alexrams Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 De siste dagene har det kommet utrolig mye popups når jeg kjører ie, det er alt mulig av popups fra poker musikk error safe etc legger ved log er det noen som har noen tips så setter jeg pris på det. Har sett på sidene her og har stort sett kjørt det som er av antivirus adaware etc men det forsvinner ikke. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:09, on 30.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hykqehvc.dll",forkonce O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WPS Scanner Service (WPSScannerSvc) - Unknown owner - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (file missing) -- End of file - 3016 bytes Lenke til kommentar
Wut? Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 popper det opp bare når du bruker IE? hva med å bytte tel opera eller firefox? Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Start HJT, velg "Do a system scan only". Sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hykqehvc.dll",forkonce Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\WINDOWS\system32\hykqehvc.dll Restart Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post deretter en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
alexrams Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 Start HJT, velg "Do a system scan only". Sett merke framfor følgende linje og klikk 'Fix checked':O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hykqehvc.dll",forkonce Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\WINDOWS\system32\hykqehvc.dll Restart Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post deretter en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) 9175293[/snapback] Har gjort som du sa og popupene forsvinner allikevel ikke. NB! de kommer også i firefox... Lenke til kommentar
alexrams Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 Start HJT, velg "Do a system scan only". Sett merke framfor følgende linje og klikk 'Fix checked':O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hykqehvc.dll",forkonce Last ned Killbox Start Killbox Velg å 'Delete on reboot' Følgende skal settes inn: C:\WINDOWS\system32\hykqehvc.dll Restart Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post deretter en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs) 9175293[/snapback] her er ny HJT logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:21:00, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {372D2DCD-43AA-4FB9-8C15-1F73642F0DD6} - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\gqgpkynu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\deubjsuq.dll",forkonce O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: system2 - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WPS Scanner Service (WPSScannerSvc) - Unknown owner - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (file missing) -- End of file - 4869 bytes Lenke til kommentar
berxter Skrevet 31. juli 2007 Del Skrevet 31. juli 2007 Jeg ville si at du skal kjøre VundoFix: http://www.atribune.org/content/view/24/2/ Dessuten har fila Norbat ba deg slette med Killbox byttet navn til C:\WINDOWS\system32\deubjsuq.dll 1: Bruk Killbox på deubsjuq 2. Kjør Vundofix 3. Fersk logg. Bernt K Lenke til kommentar
alexrams Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 Jeg ville si at du skal kjøre VundoFix:http://www.atribune.org/content/view/24/2/ Dessuten har fila Norbat ba deg slette med Killbox byttet navn til C:\WINDOWS\system32\deubjsuq.dll 1: Bruk Killbox på deubsjuq 2. Kjør Vundofix 3. Fersk logg. Bernt K 9178172[/snapback] Her er siste logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:34, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {372D2DCD-43AA-4FB9-8C15-1F73642F0DD6} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\gqgpkynu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\deubjsuq.dll",forkonce O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: system2 - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WPS Scanner Service (WPSScannerSvc) - Unknown owner - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (file missing) -- End of file - 4722 bytes Lenke til kommentar
alexrams Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 Jeg ville si at du skal kjøre VundoFix:http://www.atribune.org/content/view/24/2/ Dessuten har fila Norbat ba deg slette med Killbox byttet navn til C:\WINDOWS\system32\deubjsuq.dll 1: Bruk Killbox på deubsjuq 2. Kjør Vundofix 3. Fersk logg. Bernt K 9178172[/snapback] Her er siste logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:34, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {372D2DCD-43AA-4FB9-8C15-1F73642F0DD6} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\gqgpkynu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\deubjsuq.dll",forkonce O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: system2 - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WPS Scanner Service (WPSScannerSvc) - Unknown owner - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (file missing) -- End of file - 4722 bytes 9182767[/snapback] har ikke fått sjekket hvorvidt popupene har blitt borte eller hva. Imidlertid kommer det en error om at denne ikke finnes: C:\WINDOWS\system32\deubjsuq.dll Hvordan får jeg bort den? Lenke til kommentar
norbat Skrevet 1. august 2007 Del Skrevet 1. august 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {372D2DCD-43AA-4FB9-8C15-1F73642F0DD6} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\gqgpkynu.dll O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\deubjsuq.dll",forkonce O20 - Winlogon Notify: system2 - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) Hent Combofix, og legg det på skrivebordet Klikk så på START->KJØR, og kopier følgende tekst inn i 'kjør-vinduet' (i fet): "%userprofile%\Skrivebord\combofix.exe" /v gqgpkynu deubjsuq Etter restart poster du Combofix-loggen (vanligvis c:\combofix.txt) + ny HJT-logg. Lenke til kommentar
alexrams Skrevet 1. august 2007 Forfatter Del Skrevet 1. august 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {372D2DCD-43AA-4FB9-8C15-1F73642F0DD6} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\gqgpkynu.dll O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\deubjsuq.dll",forkonce O20 - Winlogon Notify: system2 - C:\DOCUME~1\Alex\LOCALS~1\Temp\system2.dll (file missing) Hent Combofix, og legg det på skrivebordet Klikk så på START->KJØR, og kopier følgende tekst inn i 'kjør-vinduet' (i fet): "%userprofile%\Skrivebord\combofix.exe" /v gqgpkynu deubjsuq Etter restart poster du Combofix-loggen (vanligvis c:\combofix.txt) + ny HJT-logg. 9184779[/snapback] her er combofix logg ComboFix 07-07-30.2 - "Alex" 2007-08-01 16:48:09.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\dxercmlt.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\{7CD6C~1 C:\Program Files\Common Files\misc001 C:\WINDOWS\keyboard71.dat C:\WINDOWS\keyboard81.dat C:\WINDOWS\keyboard91.dat C:\WINDOWS\system32\aoqfuadh.exe C:\WINDOWS\system32\kcwjxafu.exe C:\WINDOWS\system32\qxtmguho.exe C:\WINDOWS\system32\xbgjrnsg.exe C:\WINDOWS\system32\xouosgwu.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_WINIO ((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 ))))))))))))))))))))))))))))))) 2007-08-01 16:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-01 00:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-31 21:24 <DIR> d-------- C:\VundoFix Backups 2007-07-30 22:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-07-30 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-30 22:08 <DIR> d-------- C:\DOCUME~1\Alex\APPLIC~1\SUPERAntiSpyware.com 2007-07-30 22:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-30 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-30 21:52 <DIR> d-------- C:\Program Files\CCleaner 2007-07-30 21:39 <DIR> d-------- C:\!KillBox 2007-07-30 18:06 <DIR> d-------- C:\{00004495-0001-0000-12D7-9622B676C05A} 2007-07-30 16:46 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-07-30 15:47 <DIR> d-------- C:\Program Files\a-squared Free 2007-07-30 14:36 126,016 --a------ C:\WINDOWS\system32\nidwafbo.dll 2007-07-30 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-30 11:49 616 --a------ C:\WINDOWS\system32\GetValue.vbs 2007-07-30 11:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-30 11:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-30 00:58 <DIR> d-------- C:\Program Files\Trend Micro 2007-07-30 00:39 86,832 --a------ C:\WINDOWS\ds2engm.dat 2007-07-30 00:39 73,144 --a------ C:\WINDOWS\dwreng4.dat 2007-07-30 00:39 211,830 --a------ C:\WINDOWS\catdws.dat 2007-07-30 00:38 894,702 --a------ C:\WINDOWS\ds2eng5.dat 2007-07-30 00:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-07-30 00:36 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2007-07-30 00:36 <DIR> d-------- C:\Program Files\Dynamic 2007-07-30 00:08 126,016 --a------ C:\WINDOWS\system32\rlgygrnv.dll 2007-07-27 23:58 1,596 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-26 20:13 <DIR> d-------- C:\Program Files\PAN Vision (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-30 21:52 --------- d-------- C:\Program Files\Yahoo! 2007-07-30 08:00 --------- d-------- C:\DOCUME~1\Alex\APPLIC~1\BitTorrent 2007-07-30 00:49 --------- d-------- C:\DOCUME~1\Alex\APPLIC~1\Skype 2007-07-27 22:27 --------- d-------- C:\Program Files\DC++ 2007-07-27 16:14 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-27 16:14 --------- d-------- C:\Program Files\Ulead Systems 2007-07-24 20:00 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-07-24 20:00 335 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-07-24 19:44 --------- d-------- C:\Program Files\daTax 2007-07-03 22:18 --------- d-------- C:\Program Files\Vstplugins 2007-06-30 12:03 --------- d-------- C:\Program Files\Native Instruments 2007-06-29 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-06-27 04:27 44240 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-06-27 03:59 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-06-27 03:58 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-06-27 03:58 2303488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-27 03:56 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-06-27 03:51 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-06-27 03:51 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-06-27 03:51 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-06-27 03:50 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-06-27 03:50 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-06-27 03:49 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-06-27 03:48 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-06-27 03:44 8232960 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-06-27 03:41 2940992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-06-27 03:31 1519744 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-06-27 03:30 972072 --a------ C:\WINDOWS\system32\ativva6x.dat 2007-06-27 03:30 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-06-27 03:30 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2007-06-27 03:19 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-06-27 03:17 266240 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-06-27 03:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-06-27 03:15 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-06-27 03:14 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-06-27 03:10 376832 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-06-20 10:21 19000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2007-06-20 00:05 --------- d-------- C:\Program Files\Common Files\Native Instruments 2007-06-12 22:07 --------- d-------- C:\Program Files\Astonsoft 2007-06-12 21:42 --------- d-------- C:\Program Files\GetData 2007-06-12 20:57 --------- d-------- C:\Program Files\Common Files\Astonsoft 2007-06-05 19:40 149278 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-06-04 17:12 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-05-16 17:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R2 ANIO;ANIO Service;\??\C:\WINDOWS\system32\ANIO.SYS R2 eLoggerSvc6;Norman eLogger service 6;C:\Norman\Npm\bin\ELOGSVC.EXE R2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\WINDOWS\system32\Drivers\GPWADrv.sys R3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS R3 USBMN1X1;USB Midi 1x1;C:\WINDOWS\system32\drivers\usbmn1x1.sys R3 Wpsnuio;NDIS Usermode I/O Protocol for WPS PC 2.0;C:\WINDOWS\system32\DRIVERS\wpsnuio.sys S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys S3 ctljystk;Creative SBLive! Gameport;C:\WINDOWS\system32\DRIVERS\ctljystk.sys S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR S3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys S3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys S3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys S3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 Tomcat5;Apache Tomcat;"C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys S4 MySQL5;MySQL5;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL5 Contents of the 'Scheduled Tasks' folder 2006-10-29 06:15:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1143268638.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-01 16:54:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000040 scanning hidden files ... C:\WINDOWS\WinSxS C:\WINDOWS\win.kfl C:\WINDOWS\win.tmp C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\winnt.bmp C:\WINDOWS\winnt256.bmp C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\Zapotec.bmp C:\WINDOWS\_default.pif C:\WINDOWS\{00000002-00000000-00000007-00001102-00000002-80611102}.CDF scan completed successfully hidden files: 13 ************************************************************************** Completion time: 2007-08-01 16:55:33 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-01 16:55 --- E O F --- og her er hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:57, on 01.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WPS Scanner Service (WPSScannerSvc) - Unknown owner - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (file missing) -- End of file - 4185 bytes Lenke til kommentar
norbat Skrevet 1. august 2007 Del Skrevet 1. august 2007 Kunne du også kjøre og poste loggen fra følgende prog: Rootchk. Hvordan kjører forøvrig pc'n? Lenke til kommentar
alexrams Skrevet 1. august 2007 Forfatter Del Skrevet 1. august 2007 Kunne du også kjøre og poste loggen fra følgende prog: Rootchk. Hvordan kjører forøvrig pc'n? 9188007[/snapback] Her er loggen ********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh 01.08.2007 17:59:06,25 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-01 17:59:06 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\WinSxS C:\WINDOWS\win.kfl C:\WINDOWS\win.tmp C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\winnt.bmp C:\WINDOWS\winnt256.bmp C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\Zapotec.bmp C:\WINDOWS\_default.pif C:\WINDOWS\{00000002-00000000-00000007-00001102-00000002-80611102}.CDF hidden processes: 0 hidden files: 13 Pc'n later til å kjøre ganske bra, har ikke vært noen popups på en stund. Tror det kom én tidligere i dag og det var vel før jeg kjørte de siste scanningene. Takk for hjelpen og skulle det dukke opp noe så vet jeg hvor jeg får hjelp. Nok en gang tusen takk. Dette har vært et skikkelig hodebry, håpet i det lengste jeg skulle slippe å formatere :-) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå