a1mikael Skrevet 16. januar 2008 Del Skrevet 16. januar 2008 (endret) I løpet av de siste ukene har jeg fått stadige pop ups, både CiD, annen reklame og blanke IE-skjermbilder. Jeg har prøvd forskjellige ting, men ikke lykkes med å bli kvitt problemet, kan noen hjelpe meg? Her er Combfix-loggen: * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\popcorn Terms.html C:\WINDOWS\Downloaded Program Files\ODCTOOLS C:\WINDOWS\system32\_000112_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))) . 2008-01-15 21:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 15:22 . 2008-01-15 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-15 15:21 . 2008-01-15 15:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-15 15:21 . 2008-01-15 15:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-15 15:21 . 2008-01-15 15:21 <DIR> d-------- C:\Documents and Settings\Atle\Programdata\SUPERAntiSpyware.com 2008-01-12 10:56 . 2008-01-12 10:56 <DIR> d-------- C:\Programfiler\less vc boob 2008-01-09 12:16 . 2008-01-09 12:22 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2008-01-07 13:17 . 2008-01-07 13:18 <DIR> d-------- C:\Programfiler\iTunes 2008-01-07 13:17 . 2008-01-07 13:17 <DIR> d-------- C:\Programfiler\iPod 2008-01-07 13:13 . 2008-01-07 13:13 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-07 13:13 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-01-07 13:12 . 2008-01-07 13:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-07 13:12 . 2008-01-07 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-01-06 22:42 . 2008-01-06 22:42 244 --ah----- C:\sqmnoopt03.sqm 2008-01-06 22:42 . 2008-01-06 22:42 232 --ah----- C:\sqmdata02.sqm 2008-01-03 11:26 . 2008-01-03 11:26 <DIR> d-------- C:\Programfiler\MSECache 2008-01-03 10:55 . 2008-01-03 10:55 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-01-02 20:04 . 2008-01-08 15:23 <DIR> d-------- C:\Documents and Settings\Atle\Programdata\less vc boob 2008-01-02 16:00 . 2008-01-02 16:00 <DIR> dr-h----- C:\Documents and Settings\Maren\Programdata\SecuROM 2008-01-02 16:00 . 2008-01-02 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-02 12:04 . 2008-01-15 15:46 <DIR> d-------- C:\Documents and Settings\Eva\Programdata\less vc boob 2008-01-02 10:21 . 2008-01-12 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\STORE LESS JUGS SURF 2008-01-01 20:05 . 2008-01-01 20:05 <DIR> d-------- C:\Documents and Settings\Maren\Programdata\InstallShield 2008-01-01 19:41 . 2001-10-06 14:02 92,160 --a------ C:\WINDOWS\system32\fuusd.dll 2008-01-01 19:41 . 2001-10-06 14:02 92,160 --a------ C:\WINDOWS\system32\dllcache\fuusd.dll 2008-01-01 19:41 . 2001-10-06 14:02 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll 2008-01-01 19:41 . 2001-10-06 14:02 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll 2008-01-01 19:41 . 2001-10-06 13:43 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys 2008-01-01 19:41 . 2001-10-06 13:43 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys 2008-01-01 19:16 . 2008-01-01 22:17 <DIR> d-------- C:\Documents and Settings\Maren\Programdata\FUJIFILM 2007-12-19 19:28 . 2007-12-19 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Gogii 2007-12-19 19:26 . 2007-12-25 17:28 <DIR> d-------- C:\Programfiler\BabysittingMania_at 2007-12-19 18:28 . 2008-01-02 21:42 <DIR> d-------- C:\Programfiler\Circle Developement 2007-12-19 18:28 . 2008-01-15 09:40 <DIR> d-------- C:\Documents and Settings\Maren\Programdata\less vc boob . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 20:31 5 ----a-w C:\NPF_USER.DAT 2008-01-07 12:18 --------- d-----w C:\Documents and Settings\Eva\Programdata\Apple Computer 2008-01-07 12:16 --------- d-----w C:\Programfiler\QuickTime 2008-01-07 12:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-02 14:45 --------- d-----w C:\Programfiler\EA GAMES 2008-01-02 14:16 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-27 19:45 --------- d-----w C:\Documents and Settings\Maren\Programdata\BearShare 2007-12-25 20:22 --------- d-----w C:\Programfiler\OFFICE11 2007-12-25 16:34 --------- d-----w C:\Programfiler\Stabenfeldt 2007-12-25 16:31 --------- d-----w C:\Programfiler\Fashion Fits 2007-12-21 17:20 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2007-12-19 17:28 --------- d-----w C:\Programfiler\MSN Messenger 2007-12-07 21:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2007-12-07 20:31 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-07 18:27 --------- d-----w C:\Programfiler\Windows Live 2007-11-16 18:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Fugazo 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2005-05-30 17:17 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2004-11-24 20:16 32 --sha-w C:\WINDOWS\{398F79B8-D0FC-4AFF-8E19-EDC6EEE78B45}.dat 2004-11-24 20:16 32 --sha-w C:\WINDOWS\{82056A02-2FB5-4A7A-9C08-64408A999A51}.dat 2006-05-28 17:34 168 --sh--r C:\WINDOWS\system32\CAD2726C66.sys 2006-05-28 17:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2004-11-24 20:16 32 --sha-w C:\WINDOWS\system32\{1208FDC4-F5EA-41B7-874A-4247DEEF0143}.dat 2004-11-24 20:16 32 --sha-w C:\WINDOWS\system32\{7912E240-BFDD-422F-B164-E8FF052CFA31}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 21:04 196608] "Data Secure"="C:\APPS\DataSecure\PBBckupUI.exe" [2005-04-26 10:51 2257408] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "City iso"="C:\DOCUME~1\Atle\PROGRA~1\LESSVC~1\mess deaf.exe" [2008-01-08 15:22 406016] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10 335872] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-03-19 05:30 184320] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-03-19 05:29 212992] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-13 19:05 1840128] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 12:06 741376] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "AVFX Engine"="C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480] "C:\WINDOWS\system32\V0220Ext.ax"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-04 09:03 11776] "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-29 01:01 32768] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "Jugs Surf Inter Media"="C:\Documents and Settings\All Users\Programdata\STORE LESS JUGS SURF\Proc Wait.exe" [2008-01-15 20:31 1425920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-01-01 21:42:15] NPF Messenger.lnk - C:\Programfiler\Norman\NPF\NPFMSG.EXE [2006-01-30 11:25:47] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07] R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-12-17 11:36] R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48] R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 16:07] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23] R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42] R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43] R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-12-09 11:21] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2005-12-05 07:20] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-13 19:05] S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Maren\LOKALE~1\Temp\iMSPCLOj.sys [2003-07-02 16:17] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25] S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 13:58] S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 16:00] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-15 20:00:01 C:\WINDOWS\Tasks\A79BC23190C87841.job" - c:\docume~1\atle\progra~1\lessvc~1\Obj Rule Jugs.exe "2008-01-15 20:00:01 C:\WINDOWS\Tasks\AEF796A8918C0714.job" - c:\docume~1\maren\progra~1\lessvc~1\Obj Rule Jugs.exe "2008-01-09 13:44:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-09 16:28:29 C:\WINDOWS\Tasks\Packard Bell Data Secure for Atle.job" - C:\APPS\DataSecure\PBBackup.exe "2008-01-09 16:36:56 C:\WINDOWS\Tasks\Packard Bell Data Secure for Eva.job" - C:\APPS\DataSecure\PBBackup.exe "2008-01-09 14:28:00 C:\WINDOWS\Tasks\Packard Bell Data Secure for Maren.job" - C:\APPS\DataSecure\PBBackup.exe "2004-11-25 22:20:00 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2008-01-15 08:00:01 C:\WINDOWS\Tasks\SyncBack Atle.job" - C:\Programfiler\2BrightSparks\SyncBack\SyncBack.exe - C:\Programfiler\2BrightSparks\SyncBack . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-15 21:43:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:\\WINDOWS\\system32\\V0220Ext.ax"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0220Ext.ax" . Completion time: 2008-01-15 21:45:45 ComboFix-quarantined-files.txt 2008-01-15 20:45:25 . 2007-12-12 10:22:58 --- E O F --- HijackThis-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:46:21, on 15.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\Norman\NPF\NPFSVICE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\apps\ABoard\ABoard.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\apps\ABoard\AOSD.exe C:\WINDOWS\V0220Mon.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe C:\APPS\DataSecure\PBBckupUI.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Programfiler\Norman\NPF\NPFMSG.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kjevikflyklubb.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0220Ext.ax] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0220Ext.ax O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Programdata\STORE LESS JUGS SURF\Proc Wait.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Data Secure] C:\APPS\DataSecure\PBBckupUI.exe /HIDDEN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [City iso] C:\DOCUME~1\Atle\PROGRA~1\LESSVC~1\mess deaf.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher S.lnk = ? O4 - Global Startup: NPF Messenger.lnk = ? O8 - Extra context menu item: &Search - ?p=ZSzed001YYNO_ZZzer000 O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maren\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://CD-en.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182362269687 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182362235343 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - https://riaportal.sas.se/http/services/peop...Pub/OrgPubX.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Programfiler\Norman\NPF\NPFSVICE.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 13971 bytes Rootchk-logg: 16.01.2008 8:31:51,29 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-16 08:31:54 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 SAS-loggen: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/15/2008 at 04:59 PM Application Version : 3.9.1008 Core Rules Database Version : 3380 Trace Rules Database Version: 1374 Scan type : Complete Scan Total Scan Time : 01:33:08 Memory items scanned : 530 Memory threats detected : 0 Registry items scanned : 7196 Registry threats detected : 1 File items scanned : 70842 File threats detected : 55 Adware.Tracking Cookie C:\Documents and Settings\Atle\Cookies\atle@partyfriendfinder[1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\atle@burstnet[1].txt C:\Documents and Settings\Atle\Cookies\[email protected][2].txt C:\Documents and Settings\Atle\Cookies\atle@adtech[1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\[email protected][1].txt C:\Documents and Settings\Atle\Cookies\atle@2o7[2].txt C:\Documents and Settings\Atle\Cookies\atle@realmedia[1].txt C:\Documents and Settings\Atle\Cookies\atle@serving-sys[2].txt C:\Documents and Settings\Eva\Cookies\[email protected][1].txt C:\Documents and Settings\Eva\Cookies\eva@partyfriendfinder[1].txt C:\Documents and Settings\Eva\Cookies\[email protected][1].txt C:\Documents and Settings\Eva\Cookies\[email protected][1].txt C:\Documents and Settings\Eva\Cookies\eva@xiti[1].txt C:\Documents and Settings\Maren\Cookies\[email protected][1].txt C:\Documents and Settings\Maren\Cookies\maren@xiti[1].txt Registry Cleaner Trial HKU\S-1-5-21-1656140260-1924963562-1850311861-1005\Software\SoftwareOnline.com C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2006-11-06,10-03 42 375.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2006-11-06,10-10 08 421.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2006-11-06,10-19 33 781.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2006-11-14,16-04 51 718.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2006-12-05,13-52 58 406.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-01-11,19-26 56 140.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-01-23,10-59 00 109.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-02-09,19-31 01 312.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-03-15,13-06 58 625.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-04-08,11-50 33 968.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-04-29,22-44 59 656.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-05-04,09-30 29 562.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-05-14,10-54 12 968.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-05-31,14-35 45 531.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-06-07,22-23 12 546.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-06-23,09-18 41 937.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-06-30,21-52 34 593.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-07-16,14-19 23 079.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-07-17,22-37 09 468.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-08-01,18-51 51 953.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-08-08,11-55 00 890.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-08-20,10-42 29 953.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-09-20,23-55 16 265.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups\2007-11-28,09-53 43 701.zip C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Backups C:\Documents and Settings\Atle\Programdata\Registry Cleaner\Regclean.ini C:\Documents and Settings\Atle\Programdata\Registry Cleaner C:\Documents and Settings\Atle\Skrivebord\Registry Cleaner.lnk BearShare File Sharing Client C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE Adware.Lop C:\SYSTEM VOLUME INFORMATION\_RESTORE{6390FFB1-B0B7-45BE-BA75-89C3531EA0A4}\RP1303\A0159207.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{6390FFB1-B0B7-45BE-BA75-89C3531EA0A4}\RP1306\A0162239.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{6390FFB1-B0B7-45BE-BA75-89C3531EA0A4}\RP1312\A0163487.EXE Endret 16. januar 2008 av a1mikael Lenke til kommentar
norbat Skrevet 16. januar 2008 Del Skrevet 16. januar 2008 Start hjt, sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Programdata\STORE LESS JUGS SURF\Proc Wait.exe O4 - HKCU\..\Run: [City iso] C:\DOCUME~1\Atle\PROGRA~1\LESSVC~1\mess deaf.exe O8 - Extra context menu item: &Search - ?p=ZSzed001YYNO_ZZzer000 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maren\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: C:\Documents and Settings\All Users\Programdata\STORE LESS JUGS SURF C:\DOCUME~1\Atle\PROGRA~1\LESSVC~1 C:\Documents and Settings\Maren\Programdata\less vc boob C:\Documents and Settings\Eva\Programdata\less vc boob C:\Programfiler\less vc boob Fortell så hvordan det går med CiD-popups Lenke til kommentar
a1mikael Skrevet 17. januar 2008 Forfatter Del Skrevet 17. januar 2008 (endret) Så langt ser det helt topp ut, tusen takk for hjelpen!!! Kan jeg spørre hvordan får en slike problem? Jeg har installert Norman AV og brannmur, i tillegg kjører jeg jevnlig Ad-Aware og Spybot. Bør jeg la de programmene (Combofix, SAS, etc.) jeg har installert ifm. "rensingen" ligge på maskinen? AM Endret 17. januar 2008 av a1mikael Lenke til kommentar
norbat Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 Dette kan godt ha kommet gjennom sponsorprogrammet til Messenger Plus! Live. Du kan fjerne noen av prog. du har brukt: Combofix: I kjør-vinduet (Start->Kjør) skriver du ComboFix /u NoLop: Slett programfila. Vil antakelig ligge ei mappa, C:\nolopbackup, som du også kan slette HJT: Avinstalleres fra legg til/ fjern prog. Slett deretter programfila SAS er et meget bra antispywareprog som jeg anbefaler å beholde. Hvis ikke, avinstaller Lenke til kommentar
a1mikael Skrevet 17. januar 2008 Forfatter Del Skrevet 17. januar 2008 (endret) Takk, nok en gang! Nå har jeg vært inn og ut av nettet mange ganger, og ingen pop ups! Endret 17. januar 2008 av a1mikael Lenke til kommentar
norbat Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
pappy Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 slett først programm med navnet CID i seg fra legg til fjern prog i kontrollpanel. last deretter ned prevx fra http://www.prevx.com/. Bruk den som er gratis. Den søker og detekterer de filene som ligger på maskinen din som lager et H....... for deg. Når søket er ferdig får du opp en melding hvor det står hvor programmet er plassert i maskinen din . gå inn via utforsker og slett filene. hvis du ikke vil betale x antall dollar slik at prevx skal gjøre det for deg. når du har gjort det bruk adaware eller seach and destroy for å finne restene av programmet. slett disse og restart maskinen og da er alt ok. har selv forsøkt i fire dager med alle tenkelige muligheter uten å lykkes før jeg forsøkte dette. lykke til Lenke til kommentar
norbat Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 (endret) Post gjerne en Combofix-logg, pappy, så ser vi om det evt. ligger igjen noe rusk som bør fjernes. Problemet med disse CiD popup-ene er oftest knyttet til Lop.com som kan være en sann plage. Det opprettes en registrering i' jobblisten' (tasks), som gjør at om man får fjernet filene som ligger der nå, opprettes det nye når jobben utføres (etter en gitt tid). Det har vært tilfelle, slik du nevner, at det er et program, CiD-help, som bør avinstalleres fra legg til /fjern programmer. I tillegg har det også lagt seg i HOSTS-filen. Endret 17. januar 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå