Hvordan stoppe uønskede pop-ups?

[Nautique]

Jeg har nylig lasted ned siste version av AVG og Ad-Aware, og scannet disken, den fant noe virus og jeg trodde det fjernet de irriterende pop-upsene, men neida Noen som vet hvordan jeg kan fjerne de, har ikke lyst til å formatere, skifte Ip adresse kanskje?

Endret 10. mai 2008 av Nautique

[snippsat]

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

[TheStian]

Hei =)

Du kan bruke en popup-blocker. Det er innebygd i de fleste nettlesere.. Bruker du internett explorer?

[Syar-2003]

For å unngå infisering via nettleser er svaret veldig enkelt.

Lag en windows konto med begrenset bruker.

 

Bruk denne kontoen ved internet browsing.

Det som skjer da er at siden du browser uten admin rettigheter vil ingenting fra browseren ha skrive tilgang til C:\Windows katalogen og andre kataloger .

 

 

Det går også an å lage seg en spesiell shortcut/snarvei som launcher browseren med reduserte kriterier (run as en beskyttet account).

Dette gjør at du slipper å "logge ut" fra din admin konto.

Endret 5. mars 2008 av syar2003

[Nautique]

Sånn? Jeg bruker Opera btw, men får pop-ups av IE uansett = /

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:14, on 05.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\iTunes\iTunes.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\Simen\LOKALE~1\Temp\7DTR5iHn.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\World of Warcraft\WoW.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programfiler\Styler\TB\StylerTB.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C992A4D-8B11-4A0D-81D6-6E111234FF61}: NameServer = 85.255.116.141,85.255.112.90

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5587 bytes

Endret 5. mars 2008 av Nautique

[snippsat]

Start HijackThis finn disse linjene merk dem,så trykk fixed checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programfiler\Styler\TB\StylerTB.dll (file missing)

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C992A4D-8B11-4A0D-81D6-6E111234FF61}: NameServer = 85.255.116.141,85.255.112.90

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

Restart og en ny HijackThis logg.

Endret 5. mars 2008 av SNIPPSAT

[Nautique]

ComboFix 08-03-05.1 - Simen 2008-03-05 21:16:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1191 [GMT 1:00]

Running from: C:\Documents and Settings\Simen\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\msettings.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))

.

 

2008-03-05 20:57 . 2008-03-05 20:57 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-05 14:03 . 2008-03-05 20:54 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\AVG7

2008-03-05 14:02 . 2008-03-05 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-05 14:02 . 2008-03-05 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-05 14:02 . 2008-03-05 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-05 14:02 . 2008-03-05 14:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-05 14:02 . 2008-03-05 14:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-03 01:28 . 2008-03-03 01:28 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-03-02 21:18 . 2008-03-02 21:18 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter

2008-03-02 14:27 . 2008-03-02 14:27 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-01 19:47 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-01 19:46 . 2008-03-01 19:46 <DIR> d-------- C:\Programfiler\MSBuild

2008-03-01 19:46 . 2008-03-01 19:46 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-03-01 19:45 . 2008-03-01 19:45 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-01 19:44 . 2008-03-01 19:44 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8

2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-01 19:43 . 2008-03-02 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-02-29 23:35 . 2008-02-29 23:35 <DIR> d-------- C:\WINDOWS\nview

2008-02-29 23:35 . 2008-03-04 23:05 165,029 --a------ C:\WINDOWS\system32\nvapps.xml

2008-02-28 21:14 . 2008-02-28 21:15 <DIR> d-------- C:\WINDOWS\NV31443148.TMP

2008-02-27 00:15 . 2008-02-27 00:15 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\vlc

2008-02-26 23:43 . 2008-02-26 23:43 <DIR> d-------- C:\Programfiler\VideoLAN

2008-02-26 23:32 . 2007-03-11 00:10 958,464 --a------ C:\WINDOWS\VSFilter.dll

2008-02-26 23:30 . 2008-02-26 23:30 <DIR> d-------- C:\WINDOWS\system32\DirectVobSub

2008-02-08 15:43 . 2007-01-04 12:01 90,800 -ra------ C:\WINDOWS\system32\drivers\sea1unic.sys

2008-02-08 15:43 . 2007-01-04 12:01 18,704 -ra------ C:\WINDOWS\system32\drivers\sea1nd5.sys

2008-02-08 15:43 . 2007-01-04 12:01 4,128 -ra------ C:\WINDOWS\system32\drivers\sea1cr.sys

2008-02-08 15:42 . 2007-01-04 12:01 88,624 -ra------ C:\WINDOWS\system32\drivers\sea1mgmt.sys

2008-02-08 15:42 . 2007-01-04 12:01 86,432 -ra------ C:\WINDOWS\system32\drivers\sea1obex.sys

2008-02-08 15:40 . 2007-01-04 12:01 97,088 -ra------ C:\WINDOWS\system32\drivers\sea1mdm.sys

2008-02-08 15:40 . 2007-01-04 12:01 61,536 -ra------ C:\WINDOWS\system32\drivers\sea1bus.sys

2008-02-08 15:40 . 2007-01-04 12:01 9,360 -ra------ C:\WINDOWS\system32\drivers\sea1mdfl.sys

2008-02-08 15:40 . 2007-01-04 12:01 6,240 -ra------ C:\WINDOWS\system32\drivers\sea1cmnt.sys

2008-02-08 15:40 . 2007-01-04 12:01 6,240 -ra------ C:\WINDOWS\system32\drivers\sea1cm.sys

2008-02-08 15:40 . 2007-01-04 12:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1whnt.sys

2008-02-08 15:40 . 2007-01-04 12:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1wh.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 17:48 --------- d-----w C:\Documents and Settings\Simen\Programdata\Bioshock

2008-03-05 17:12 --------- d-----w C:\Documents and Settings\Simen\Programdata\Azureus

2008-03-05 13:30 --------- d-----w C:\Programfiler\Cheat Engine

2008-03-05 13:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-05 13:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-04 19:39 --------- d-----w C:\Programfiler\Windows Live Safety Center

2008-03-01 14:12 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-01 13:25 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-03-01 00:48 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-29 21:31 --------- d-----w C:\Programfiler\Steam

2008-02-29 19:51 --------- d-----w C:\Programfiler\Activision

2008-02-27 17:27 --------- d-----w C:\Programfiler\World of Warcraft

2008-02-14 19:17 --------- d-----w C:\Documents and Settings\Simen\Programdata\LimeWire

2008-02-08 19:29 28,224 ----a-w C:\WINDOWS\system32\EMP0ruaJ.exe

2008-02-03 11:09 --------- d-----w C:\Programfiler\Azureus

2008-02-02 00:42 --------- d-----w C:\Programfiler\Counter-Strike 1.6

2008-01-27 20:45 360,448 ----a-w C:\WINDOWS\system32\nvudisp.exe

2008-01-26 12:21 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-01-18 15:33 --------- d-----w C:\Programfiler\Stardock

2008-01-11 14:57 --------- d-----w C:\Documents and Settings\Simen\Programdata\Skype

2008-01-11 14:20 --------- d-----w C:\Documents and Settings\Simen\Programdata\skypePM

2008-01-07 20:50 --------- d-----w C:\Programfiler\Lavasoft

2008-01-05 11:03 --------- d-----w C:\Programfiler\iPod

2008-01-03 16:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-01-02 02:28 22,328 ----a-w C:\Documents and Settings\Simen\Programdata\PnkBstrK.sys

2008-01-02 02:28 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-01-02 02:27 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-01-02 02:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-20 20:32 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

.

 

------- Sigcheck -------

 

f5df21a595bc0057e08cf5594649edb7 C:\WINDOWS\explorer.exe

----a-w 1,422,848 2004-08-03 23:03:32 C:\WINDOWS\explorer.exe

----a-w 1,032,192 2004-08-03 23:03:32 C:\WINDOWS\system32\VITrans\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 19:55 8523776]

"nwiz"="nwiz.exe" [2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 19:55 81920]

"RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05 2650112]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 14:02 579072]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:03 158208]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 14:02 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 07:04 210168 C:\Programfiler\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]

--------- 2005-03-10 14:56 405504 C:\Programfiler\ULI5289\ALi5289.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 19:04 139264 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]

C:\Programfiler\Blaero Start Orb\Blaero Start Orb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

C:\Programfiler\GameSpy\Comrade\Comrade.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-09-18 15:16 171464 C:\Programfiler\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-09-06 14:08 136136 C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]

F:\Programfiler\HDD Health\HDDHealth.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-09-26 14:42 267064 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]

C:\Programfiler\ASUS\Ai Booster\OverClk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

C:\Programfiler\LClock\LClock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-18 19:55 8523776 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

C:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-18 19:55 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]

--a------ 2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-08-07 01:05 200704 C:\Programfiler\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-12 15:20 21686568 C:\Programfiler\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-12-01 13:04 1266936 C:\Programfiler\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

C:\Programfiler\Styler\Styler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]

C:\Programfiler\Vista Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

--a------ 2006-10-06 09:21 942080 C:\Programfiler\VisualTooltip\VisualToolTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"PnkBstrA"=2 (0x2)

"mnmsrvc"=3 (0x3)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"helpsvc"=2 (0x2)

"ERSvc"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Azureus\\Azureus.exe"=

"C:\\Programfiler\\Counter-Strike 1.6\\hl.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\nauitque\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Aspyr\\Guitar Hero III\\gh3.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

 

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 14:08]

S3 BS_DEF;BS_DEF;C:\Programfiler\ASUS\AsusUpdate\BS_DEF.sys []

S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 12:01]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-01-04 12:01]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-01-04 12:01]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-01-04 12:01]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-01-04 12:01]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-01-04 12:01]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-01-04 12:01]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-01 21:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-04 23:00:01 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-02-29 08:00:01 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-02-29 09:00:01 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-01 10:00:01 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-01 11:00:01 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-03 12:00:01 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 13:00:01 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 14:00:03 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 15:00:02 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 16:00:01 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 17:00:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 00:00:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 18:00:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 19:00:01 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 20:00:01 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-04 21:00:01 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-04 22:00:02 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 01:00:01 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 02:00:01 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 03:00:01 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 04:00:01 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 05:00:01 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 06:00:01 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

"2008-03-05 07:00:01 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\EMP0ruaJ.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank"><a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a></a>

Rootkit scan 2008-03-05 21:19:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-03-05 21:21:13 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-05 20:21:11

 

 

Unnskyld for lange innlegg, men greier ikke bruke den "vedlegg" funksjonen.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:22:39, on 05.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.no/" target="_blank">http://www.google.no/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4812 bytes

Endret 5. mars 2008 av Nautique

[snippsat]

Da ser loggene bra ut

 

Viss du ikke kjenner denne filen slett den.

WINDOWS\system32\EMP0ruaJ.exe

 

Anbefalt spyware software

Superantispyware free

 

Oprydding.

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

 

Kjører pcen greit gjør du dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

Endret 5. mars 2008 av SNIPPSAT

[Nautique]

Tusen takk for hjelpen, har ikke hatt noen fler pop-ups nå, så er ganske sikker på at det funker : )

[Nautique]

Bumper denne tråden igjen jeg, da pop-upsene har kommet tilbake : ( Noen som kan lese igjennom loggfilen min igjen å si hva jeg skal slette? Da hadde jeg blitt evig takknemlig igjen : D

 

 

Klikk for å se/fjerne innholdet nedenfor

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Azureus\Azureus.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4273 bytes

Endret 11. mai 2008 av Nautique

[norbat]

Last ned og kjør ny combofix og post loggen.

[Nautique]

Sånn? ; )

 

Combofix_log.txt

[norbat]

Åpne notisblokk og kopier/lim inn det som står i fet tekst under. Lagre fila som fjernjobb.bat på skrivebordet.

Dobbeltklikk på fila og la skriptet kjøre.

Klikk for å se/fjerne innholdet nedenfor

%systemdrive%

cd %WinDir%\Tasks

attrib -r -s -h At1.job

del At1.job

attrib -r -s -h At2.job

del At2.job

attrib -r -s -h At3.job

del At3.job

attrib -r -s -h At4.job

del At4.job

attrib -r -s -h At5.job

del At5.job

attrib -r -s -h At6.job

del At6.job

attrib -r -s -h At7.job

del At7.job

attrib -r -s -h At8.job

del At8.job

attrib -r -s -h At9.job

del At9.job

attrib -r -s -h At10.job

del At10.job

attrib -r -s -h At11.job

del At11.job

attrib -r -s -h At12.job

del At12.job

attrib -r -s -h At13.job

del At13.job

attrib -r -s -h At14.job

del At14.job

attrib -r -s -h At15.job

del At15.job

attrib -r -s -h At16.job

del At16.job

attrib -r -s -h At17.job

del At17.job

attrib -r -s -h At18.job

del At18.job

attrib -r -s -h At19.job

del At19.job

attrib -r -s -h At20.job

del At20.job

attrib -r -s -h At21.job

del At21.job

attrib -r -s -h At22.job

del At22.job

attrib -r -s -h At23.job

del At23.job

attrib -r -s -h At24.job

del At24.job

attrib -r -s -h At25.job

del At25.job

attrib -r -s -h At26.job

del At26.job

attrib -r -s -h At27.job

del At27.job

attrib -r -s -h At28.job

del At28.job

attrib -r -s -h At29.job

del At29.job

attrib -r -s -h At30.job

del At30.job

attrib -r -s -h At31.job

del At31.job

attrib -r -s -h At32.job

del At32.job

attrib -r -s -h At33.job

del At33.job

attrib -r -s -h At34.job

del At34.job

attrib -r -s -h At35.job

del At35.job

attrib -r -s -h At36.job

del At36.job

attrib -r -s -h At37.job

del At37.job

attrib -r -s -h At38.job

del At38.job

attrib -r -s -h At39.job

del At39.job

attrib -r -s -h At40.job

del At40.job

attrib -r -s -h At41.job

del At41.job

attrib -r -s -h At42.job

del At42.job

attrib -r -s -h At43.job

del At43.job

attrib -r -s -h At44.job

del At44.job

attrib -r -s -h At45.job

del At45.job

attrib -r -s -h At46.job

del At46.job

attrib -r -s -h At47.job

del At47.job

attrib -r -s -h At48.job

del At48.job

Restart pc

 

Fortell hvoran det går med popups.

Endret 12. mai 2008 av norbat

[Nautique]

Funket kjempe bra : D

Endret 12. mai 2008 av Nautique

[norbat]

Fint.

 

Du kunne også ha sjekket følgende fil: C:\WINDOWS\system32\lnqASrmb.exe, da jeg ikke finner noe info om den. Last den opp på Jotti og se om det blir noen treff.

[Nautique]

ja lurte selv på hva det var, googla det, men fant ingen ting : /

[norbat]

Så sjekk den på jotti. Hvis det ikke er knyttet noen infeksjoner til fila, lar du den bare være.