1915 Skrevet 22. juli 2007 Del Skrevet 22. juli 2007 Det spretter opp masse poppupp fra ie. blir ikke kvitt det. bruker BARE firefox. hvordan blir jeg kvitt det? OS: XP pro sp2 Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 21:42:59, on 22.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\programfiler\powerstrip\pstrip.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\progra~1\valve\steam\steam.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Last.fm\LastFM.exe D:\Install\VirusProg\hijackthis_sfx\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fettnerd.org/new/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.partypoker.com/news/items/scanda...?wm=2854809&p=1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Programdata\close poke frag ooze\Hole file.exe O4 - HKLM\..\Run: [store fork ref scr] C:\Documents and Settings\All Users\Programdata\MAGS ADMIN SCR CLOSE\play balm settings.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [skipSetup] C:\DOCUME~1\admin\PROGRA~1\LOGOSE~1\typespampoke.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E692BF2B-40D4-499C-A3C6-9B731758119E}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1EB40B7-2735-4651-B0D5-58C08CF355DA}: NameServer = 10.0.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
nets Skrevet 22. juli 2007 Del Skrevet 22. juli 2007 O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Programdata\close poke frag ooze\Hole file.exe O4 - HKLM\..\Run: [store fork ref scr] C:\Documents and Settings\All Users\Programdata\MAGS ADMIN SCR CLOSE\play balm settings.exe C:\DOCUME~1\admin\PROGRA~1\LOGOSE~1\typespampoke.exe De prosessene så vertfall mistenklige ut ? Lenke til kommentar
1915 Skrevet 22. juli 2007 Forfatter Del Skrevet 22. juli 2007 Fikk sletta alle bortsett fra "hole file" den gikk ikke ant å slette Lenke til kommentar
berxter Skrevet 23. juli 2007 Del Skrevet 23. juli 2007 Prøv Killbox: http://www.bleepingcomputer.com/files/killbox.php Men: Oppdater nod og SAS, restart maskina i safe mode (uten network, f8 under boot), og kjør nod og SAS; også gjerne Adaware i safe mode. Bernt K Lenke til kommentar
1915 Skrevet 23. juli 2007 Forfatter Del Skrevet 23. juli 2007 Prøv Killbox: http://www.bleepingcomputer.com/files/killbox.phpMen: Oppdater nod og SAS, restart maskina i safe mode (uten network, f8 under boot), og kjør nod og SAS; også gjerne Adaware i safe mode. Bernt K 9123875[/snapback] ...?(bildet) Lenke til kommentar
berxter Skrevet 23. juli 2007 Del Skrevet 23. juli 2007 Javel, da finner'n ikke. Har du kjørt programmene i safe mode? Bernt K Lenke til kommentar
1915 Skrevet 23. juli 2007 Forfatter Del Skrevet 23. juli 2007 Javel, da finner'n ikke. Har du kjørt programmene i safe mode? Bernt K 9124099[/snapback] har kjørt sas i safemode. det slutta å sprette opp popupp nå. den fant 9 virus elns i sikkerhetsmodus med NO network ^^ Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå