HildeSa Skrevet 29. januar 2008 Del Skrevet 29. januar 2008 Har renset og ryddet og skannet og sjekket. Kjørt CCleaner, SAS, SpyDoctor, AdAware2007 + +. Kan noen se på HiJackThis-loggen min, for CiD-Pop-upsen gir seg jo ikke. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:44:59, on 29.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Spyware Doctor\SDTrayApp.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Spyware Doctor\svcntaux.exe C:\Programfiler\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programfiler\Google\Google Updater\GoogleUpdater.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Petter\Skrivebord\xtestx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.no/ig?hl=no"]http://www.google.no/ig?hl=no[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = sirilia 55 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = elevproxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sDTray] "C:\Programfiler\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [1 mess] C:\DOCUME~1\Petter\PROGRA~1\PLATFO~1\balm coal soft.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: Google Updater.lnk = C:\Programfiler\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url] O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://CD-en.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab"]http://CD-en.scan.onecare.live.com/resource/...lscbase4009.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url="http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab"]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url] O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - [url="https://prosjekthotell2.runit.no/eRoomSetup/client.cab"]https://prosjekthotell2.runit.no/eRoomSetup/client.cab[/url] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8760 bytes Lenke til kommentar
Programvare Skrevet 29. januar 2008 Del Skrevet 29. januar 2008 Du kan merke og trykke fix checked på følgende: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - Startup: PowerReg Scheduler.exe Hvilken nettleser bruker du? Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 (endret) Mulig hosts-filen din er korrupt. Gjør følgende: Åpne hosts-filen direkte i notiblokk ved å skrive/kopiere det som er i fet tekst under i kjør-vinduet (Startknappen->Kjør) notepad %systemroot%\system32\drivers\etc\hosts Hostsfilen skal i utg.pkt bestå av noe ala: # Noe tekst om hostsfilen, bla bla # bla bla ..... 127.0.0.1 localhost Fjern alle linjer som evt. står i tilknytning til # CiD ... Endret 30. januar 2008 av norbat Lenke til kommentar
HildeSa Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 Da har jeg brukt "fixed checked" på følgende linjer: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - Startup: PowerReg Scheduler.exe Hostfila hadde jeg rensa for masse "added by CiD" tidligere. Nettleseren brukt til nå er IE, men innstallerte Firefox i går (natt). Tenkte kanskje det skulle bli noe bedre, men det hjalp jo ikke noe det heller. Guttungen er inne på PC-en sin og spiller nå. Har ikke fått noe CiD ennå i hvertfall. Tror du virkelig de er borte nå, eller trenger du flere logger? Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 Vi kan godt ta en ekstra sjekk om du ønsker: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
HildeSa Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 CiD'en er der fortsatt. Får ikke kjørt Combofix - blir stoppet av SpyDoctor. Får beskjed om at "327882R2FWJFW\nircmd.com er ikke et gyldig Win32-program. Deretter sier en ny melding at den ikke finner kmd.exe, i tillegg til at SpyDoctor sier Malicious Action Blocked, noe om en sti: C:.... og en Trojan.NirCmd. Må jeg deaktivere SpyDoctor før jeg kjører Combo-fix? Her er ny logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:30:07, on 30.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Spyware Doctor\svcntaux.exe C:\Programfiler\Spyware Doctor\SDTrayApp.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Spyware Doctor\swdsvc.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Petter\Skrivebord\xtestx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.no/ig?hl=no"]http://www.google.no/ig?hl=no[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = sirilia 55 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = elevproxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sDTray] "C:\Programfiler\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [1 mess] C:\DOCUME~1\Petter\PROGRA~1\PLATFO~1\balm coal soft.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: Google Updater.lnk = C:\Programfiler\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url] O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://CD-en.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab"]http://CD-en.scan.onecare.live.com/resource/...lscbase4009.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url="http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab"]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url] O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - [url="https://prosjekthotell2.runit.no/eRoomSetup/client.cab"]https://prosjekthotell2.runit.no/eRoomSetup/client.cab[/url] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8622 bytes Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 Ja, deaktiver spydoctor og evt. andre av-prog. som kan tenkes å stoppe prosessene som combofix kjører. Lenke til kommentar
HildeSa Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 Ja, deaktiver spydoctor og evt. andre av-prog. som kan tenkes å stoppe prosessene som combofix kjører. ComboFix 08-01-30.1 - Petter 2008-01-30 8:13:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.245 [GMT 1:00]Running from: C:\Documents and Settings\Petter\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000220_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) . 2008-01-29 07:27 . 2008-01-30 07:36 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-01-29 07:25 . 2008-01-29 07:25 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-29 05:48 . 2008-01-29 06:00 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\WINDOWS\Google Toolbar 2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache 2008-01-21 17:42 . 2008-01-21 17:43 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\Apple Computer 2008-01-21 17:40 . 2008-01-21 17:40 <DIR> d-------- C:\Programfiler\Bonjour 2008-01-21 17:38 . 2008-01-21 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-21 17:36 . 2008-01-21 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-01-15 21:26 . 2008-01-15 21:26 <DIR> d-------- C:\Programfiler\platform site 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-06 23:21 . 2008-01-29 05:50 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-01-06 23:21 . 2008-01-06 23:21 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\PC Tools 2008-01-06 23:21 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-06 23:21 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-06 23:21 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-06 23:21 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-06 23:19 . 2008-01-29 09:10 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\Skype 2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Programfiler\Skype 2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-01-06 23:14 . 2008-01-06 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype 2008-01-06 23:11 . 2008-01-19 16:06 <DIR> d-------- C:\Programfiler\Norton Security Scan 2008-01-06 23:04 . 2008-01-30 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Google Updater 2008-01-06 22:43 . 2008-01-30 08:13 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-06 22:06 . 2008-01-06 22:06 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\ErrorSmart 2008-01-06 22:05 . 2008-01-06 23:24 <DIR> d-------- C:\Programfiler\ErrorSmart 2008-01-06 21:16 . 2008-01-06 21:19 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2008-01-06 20:14 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-06 19:45 . 2008-01-06 23:30 <DIR> d-------- C:\Programfiler\XoftSpySE 2008-01-06 19:18 . 2008-01-06 19:18 <DIR> d-------- C:\Programfiler\Lavasoft 2008-01-06 19:18 . 2008-01-18 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-06 19:14 . 2008-01-29 07:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 22:21 . 2008-01-06 19:07 <DIR> d-------- C:\Programfiler\AdwareAlert 2008-01-04 22:21 . 2008-01-06 18:13 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\AdwareAlert 2008-01-04 19:00 . 2008-01-15 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Move Bore Curb Tool 2008-01-04 18:59 . 2008-01-04 18:59 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-04 18:59 . 2008-01-04 18:59 <DIR> d-------- C:\Programfiler\Circle Developement 2007-12-23 19:52 . 2007-12-23 20:09 <DIR> d-------- C:\Programfiler\Flåklypa Grand Prix 2007-12-15 12:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-15 12:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-15 12:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-15 12:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-15 12:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-15 12:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-15 12:58 . 2007-12-15 12:58 <DIR> d-------- C:\Programfiler\Alwil Software 2007-12-15 12:58 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-15 12:58 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-29 06:39 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-01-29 06:37 --------- d-----w C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-01-29 06:31 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-29 06:06 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-29 06:00 --------- d-----w C:\Programfiler\Quake III Arena 2008-01-29 05:41 --------- d-----w C:\Programfiler\Ubi Soft 2008-01-28 18:39 --------- d-----w C:\Programfiler\LimeWire 2008-01-21 16:39 --------- d-----w C:\Programfiler\QuickTime 2008-01-19 10:27 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-18 20:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-15 20:27 --------- d-----w C:\Documents and Settings\Petter\Programdata\platform site 2008-01-06 22:04 --------- d-----w C:\Programfiler\Google 2008-01-04 19:20 --------- d-----w C:\Documents and Settings\Petter\Programdata\Screenshot Sender 2008-01-04 17:59 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-04 17:59 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-19 19:10 --------- d-----w C:\Programfiler\Hjulkalender 2000 2007-12-15 11:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2007-12-15 11:45 --------- d-----w C:\Documents and Settings\Petter\Programdata\Symantec 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-04-15 15:48 3,073 ----a-w C:\Programfiler\INSTALL.LOG 2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys 2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe 2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll 1998-10-07 15:16 148,480 ----a-w C:\Programfiler\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "1 mess"="C:\DOCUME~1\Petter\PROGRA~1\PLATFO~1\balm coal soft.exe" [2008-01-15 21:26 448000] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 19:16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-17 21:40 3059712] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 23:04 1831424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2005-07-19 22:05:40 671744] Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-01-06 23:04:03 124400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07] R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48] R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-01-26 13:43] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-01-26 13:43] R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 18:09] R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 15:59] S3 PNDIS5;PNDIS5 NDIS Protocol Driver;D:\PNDIS5.SYS [] . Contents of the 'Scheduled Tasks' folder "2008-01-06 17:13:29 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Programfiler\AdwareAlert\AdwareAlert.ex - C:\Programfiler\AdwareAlert.PetterWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs. "2008-01-29 08:00:02 C:\WINDOWS\Tasks\AE950623918ABE17.job" - c:\docume~1\petter\progra~1\platfo~1\loud move acid.exe "2008-01-06 22:20:46 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Programfiler\ErrorSmart\ErrorSmart.ex - C:\Programfiler\ErrorSmart.Petter+Runs ErrorSmart to optimize your registry. "2008-01-06 22:11:50 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2008-01-30 08:17:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-30 8:18:18 ComboFix-quarantined-files.txt 2008-01-30 07:17:48 . 2008-01-19 10:52:46 --- E O F --- Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 (endret) Før vi gjør noe mer, så avinstallerer du Messenger Plus! fra legg til / fjern programmer. Hent deretter NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør på nytt combofix og post loggen. Edit: Legg loggen mellom SPOILER isteden for CODEBOX. Lettere å lese Endret 30. januar 2008 av norbat Lenke til kommentar
HildeSa Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 (endret) Jeg gremmes.... Har nok innstallert sponsor-programmet i den tro at det kun var smileys, gadgets og all slags tull som man bare må ha..... Avinstallerte Messenger Plus ..... Kjørte NoLop.exe - Fant ingen ting. Her har do ny ComboFix (i Spoiler): ComboFix 08-01-30.1 - Petter 2008-01-30 9:14:49.1 - NTFSx86 Running from: C:\Documents and Settings\Petter\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) . 2008-01-30 09:11 . 2008-01-30 09:11 106 --a------ C:\delete.bat 2008-01-29 07:27 . 2008-01-30 08:23 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-01-29 07:25 . 2008-01-29 07:25 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-29 05:48 . 2008-01-29 06:00 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\WINDOWS\Google Toolbar 2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache 2008-01-21 17:42 . 2008-01-21 17:43 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\Apple Computer 2008-01-21 17:40 . 2008-01-21 17:40 <DIR> d-------- C:\Programfiler\Bonjour 2008-01-21 17:38 . 2008-01-21 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-21 17:36 . 2008-01-21 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-06 23:21 . 2008-01-29 05:50 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-01-06 23:21 . 2008-01-06 23:21 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\PC Tools 2008-01-06 23:21 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-06 23:21 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-06 23:21 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-06 23:21 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-06 23:19 . 2008-01-29 09:10 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\Skype 2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Programfiler\Skype 2008-01-06 23:15 . 2008-01-06 23:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-01-06 23:14 . 2008-01-06 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype 2008-01-06 23:11 . 2008-01-19 16:06 <DIR> d-------- C:\Programfiler\Norton Security Scan 2008-01-06 23:04 . 2008-01-30 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Google Updater 2008-01-06 22:43 . 2008-01-30 09:07 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-06 22:06 . 2008-01-06 22:06 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\ErrorSmart 2008-01-06 22:05 . 2008-01-06 23:24 <DIR> d-------- C:\Programfiler\ErrorSmart 2008-01-06 21:16 . 2008-01-06 21:19 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2008-01-06 20:14 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-06 19:45 . 2008-01-06 23:30 <DIR> d-------- C:\Programfiler\XoftSpySE 2008-01-06 19:18 . 2008-01-06 19:18 <DIR> d-------- C:\Programfiler\Lavasoft 2008-01-06 19:18 . 2008-01-18 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-06 19:14 . 2008-01-29 07:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 22:21 . 2008-01-06 19:07 <DIR> d-------- C:\Programfiler\AdwareAlert 2008-01-04 22:21 . 2008-01-06 18:13 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\AdwareAlert 2008-01-04 19:00 . 2008-01-30 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Move Bore Curb Tool 2007-12-23 19:52 . 2007-12-23 20:09 <DIR> d-------- C:\Programfiler\Flåklypa Grand Prix 2007-12-15 12:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-15 12:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-15 12:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-15 12:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-15 12:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-15 12:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-15 12:58 . 2007-12-15 12:58 <DIR> d-------- C:\Programfiler\Alwil Software 2007-12-15 12:58 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-15 12:58 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 08:00 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-01-30 07:36 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-01-29 06:37 --------- d-----w C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-01-29 06:31 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-29 06:06 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-29 06:00 --------- d-----w C:\Programfiler\Quake III Arena 2008-01-29 05:41 --------- d-----w C:\Programfiler\Ubi Soft 2008-01-28 18:39 --------- d-----w C:\Programfiler\LimeWire 2008-01-21 16:39 --------- d-----w C:\Programfiler\QuickTime 2008-01-19 10:27 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-18 20:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-06 22:04 --------- d-----w C:\Programfiler\Google 2008-01-04 19:20 --------- d-----w C:\Documents and Settings\Petter\Programdata\Screenshot Sender 2008-01-04 17:59 --------- d-----w C:\Programfiler\MSN Messenger 2007-12-19 19:10 --------- d-----w C:\Programfiler\Hjulkalender 2000 2007-12-15 11:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2007-12-15 11:45 --------- d-----w C:\Documents and Settings\Petter\Programdata\Symantec 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-04-15 15:48 3,073 ----a-w C:\Programfiler\INSTALL.LOG 2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys 2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe 2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll 1998-10-07 15:16 148,480 ----a-w C:\Programfiler\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 19:16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-17 21:40 3059712] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 23:04 1831424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2005-07-19 22:05:40 671744] Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-01-06 23:04:03 124400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07] R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48] R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2007-01-26 13:43] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2007-01-26 13:43] R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 18:09] R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 15:59] S3 PNDIS5;PNDIS5 NDIS Protocol Driver;D:\PNDIS5.SYS [] . Contents of the 'Scheduled Tasks' folder "2008-01-06 17:13:29 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Programfiler\AdwareAlert\AdwareAlert.ex - C:\Programfiler\AdwareAlert.PetterWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs. "2008-01-06 22:20:46 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Programfiler\ErrorSmart\ErrorSmart.ex - C:\Programfiler\ErrorSmart.Petter+Runs ErrorSmart to optimize your registry. "2008-01-06 22:11:50 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 09:18:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-30 9:19:29 ComboFix-quarantined-files.txt 2008-01-30 08:19:03 ComboFix2.txt 2008-01-30 07:18:19 . 2008-01-19 10:52:46 --- E O F --- Ser ut til at CiD PopUps er borte!!!! Jeg går å legger meg. Er egentlig ikke noe nattmenneske..... Takk for all hjelp så langt. Endrer tittelen til "Løst" i morgen kveld hvis fortsatt ingen CiD-Popups. zzzzzzzzzzzzzz......zzz Endret 31. januar 2008 av HildeSa Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Errorsmart og AdwareAlert, er det to program som du trenger? Lenke til kommentar
HildeSa Skrevet 31. januar 2008 Forfatter Del Skrevet 31. januar 2008 Får ikke avinnstallert Ad-aware 2007. Får en feilmelding om at windows installer ikke fungerer, at jeg kanskje kjører i sikker-modus osv. Har innstallert IE på nytt, kjørt windows update. Kan ikke finne noe program som heter Errorsmart. Lå en tom mappe på c:\programfilser som jeg tok vekk. Ellers så har jeg heldigvis ikke sett noe mer til CiD'ene . PC-en er ganske treg ved oppstart, men så kjører jeg jo både Avaste, Norton og Spyware doctor. Kan også få F-secure via bredbåndleverandøren. Hva anbefaler du - hva kan jeg kutte ut? Er jeg godt nok beskytta hvis jeg kutter bort noe skanning ved oppstart? Takk for all hjelp hittil - håper du holder ut litt til Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Du kan starte med å avinstallere ett av dine antivirus-program. Hvis du har lisens for Norton, så synes jeg du kan beholde det. Hvis ikke, så kan du enten beholde Avast eller laste ned F-secure (som forøvrig er et glimrende av-prog). Hvis du skal avinstallere ad-aware, så kan du forsøke å installere det på nytt og se om det da ikke lar seg avinstallere på normal måte. Andre ting for å speede opp en pc: - Fjern programmer du ikke bruker - Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil. NB! Under installasjonen kan du fjerne valget om å installere yahoo toolbar. Under registerrensen, blir du spurt om å ta backup. Det gjør du. - Sjekk om PC-en trenger diskdefragmentering (tilbehør->systemverktøy->diskdef...) Lenke til kommentar
HildeSa Skrevet 31. januar 2008 Forfatter Del Skrevet 31. januar 2008 Du kan starte med å avinstallere ett av dine antivirus-program. Hvis du har lisens for Norton, så synes jeg du kan beholde det. Hvis ikke, så kan du enten beholde Avast eller laste ned F-secure (som forøvrig er et glimrende av-prog). Hvis du skal avinstallere ad-aware, så kan du forsøke å installere det på nytt og se om det da ikke lar seg avinstallere på normal måte. Andre ting for å speede opp en pc: - Fjern programmer du ikke bruker - Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil. NB! Under installasjonen kan du fjerne valget om å installere yahoo toolbar. Under registerrensen, blir du spurt om å ta backup. Det gjør du. - Sjekk om PC-en trenger diskdefragmentering (tilbehør->systemverktøy->diskdef...) Takk - skal gjøre aaaalt du sier. Har kjørt mye CCleaner og renset både Register og programmer flere ganger Skal prøve å innstallere og avinnstallere AdAware igjen. Avvinstallerer også Avaste, SpyWare Doctor, og Super Anti Spyware. Det vil si at jeg beholder kun det jeg får via Goggle Pack: Norton og Spyware Doctor. Hvis Google Pack viser seg å ikke være god nok beskyttelse så innstallerer jeg F-Secure som jeg får via bredbåndsleverandørene. Takk igjen... Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Både Norton og Spyware Doctor er gode program som burde holde til det meste. For å fjerne combofix ink. backup/karantene filer etc. så skriver du combofix /u fra kjør-vinduet (start->kjør) Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå