Nautique Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 (endret) Jeg har nylig lasted ned siste version av AVG og Ad-Aware, og scannet disken, den fant noe virus og jeg trodde det fjernet de irriterende pop-upsene, men neida Noen som vet hvordan jeg kan fjerne de, har ikke lyst til å formatere, skifte Ip adresse kanskje? Endret 10. mai 2008 av Nautique Lenke til kommentar
snippsat Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Lenke til kommentar
TheStian Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 Hei =) Du kan bruke en popup-blocker. Det er innebygd i de fleste nettlesere.. Bruker du internett explorer? Lenke til kommentar
Syar-2003 Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 (endret) For å unngå infisering via nettleser er svaret veldig enkelt. Lag en windows konto med begrenset bruker. Bruk denne kontoen ved internet browsing. Det som skjer da er at siden du browser uten admin rettigheter vil ingenting fra browseren ha skrive tilgang til C:\Windows katalogen og andre kataloger . Det går også an å lage seg en spesiell shortcut/snarvei som launcher browseren med reduserte kriterier (run as en beskyttet account). Dette gjør at du slipper å "logge ut" fra din admin konto. Endret 5. mars 2008 av syar2003 Lenke til kommentar
Nautique Skrevet 5. mars 2008 Forfatter Del Skrevet 5. mars 2008 (endret) Sånn? Jeg bruker Opera btw, men får pop-ups av IE uansett = / Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:14, on 05.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\iTunes\iTunes.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\Simen\LOKALE~1\Temp\7DTR5iHn.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\World of Warcraft\WoW.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programfiler\Styler\TB\StylerTB.dll (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8C992A4D-8B11-4A0D-81D6-6E111234FF61}: NameServer = 85.255.116.141,85.255.112.90 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5587 bytes Endret 5. mars 2008 av Nautique Lenke til kommentar
snippsat Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 (endret) Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programfiler\Styler\TB\StylerTB.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{8C992A4D-8B11-4A0D-81D6-6E111234FF61}: NameServer = 85.255.116.141,85.255.112.90 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.90 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. Endret 5. mars 2008 av SNIPPSAT Lenke til kommentar
Nautique Skrevet 5. mars 2008 Forfatter Del Skrevet 5. mars 2008 (endret) ComboFix 08-03-05.1 - Simen 2008-03-05 21:16:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1191 [GMT 1:00] Running from: C:\Documents and Settings\Simen\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\msettings.ini . ((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))) . 2008-03-05 20:57 . 2008-03-05 20:57 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-05 14:03 . 2008-03-05 20:54 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\AVG7 2008-03-05 14:02 . 2008-03-05 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-05 14:02 . 2008-03-05 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-05 14:02 . 2008-03-05 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-05 14:02 . 2008-03-05 14:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-03-05 14:02 . 2008-03-05 14:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-03-03 01:28 . 2008-03-03 01:28 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter 2008-03-02 21:18 . 2008-03-02 21:18 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-03-02 14:27 . 2008-03-02 14:27 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-01 19:47 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-01 19:46 . 2008-03-01 19:46 <DIR> d-------- C:\Programfiler\MSBuild 2008-03-01 19:46 . 2008-03-01 19:46 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-03-01 19:45 . 2008-03-01 19:45 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-03-01 19:44 . 2008-03-01 19:44 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8 2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-01 19:43 . 2008-03-02 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-02-29 23:35 . 2008-02-29 23:35 <DIR> d-------- C:\WINDOWS\nview 2008-02-29 23:35 . 2008-03-04 23:05 165,029 --a------ C:\WINDOWS\system32\nvapps.xml 2008-02-28 21:14 . 2008-02-28 21:15 <DIR> d-------- C:\WINDOWS\NV31443148.TMP 2008-02-27 00:15 . 2008-02-27 00:15 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\vlc 2008-02-26 23:43 . 2008-02-26 23:43 <DIR> d-------- C:\Programfiler\VideoLAN 2008-02-26 23:32 . 2007-03-11 00:10 958,464 --a------ C:\WINDOWS\VSFilter.dll 2008-02-26 23:30 . 2008-02-26 23:30 <DIR> d-------- C:\WINDOWS\system32\DirectVobSub 2008-02-08 15:43 . 2007-01-04 12:01 90,800 -ra------ C:\WINDOWS\system32\drivers\sea1unic.sys 2008-02-08 15:43 . 2007-01-04 12:01 18,704 -ra------ C:\WINDOWS\system32\drivers\sea1nd5.sys 2008-02-08 15:43 . 2007-01-04 12:01 4,128 -ra------ C:\WINDOWS\system32\drivers\sea1cr.sys 2008-02-08 15:42 . 2007-01-04 12:01 88,624 -ra------ C:\WINDOWS\system32\drivers\sea1mgmt.sys 2008-02-08 15:42 . 2007-01-04 12:01 86,432 -ra------ C:\WINDOWS\system32\drivers\sea1obex.sys 2008-02-08 15:40 . 2007-01-04 12:01 97,088 -ra------ C:\WINDOWS\system32\drivers\sea1mdm.sys 2008-02-08 15:40 . 2007-01-04 12:01 61,536 -ra------ C:\WINDOWS\system32\drivers\sea1bus.sys 2008-02-08 15:40 . 2007-01-04 12:01 9,360 -ra------ C:\WINDOWS\system32\drivers\sea1mdfl.sys 2008-02-08 15:40 . 2007-01-04 12:01 6,240 -ra------ C:\WINDOWS\system32\drivers\sea1cmnt.sys 2008-02-08 15:40 . 2007-01-04 12:01 6,240 -ra------ C:\WINDOWS\system32\drivers\sea1cm.sys 2008-02-08 15:40 . 2007-01-04 12:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1whnt.sys 2008-02-08 15:40 . 2007-01-04 12:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1wh.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 17:48 --------- d-----w C:\Documents and Settings\Simen\Programdata\Bioshock 2008-03-05 17:12 --------- d-----w C:\Documents and Settings\Simen\Programdata\Azureus 2008-03-05 13:30 --------- d-----w C:\Programfiler\Cheat Engine 2008-03-05 13:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-05 13:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-04 19:39 --------- d-----w C:\Programfiler\Windows Live Safety Center 2008-03-01 14:12 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-03-01 13:25 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-03-01 00:48 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-29 21:31 --------- d-----w C:\Programfiler\Steam 2008-02-29 19:51 --------- d-----w C:\Programfiler\Activision 2008-02-27 17:27 --------- d-----w C:\Programfiler\World of Warcraft 2008-02-14 19:17 --------- d-----w C:\Documents and Settings\Simen\Programdata\LimeWire 2008-02-08 19:29 28,224 ----a-w C:\WINDOWS\system32\EMP0ruaJ.exe 2008-02-03 11:09 --------- d-----w C:\Programfiler\Azureus 2008-02-02 00:42 --------- d-----w C:\Programfiler\Counter-Strike 1.6 2008-01-27 20:45 360,448 ----a-w C:\WINDOWS\system32\nvudisp.exe 2008-01-26 12:21 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-01-18 15:33 --------- d-----w C:\Programfiler\Stardock 2008-01-11 14:57 --------- d-----w C:\Documents and Settings\Simen\Programdata\Skype 2008-01-11 14:20 --------- d-----w C:\Documents and Settings\Simen\Programdata\skypePM 2008-01-07 20:50 --------- d-----w C:\Programfiler\Lavasoft 2008-01-05 11:03 --------- d-----w C:\Programfiler\iPod 2008-01-03 16:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-01-02 02:28 22,328 ----a-w C:\Documents and Settings\Simen\Programdata\PnkBstrK.sys 2008-01-02 02:28 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-02 02:27 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-01-02 02:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-20 20:32 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ------- Sigcheck ------- f5df21a595bc0057e08cf5594649edb7 C:\WINDOWS\explorer.exe ----a-w 1,422,848 2004-08-03 23:03:32 C:\WINDOWS\explorer.exe ----a-w 1,032,192 2004-08-03 23:03:32 C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 19:55 8523776] "nwiz"="nwiz.exe" [2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 19:55 81920] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05 2650112] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 14:02 579072] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:03 158208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 14:02 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 07:04 210168 C:\Programfiler\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289] --------- 2005-03-10 14:56 405504 C:\Programfiler\ULI5289\ALi5289.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 19:04 139264 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] C:\Programfiler\Blaero Start Orb\Blaero Start Orb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] C:\Programfiler\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 15:16 171464 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 14:08 136136 C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth] F:\Programfiler\HDD Health\HDDHealth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster] C:\Programfiler\ASUS\Ai Booster\OverClk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] C:\Programfiler\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-18 19:55 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] C:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-18 19:55 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] --a------ 2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 01:05 200704 C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-12 15:20 21686568 C:\Programfiler\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2007-12-01 13:04 1266936 C:\Programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Programfiler\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] C:\Programfiler\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] --a------ 2006-10-06 09:21 942080 C:\Programfiler\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "PnkBstrA"=2 (0x2) "mnmsrvc"=3 (0x3) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "ERSvc"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\Counter-Strike 1.6\\hl.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Programfiler\\Steam\\SteamApps\\nauitque\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Aspyr\\Guitar Hero III\\gh3.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 14:08] S3 BS_DEF;BS_DEF;C:\Programfiler\ASUS\AsusUpdate\BS_DEF.sys [] S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 12:01] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-01-04 12:01] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-01-04 12:01] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-01-04 12:01] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-01-04 12:01] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-01-04 12:01] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-01-04 12:01] . Contents of the 'Scheduled Tasks' folder "2008-03-01 21:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-04 23:00:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-02-29 08:00:01 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-02-29 09:00:01 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-01 10:00:01 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-01 11:00:01 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-03 12:00:01 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 13:00:01 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 14:00:03 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 15:00:02 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 16:00:01 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 17:00:01 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 00:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 18:00:01 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 19:00:01 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 20:00:01 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-04 21:00:01 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-04 22:00:02 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 01:00:01 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 02:00:01 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 03:00:01 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 04:00:01 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 05:00:01 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 06:00:01 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\EMP0ruaJ.exe "2008-03-05 07:00:01 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\EMP0ruaJ.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank"><a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a></a> Rootkit scan 2008-03-05 21:19:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-03-05 21:21:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-05 20:21:11 Unnskyld for lange innlegg, men greier ikke bruke den "vedlegg" funksjonen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:39, on 05.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.no/" target="_blank">http://www.google.no/</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4812 bytes Endret 5. mars 2008 av Nautique Lenke til kommentar
snippsat Skrevet 5. mars 2008 Del Skrevet 5. mars 2008 (endret) Da ser loggene bra ut Viss du ikke kjenner denne filen slett den. WINDOWS\system32\EMP0ruaJ.exe Anbefalt spyware software Superantispyware free Oprydding. Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Kjører pcen greit gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Endret 5. mars 2008 av SNIPPSAT Lenke til kommentar
Nautique Skrevet 5. mars 2008 Forfatter Del Skrevet 5. mars 2008 Tusen takk for hjelpen, har ikke hatt noen fler pop-ups nå, så er ganske sikker på at det funker : ) Lenke til kommentar
Nautique Skrevet 10. mai 2008 Forfatter Del Skrevet 10. mai 2008 (endret) Bumper denne tråden igjen jeg, da pop-upsene har kommet tilbake : ( Noen som kan lese igjennom loggfilen min igjen å si hva jeg skal slette? Da hadde jeg blitt evig takknemlig igjen : D Klikk for å se/fjerne innholdet nedenfor Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Azureus\Azureus.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4273 bytes Endret 11. mai 2008 av Nautique Lenke til kommentar
norbat Skrevet 11. mai 2008 Del Skrevet 11. mai 2008 Last ned og kjør ny combofix og post loggen. Lenke til kommentar
Nautique Skrevet 11. mai 2008 Forfatter Del Skrevet 11. mai 2008 Sånn? ; ) Combofix_log.txt Lenke til kommentar
norbat Skrevet 11. mai 2008 Del Skrevet 11. mai 2008 (endret) Åpne notisblokk og kopier/lim inn det som står i fet tekst under. Lagre fila som fjernjobb.bat på skrivebordet. Dobbeltklikk på fila og la skriptet kjøre. Klikk for å se/fjerne innholdet nedenfor %systemdrive% cd %WinDir%\Tasks attrib -r -s -h At1.job del At1.job attrib -r -s -h At2.job del At2.job attrib -r -s -h At3.job del At3.job attrib -r -s -h At4.job del At4.job attrib -r -s -h At5.job del At5.job attrib -r -s -h At6.job del At6.job attrib -r -s -h At7.job del At7.job attrib -r -s -h At8.job del At8.job attrib -r -s -h At9.job del At9.job attrib -r -s -h At10.job del At10.job attrib -r -s -h At11.job del At11.job attrib -r -s -h At12.job del At12.job attrib -r -s -h At13.job del At13.job attrib -r -s -h At14.job del At14.job attrib -r -s -h At15.job del At15.job attrib -r -s -h At16.job del At16.job attrib -r -s -h At17.job del At17.job attrib -r -s -h At18.job del At18.job attrib -r -s -h At19.job del At19.job attrib -r -s -h At20.job del At20.job attrib -r -s -h At21.job del At21.job attrib -r -s -h At22.job del At22.job attrib -r -s -h At23.job del At23.job attrib -r -s -h At24.job del At24.job attrib -r -s -h At25.job del At25.job attrib -r -s -h At26.job del At26.job attrib -r -s -h At27.job del At27.job attrib -r -s -h At28.job del At28.job attrib -r -s -h At29.job del At29.job attrib -r -s -h At30.job del At30.job attrib -r -s -h At31.job del At31.job attrib -r -s -h At32.job del At32.job attrib -r -s -h At33.job del At33.job attrib -r -s -h At34.job del At34.job attrib -r -s -h At35.job del At35.job attrib -r -s -h At36.job del At36.job attrib -r -s -h At37.job del At37.job attrib -r -s -h At38.job del At38.job attrib -r -s -h At39.job del At39.job attrib -r -s -h At40.job del At40.job attrib -r -s -h At41.job del At41.job attrib -r -s -h At42.job del At42.job attrib -r -s -h At43.job del At43.job attrib -r -s -h At44.job del At44.job attrib -r -s -h At45.job del At45.job attrib -r -s -h At46.job del At46.job attrib -r -s -h At47.job del At47.job attrib -r -s -h At48.job del At48.job Restart pc Fortell hvoran det går med popups. Endret 12. mai 2008 av norbat Lenke til kommentar
Nautique Skrevet 12. mai 2008 Forfatter Del Skrevet 12. mai 2008 (endret) Funket kjempe bra : D Endret 12. mai 2008 av Nautique Lenke til kommentar
norbat Skrevet 12. mai 2008 Del Skrevet 12. mai 2008 Fint. Du kunne også ha sjekket følgende fil: C:\WINDOWS\system32\lnqASrmb.exe, da jeg ikke finner noe info om den. Last den opp på Jotti og se om det blir noen treff. Lenke til kommentar
Nautique Skrevet 13. mai 2008 Forfatter Del Skrevet 13. mai 2008 ja lurte selv på hva det var, googla det, men fant ingen ting : / Lenke til kommentar
norbat Skrevet 13. mai 2008 Del Skrevet 13. mai 2008 Så sjekk den på jotti. Hvis det ikke er knyttet noen infeksjoner til fila, lar du den bare være. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå