since91 Skrevet 31. mai 2007 Forfatter Del Skrevet 31. mai 2007 Har ikke hatt problemer etter å ha kjørt disse programmene du har tipset om. Så da er vel problemet løst! Tusen takk for hjelpen Lenke til kommentar
norbat Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Du bør nå 'nullstille' gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå