1915 Skrevet 25. september 2007 Del Skrevet 25. september 2007 (endret) jeg får blueescreen av å bruke superantispyware. så da må noen hjelpe meg å bli kvitt viruset på et annet vis da. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:59:13, on 25.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe C:\progra~1\valve\steam\steam.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\mIRC\mirc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\VideoLAN\VLC\vlc.exe C:\Programfiler\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Nero\Nero 7\Core\nero.exe C:\DOCUME~1\Dan\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5meno_ms/180 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\HELP 16.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe O4 - HKCU\..\Run: [steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [sECTTWO] C:\DOCUME~1\Dan\PROGRA~1\CDROMB~1\Burn Site Dvd.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4A12514E-9AA8-460C-9D32-C594DE22F4E7}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Endret 25. september 2007 av 1915 Lenke til kommentar
norbat Skrevet 25. september 2007 Del Skrevet 25. september 2007 Har du forsøkt å kjøre SAS fra sikker modus? Hvis ikke, prøv det. Lenke til kommentar
1915 Skrevet 25. september 2007 Forfatter Del Skrevet 25. september 2007 har prøvd det og Lenke til kommentar
norbat Skrevet 25. september 2007 Del Skrevet 25. september 2007 Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør HJT, og fix følgende linjer: O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\HELP 16.exe O4 - HKCU\..\Run: [sECTTWO] C:\DOCUME~1\Dan\PROGRA~1\CDROMB~1\Burn Site Dvd.exe Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Folders to delete: C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG C:\DOCUME~1\Dan\PROGRA~1\CDROMB~1 Klikk på Trafikklyset. Restart PC-en. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg Lenke til kommentar
1915 Skrevet 27. september 2007 Forfatter Del Skrevet 27. september 2007 log, combofix. nolop gikk ikke ant å starte :S Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-21.2 - "admin" 2007-09-27 7:03:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2311 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 ))))))))))))))))))))))))))))))) . 2007-09-27 07:03 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-27 06:55 <DIR> d-------- C:\Programfiler\Windows Live 2007-09-27 06:55 <DIR> d-------- C:\Programfiler\Gram Meet 2007-09-26 22:52 <DIR> d-------- C:\Programfiler\Alarm 2007-09-26 22:41 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-09-26 22:41 <DIR> d-------- C:\Programfiler\DAEMON Tools 2007-09-26 22:31 <DIR> d-------- C:\games 2007-09-26 22:31 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\WinRAR 2007-09-26 22:06 <DIR> d-------- C:\Programfiler\Trafi 2007-09-26 22:05 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-09-26 22:05 249,856 --------- C:\WINDOWS\Setup1.exe 2007-09-26 21:38 <DIR> d-------- C:\WINDOWS\pss 2007-09-26 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Yahoo! Companion 2007-09-26 20:31 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-09-26 20:31 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-09-26 20:31 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-09-26 20:31 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-09-26 20:30 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-09-26 20:30 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-09-26 20:29 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2007-09-26 20:29 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC 2007-09-26 20:28 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Programdata 2007-09-26 20:28 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-09-26 20:28 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Programdata 2007-09-26 20:28 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Start-meny 2007-09-26 20:28 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Start-meny 2007-09-26 20:28 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenter 2007-09-26 20:28 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Skrivere 2007-09-26 20:28 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Siste 2007-09-26 20:28 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Maler 2007-09-26 20:28 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\AndrMask 2007-09-26 20:28 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Maler 2007-09-26 20:28 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Skrivebord 2007-09-26 20:28 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-09-26 20:28 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritter 2007-09-26 20:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Skrivebord 2007-09-26 20:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritter 2007-09-26 19:14 96,256 --a------ C:\WINDOWS\system32\drivers\sptd3677.sys 2007-09-26 19:14 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\Yahoo! 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\VideoLAN 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\PowerISO 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\eRightSoft 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\DVDFab Decrypter 3 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\CCleaner 2007-09-26 19:13 <DIR> d-------- C:\Programfiler\Audacity 2007-09-26 19:13 <DIR> d-------- C:\Program Files 2007-09-26 19:12 <DIR> d-------- C:\Programfiler\ImgBurn 2007-09-26 19:12 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer 2007-09-26 19:12 <DIR> d-------- C:\Programfiler\BandwidthMeterPro 2007-09-26 19:12 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\BWMeterPro 2007-09-26 19:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-09-26 19:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-09-26 19:11 <DIR> d-------- C:\Programfiler\Skype 2007-09-26 19:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2007-09-26 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Skype 2007-09-26 19:11 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\Skype 2007-09-26 19:11 <DIR> d-------- C:\audiograbber 2007-09-26 19:10 <DIR> d-------- C:\Programfiler\PowerStrip 2007-09-26 19:10 <DIR> d-------- C:\Programfiler\iTunes 2007-09-26 19:10 <DIR> d-------- C:\Programfiler\iPod 2007-09-26 19:10 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\Apple Computer 2007-09-26 19:09 <DIR> d-------- C:\Programfiler\QuickTime 2007-09-26 19:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2007-09-26 19:09 <DIR> d-------- C:\Programfiler\Apple Software Update 2007-09-26 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Last.fm 2007-09-26 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple Computer 2007-09-26 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple 2007-09-26 19:08 <DIR> d-------- C:\Programfiler\Last.fm 2007-09-26 19:05 <DIR> d-------- C:\Programfiler\Winamp 2007-09-26 19:04 <DIR> d-------- C:\Programfiler\uTorrent 2007-09-26 19:04 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\uTorrent 2007-09-26 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Messenger Plus! 2007-09-26 19:03 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\Screenshot Sender 2007-09-26 19:02 1,152 --a------ C:\WINDOWS\mozver.dat 2007-09-26 19:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\DRIVE EGGS COPY FRAG 2007-09-26 19:01 <DIR> d-------- C:\Programfiler\Adverts 2007-09-26 19:01 <DIR> d-------- C:\DOCUME~1\admin\PROGRA~1\Gram Meet 2007-09-26 19:01 <DIR> d-------- C:\DOCUME~1\admin\Contacts 2007-09-26 19:00 <DIR> d-------- C:\Programfiler\Messenger Plus! Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-27 06:55 --------- d-------- C:\Programfiler\MSN Messenger 2007-09-26 18:59 --------- d-------- C:\DOCUME~1\admin\PROGRA~1\Talkback 2007-09-26 18:57 --------- d-------- C:\Programfiler\Guitar Pro 4 2007-09-26 18:54 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-09-26 18:54 299392 --a------ C:\WINDOWS\system32\imon.dll 2007-09-26 18:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-09-26 18:52 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-26 18:51 --------- d-------- C:\Programfiler\Creative 2007-09-26 18:47 --------- d-------- C:\Programfiler\Fellesfiler\InstallShield 2007-09-26 18:45 --------- d-------- C:\Programfiler\Realtek 2007-09-26 18:43 --------- d-------- C:\Programfiler\NVIDIA Corporation 2007-09-26 18:36 --------- d-------- C:\Programfiler\microsoft frontpage 2007-09-26 18:35 --------- d-------- C:\Programfiler\Fellesfiler\Tjenester 2007-09-26 18:35 --------- d-------- C:\Programfiler\Fellesfiler\MSSoap 2007-09-26 18:35 --------- d-------- C:\Programfiler\Elektroniske tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 02:04 C:\WINDOWS\SkyTel.exe] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-09-26 18:54] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24] "PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2005-06-28 21:15] "COPY FRAG KEEP BLEH"="C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\wipe bib.exe" [2007-09-27 07:01] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "BandwidthMeterPro"="C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe" [2006-10-09 08:24] "FastGrid"="C:\DOCUME~1\admin\PROGRA~1\GRAMME~1\FIRSTPOLLTRUST.exe" [2007-09-27 06:55] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ BTTray.lnk - C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe [2004-09-02 15:34:04] Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-09-26 19:09:59] C:\DOCUME~1\admin\START-~1\PROGRA~1\Oppstart\ mIRC.lnk - C:\mIRC\mirc.exe [2007-09-26 18:58:17] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastGrid] C:\DOCUME~1\admin\PROGRA~1\GRAMME~1\FIRSTPOLLTRUST.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programfiler\Winamp\winampa.exe R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys *Newly Created Service* - CATCHME *Newly Created Service* - SCDEMU *Newly Created Service* - SPTD . Contents of the 'Scheduled Tasks' folder "2007-09-27 05:00:00 C:\WINDOWS\Tasks\AD0C668B9063E413.job" - c:\docume~1\admin\progra~1\gramme~1\Else Glue Bleh.exe "2007-09-26 17:09:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-27 07:04:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-27 7:04:31 . --- E O F --- Lenke til kommentar
norbat Skrevet 27. september 2007 Del Skrevet 27. september 2007 (endret) Klikk Start->Kjør Skriv/lim inn: C:\WINDOWS\Tasks Fra Tasks, fjerner du: AD0C668B9063E413.job Bruk utforsker til å slette: C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG Åpne notisblokka og kopier inn det som står i fet skrift under. Lagre fila som 1915.reg og legg det på skrivebordet. Dobbeltklikk på fila og si ja til å legge inn informasjonen. Restart pc og fortell hvordan ting og tang virker. NB! Hvis du vet hva FastGrid er, så fjerner du det fra listen under (2 linjer med FastGrid, som du ser). Hvis du ikke kjenner til dette, la det stå. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COPY FRAG KEEP BLEH"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FastGrid"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastGrid] Endret 27. september 2007 av norbat Lenke til kommentar
norbat Skrevet 28. september 2007 Del Skrevet 28. september 2007 Hvis du har gjort dette og det fortsatt kommer popup, fortsetter vi med følgende: Last ned og kjør Blacklight (klikk på 'I accept'-knappen) Hvis den finne noe velger du Rename. Gi tilbakemelding. Lenke til kommentar
1915 Skrevet 28. september 2007 Forfatter Del Skrevet 28. september 2007 sånn gjorde det og den fant ikke noe ;O Lenke til kommentar
norbat Skrevet 28. september 2007 Del Skrevet 28. september 2007 (endret) Ok, hva slags type popup er det du får? Om SAS fortsatt har problemer med å kjøre scannen, kan du prøve en onlinescan, eks.: Kaspersky. Gi tilbakemelding/logg. Endret 28. september 2007 av norbat Lenke til kommentar
1915 Skrevet 28. september 2007 Forfatter Del Skrevet 28. september 2007 poppup om flybilleter,poker osv slikt dritt Lenke til kommentar
norbat Skrevet 28. september 2007 Del Skrevet 28. september 2007 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker'. Nullstille gjenopprettingsmappa: Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Hvilken nettleser bruker du og kjører du med popup-blokker? Lenke til kommentar
1915 Skrevet 28. september 2007 Forfatter Del Skrevet 28. september 2007 Bruker KUNN firefox. ALDRI IE. men får IE popupp har satt poppup stopper på Høy i IE Lenke til kommentar
johome Skrevet 2. oktober 2007 Del Skrevet 2. oktober 2007 Hva slags firewall bruker du ? Selv er jeg ofte innom skumle nettsider og er aldri plaget av pop up meldinger , eller virus av noe slag. Har du sjekket om pop up'en dukker opp før du er på nettet ? Lenke til kommentar
Neddo Skrevet 2. oktober 2007 Del Skrevet 2. oktober 2007 Kjøyr ein virus scan bruk denne Trend Micro's online virus scanner når du er ferdig so last ned Ad-Aware og kjøyr ein scan her og så kan du laste ned CCleaner så tekke du ein rens der so fikser du feil i register ditt, det burde fjerne det meste du har på PC-en. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå