enkel måte å bli kvitt poppup

5 314 · 10. september 2007

er dritt lei av å skanne med masse div prog. har skannet og fjernet noe virus. men blir ikke kvitt poppup. noen som har ide ?

Kizzax95 · 10. september 2007

det skulle gå bedre med Mozilla Firefox som internett og Kapersky som virus beskyttelse

5 314 · 10. september 2007

herregud. JEG BRUKER IKKE IE :|

only firefox her ;P

norbat · 10. september 2007

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Dette kan muligens si litt mer om hva dette kan være

5 314 · 10. september 2007

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 22:04:50, on 10.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Eset\nod32krn.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Eset\nod32kui.exe

C:\programfiler\powerstrip\pstrip.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Saga\Super Popup Blocker\popkill.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\mIRC\mirc.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Programfiler\Winamp\winamp.exe

G:\Install\VirusProg\hijackthis_sfx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://network.adsmarket.com/click/imNxmY2...DRON_8709061045

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Super Popup Blocker - {F1C0FAF2-E52F-4370-BC75-2C828C027B9E} - C:\WINDOWS\system32\popkill.dll

O3 - Toolbar: POPStopperIE.CToolbar - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.dll (file missing)

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [imekrmig7.0] "C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"

O4 - HKLM\..\Run: [iMSCMig] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync

O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync

O4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32

O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\Bone 64.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [settings Help] C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [POP-Stopper-IE] "C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.exe"

O4 - HKCU\..\Run: [bPS Spyware Remover] C:\Programfiler\BPS Remover\BPSRem.exe /STARTUP

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Killer - {4E977C01-2D5C-11d6-B169-C75E058B1270} - C:\Saga\Super Popup Blocker\popkill.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{556D7AF6-E5C0-47B9-8823-8CE5E955F579}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

norbat · 10. september 2007

https://www.diskusjon.no/index.php?showtopic=827277&hl=

Fortsett med å kjøre en full scan med SAS:

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

Post ny HJT-logg + loggen fra SAS (preferences->statistics/logs)

5 314 · 11. september 2007

jeg får bluescreen når jeg installerer sas :S

norbat · 11. september 2007

Hvis det er problemer med SAS, prøver vi med Combofix

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (vanligvis c:\combofix.txt)

5 314 · 11. september 2007

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-09-08.7 - "1915" 2007-09-11 15:36:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2344 [GMT 2:00]

.

((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))

.

2007-09-10 22:23 <DIR> d-------- C:\WINDOWS\LastGood

2007-09-10 22:20 <DIR> d-------- C:\kav

2007-09-10 17:03 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll

2007-09-10 17:03 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll

2007-09-10 17:03 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-09-10 17:00 <DIR> d-------- C:\Saga

2007-09-09 19:35 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-09-09 12:28 61,440 --a------ C:\WINDOWS\system32\RACMGR32.EXE

2007-09-09 12:28 185 --a------ C:\WINDOWS\system32\msblcd32.dll

2007-09-09 12:28 165,680 --a------ C:\WINDOWS\system32\AUTMGR32.EXE

2007-09-09 12:28 140,288 --a------ C:\WINDOWS\system32\AUTPRX32.DLL

2007-09-09 12:28 <DIR> d-------- C:\Programfiler\AF Uninstalls

2007-09-08 19:59 <DIR> d-------- C:\Ny mappe

2007-09-08 19:58 <DIR> d-------- C:\Programfiler\BearShare

2007-09-08 19:58 <DIR> d-------- C:\My Downloads

2007-09-08 19:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-09-08 19:08 <DIR> d-------- C:\Programfiler\THQ

2007-09-08 16:36 <DIR> d-------- C:\Programfiler\iTunes

2007-09-08 16:36 <DIR> d-------- C:\Programfiler\iPod

2007-09-08 16:36 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Apple Computer

2007-09-08 16:35 <DIR> d-------- C:\Programfiler\QuickTime

2007-09-08 16:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2007-09-08 16:35 <DIR> d-------- C:\Programfiler\Apple Software Update

2007-09-08 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple Computer

2007-09-08 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple

2007-09-08 15:33 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-08 15:33 106 --a------ C:\delete.bat

2007-09-08 15:29 <DIR> d-------- C:\Programfiler\AusLogics Disk Defrag

2007-09-08 11:37 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Creative

2007-09-08 11:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\nView_Profiles

2007-09-08 11:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\NVIDIA

2007-09-08 08:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy

2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Programdata

2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Maler

2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Lokale innstillinger

2007-09-07 07:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-09-07 07:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-09-07 07:18 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\SUPERAntiSpyware.com

2007-09-07 06:53 <DIR> dr-h----- C:\DOCUME~1\1915\Siste

2007-09-07 06:35 <DIR> d-------- C:\tab

2007-09-06 20:59 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\dvdcss

2007-09-06 18:22 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Ventrilo

2007-09-06 17:23 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\vlc

2007-09-06 17:16 <DIR> d-------- C:\Programfiler\Stop Test Film

2007-09-06 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\DRIVE EGGS COPY FRAG

2007-09-06 17:15 <DIR> d-------- C:\Programfiler\Windows Live

2007-09-06 17:15 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Stop Test Film

2007-09-06 17:00 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync

2007-09-06 17:00 <DIR> d-------- C:\Programfiler\Fellesfiler\L&H

2007-09-06 16:58 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-09-06 16:58 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.0

2007-09-06 16:57 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-09-06 16:57 <DIR> d-------- C:\Programfiler\Microsoft.NET

2007-09-06 16:57 <DIR> d-------- C:\Programfiler\Microsoft Works

2007-09-06 16:50 <DIR> d-------- C:\Programfiler\Valve

2007-09-06 14:21 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-09-06 14:20 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2007-09-06 14:20 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys

2007-09-06 14:20 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys

2007-09-06 14:20 27,136 --a------ C:\WINDOWS\system32\irmon.dll

2007-09-06 14:20 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-09-06 14:20 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS

2007-09-06 14:20 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys

2007-09-06 14:20 152,576 --a------ C:\WINDOWS\system32\irftp.exe

2007-09-06 14:20 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys

2007-09-06 14:20 <DIR> d-------- C:\Programfiler\DAEMON Tools

2007-09-06 14:19 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-09-06 14:19 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-09-06 14:19 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-09-06 14:18 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2007-09-06 14:18 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC

2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Programdata

2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Lokale innstillinger

2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Programdata

2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Start-meny

2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Start-meny

2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenter

2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Skrivere

2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Siste

2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Maler

2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\AndrMask

2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Maler

2007-09-06 14:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2007-09-06 14:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Skrivebord

2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mine dokumenter

2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritter

2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Skrivebord

2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritter

2007-09-06 14:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet

2007-09-06 14:04 <DIR> d-------- C:\Programfiler\Bonjour

2007-09-06 13:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2007-09-06 13:59 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer

2007-09-06 13:59 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\WinRAR

2007-09-06 13:58 <DIR> d-------- C:\Programfiler\ratDVD

2007-09-06 13:58 <DIR> d-------- C:\Programfiler\CDBurnerXP Pro 3

2007-09-06 13:57 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6637.sys

2007-09-06 13:57 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-06 13:13 <DIR> d-------- C:\Programfiler\Yahoo!

2007-09-06 13:13 <DIR> d-------- C:\Programfiler\PowerStrip

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((( snapshot_2007-09-08_153438,84 )))))))))))))))))))))))))))))))))))))))))

.

----a-r 27,136 2007-09-08 14:35:53 C:\WINDOWS\Installer\{492724FC-3B26-46B4-824F-3CE2722D9AA0}\AppleSoftwareUpdateIco.exe

----a-r 7,358 2007-09-08 17:10:10 C:\WINDOWS\Installer\{BA801B94-C28D-46EE-B806-E1E021A3D519}\ARPPRODUCTICON.exe

----a-r 102,400 2007-09-08 14:36:25 C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe

----a-w 24,344 2007-04-04 12:58:26 C:\WINDOWS\LastGood\system32\DRIVERS\klim5.sys

----a-w 109,360 2006-10-03 17:47:52 C:\WINDOWS\system32\GEARAspi.dll

----a-w 135,168 2007-07-11 23:22:00 C:\WINDOWS\system32\java.exe

----a-w 135,168 2007-07-11 23:22:04 C:\WINDOWS\system32\javaw.exe

----a-w 139,264 2007-07-12 00:22:38 C:\WINDOWS\system32\javaws.exe

----a-w 1,386,496 2004-02-24 01:42:40 C:\WINDOWS\system32\msvbvm60.dll

----a-w 14,032 2006-02-03 06:41:26 C:\WINDOWS\system32\x3daudio1_0.dll

----a-w 229,584 2006-03-31 10:39:48 C:\WINDOWS\system32\xactengine2_1.dll

----a-w 62,672 2006-03-31 10:39:24 C:\WINDOWS\system32\xinput1_1.dll

----a-w 821,600 2007-09-10 20:27:37 C:\WINDOWS\system32\drivers\avg7core.sys

----a-w 4,224 2007-09-10 20:27:39 C:\WINDOWS\system32\drivers\avg7rsw.sys

----a-w 27,776 2007-09-10 20:27:40 C:\WINDOWS\system32\drivers\avg7rsxp.sys

----a-w 3,968 2007-09-10 20:27:40 C:\WINDOWS\system32\drivers\avgclean.sys

----a-w 19,904 2007-09-10 20:27:40 C:\WINDOWS\system32\drivers\avgmfx86.sys

----a-w 4,960 2007-09-10 20:27:40 C:\WINDOWS\system32\drivers\avgtdi.sys

----a-w 15,664 2006-09-19 12:44:04 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

----a-w 26,496 2004-08-03 21:08:48 C:\WINDOWS\system32\drivers\USBSTOR.SYS

-c--a-w 25,984 2007-07-31 16:11:04 C:\WINDOWS\system32\DRVSTORE\usbaapl_994E87E47618352A3685C90DC662CC9B0428D3B0\usbaapl.sys

----atw 16,384 2007-09-10 20:22:33 C:\WINDOWS\Temp\Perflib_Perfdata_648.dat

----atw 16,384 2007-09-09 07:26:42 C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat

----atw 16,384 2007-09-08 17:43:33 C:\WINDOWS\Temp\Perflib_Perfdata_668.dat

----atw 16,384 2007-09-09 15:25:57 C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat

----atw 16,384 2007-09-10 19:09:09 C:\WINDOWS\Temp\Perflib_Perfdata_674.dat

----atw 16,384 2007-09-08 13:37:53 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat

----atw 16,384 2007-09-08 13:41:07 C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat

----a-w 16,384 2007-09-10 20:12:00 C:\WINDOWS\Temp\Cookies\index.dat

----a-w 32,768 2007-09-10 20:12:00 C:\WINDOWS\Temp\Logg\History.IE5\index.dat

----a-w 32,768 2007-09-10 20:12:00 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

----a-w 96,256 2006-12-01 20:56:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

----a-w 479,232 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

----a-w 548,864 2006-12-01 20:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

----a-w 626,688 2006-12-01 20:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

.

----a-w 1,392,671 2004-08-03 23:03:18 C:\WINDOWS\system32\msvbvm60.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-17 02:04 C:\WINDOWS\SkyTel.exe]

"PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2005-06-28 21:15]

"imekrmig7.0"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2003-07-14 22:57]

"IMSCMig"="C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]

"CJIMETIPSYNC"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57]

"PHIMETIPSYNC"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57]

"IMJPMIG9.0"="C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2003-07-14 22:57]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-10 22:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

"BandwidthMeterPro"="C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe" [2006-10-09 08:24]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

"Steam"="c:\programfiler\valve\steam\steam.exe" [2007-09-06 16:53]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2006-07-29 19:33]

"POP-Stopper-IE"="C:\Program Files\POP-Stopper-IE\POP-Stopper-IE.exe" []

"BPS Spyware Remover"="C:\Programfiler\BPS Remover\BPSRem.exe" []

"Settings Help"="C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe" []

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\

BTTray.lnk - C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe [2004-09-02 15:34:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

"C:\Programfiler\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]

C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programfiler\Winamp\winampa.exe

R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS

R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys

R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys

*Newly Created Service* - AVG7ALRT

*Newly Created Service* - AVG7CORE

*Newly Created Service* - AVG7RSW

*Newly Created Service* - AVG7RSXP

*Newly Created Service* - AVG7UPDSVC

*Newly Created Service* - AVGCLEAN

*Newly Created Service* - AVGEMS

*Newly Created Service* - AVGTDI

*Newly Created Service* - KLIF

.

Contents of the 'Scheduled Tasks' folder

"2007-09-10 20:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-11 15:37:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-11 15:38:18

C:\ComboFix2.txt ... 2007-09-08 15:34

.

--- E O F ---

hjt:

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 15:39:03, on 11.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\programfiler\powerstrip\pstrip.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\mIRC\mirc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe