Blir ikke kvittt poppup

[1915]

jeg får masse poppup fra IE. men jeg bruker ALDRI IE. men får poppup fordet. bruker bare firefox.

 

 

Klikk for å se/fjerne innholdet nedenfor

Start Time= 06.03.2008 16:43:20,89

 

QuickScan did not find any signs of infected files

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2008-03-05 17:06:44 ( .D... ) "C:\Documents and Settings\67\Programdata\BearShare"

2008-03-05 17:06:42 ( .D... ) "C:\Programfiler\BearShare Applications"

2008-02-28 21:35:08 ( .D... ) "C:\Documents and Settings\67\Programdata\LimeWire"

2008-02-28 16:34:22 ( .D... ) "C:\Programfiler\Valve"

2008-02-28 16:32:46 ( .D... ) "C:\Programfiler\proc bias barb"

2008-02-28 16:32:46 ( .D... ) "C:\Documents and Settings\67\Programdata\proc bias barb"

2008-02-28 16:32:34 ( .D... ) "C:\Programfiler\Circle Developement"

2008-02-28 16:32:32 ( .D... ) "C:\Programfiler\Windows Live"

2008-02-28 16:32:32 ( .D... ) "C:\Programfiler\Messenger Plus! Live"

2008-02-26 21:27:04 ( .D... ) "C:\Programfiler\MSN Messenger"

2008-02-26 17:51:38 ( .D... ) "C:\Programfiler\Guitar Pro 5"

2008-02-25 22:13:48 ( .D... ) "C:\Documents and Settings\67\Programdata\Teleca"

2008-02-25 22:13:24 ( .D... ) "C:\Documents and Settings\67\Programdata\Sony Ericsson"

2008-02-25 22:11:20 ( .D... ) "C:\Programfiler\Fellesfiler\Sony Ericsson Shared"

2008-02-25 22:11:16 ( .D... ) "C:\Programfiler\Sony Ericsson"

2008-02-25 22:11:16 ( .D... ) "C:\Programfiler\Fellesfiler\Teleca Shared"

2008-02-25 22:09:08 ( .D... ) "C:\Programfiler\Disc2Phone"

2008-02-25 19:13:28 ( .D... ) "C:\Documents and Settings\67\Programdata\dvdcss"

2008-02-25 18:29:00 ( .D... ) "C:\Programfiler\Fellesfiler\Macrovision Shared"

2008-02-25 18:24:04 ( .D... ) "C:\Programfiler\Fellesfiler\DESIGNER"

2008-02-25 18:24:02 ( .D... ) "C:\Programfiler\Microsoft Works"

2008-02-25 18:23:56 ( .D... ) "C:\Programfiler\Microsoft Visual Studio"

2008-02-25 18:23:46 ( .D... ) "C:\Programfiler\Microsoft.NET"

2008-02-25 18:23:46 ( .D... ) "C:\Programfiler\Microsoft Office"

2008-02-25 18:18:32 ( .D... ) "C:\Programfiler\LogMeIn"

2008-02-25 18:17:12 ( .D... ) "C:\Documents and Settings\67\Programdata\WinRAR"

2008-02-25 18:09:38 ( .D... ) "C:\Documents and Settings\67\Programdata\Sun"

2008-02-25 17:33:52 ( .D... ) "C:\Documents and Settings\67\Programdata\Macromedia"

2008-02-25 17:31:24 ( .D... ) "C:\Documents and Settings\67\Programdata\Thunderbird"

2008-02-25 17:30:00 ( .D... ) "C:\Programfiler\DAEMON Tools"

2008-02-25 17:27:56 ( .D... ) "C:\Programfiler\Bonjour"

2008-02-25 17:26:12 ( .D... ) "C:\Programfiler\Audacity"

2008-02-25 17:25:30 ( .D... ) "C:\Documents and Settings\67\Programdata\Creative"

2008-02-25 17:22:04 ( .D... ) "C:\Programfiler\PowerISO"

2008-02-25 17:17:26 299392 ( A.... ) "C:\WINDOWS\system32\imon.dll"

2008-02-25 17:17:26 ( .D... ) "C:\Programfiler\ESET"

2008-02-25 17:15:50 ( .D... ) "C:\Documents and Settings\67\Programdata\Ahead"

2008-02-25 17:15:32 ( .D... ) "C:\Programfiler\Fellesfiler\ODBC"

2008-02-25 17:15:30 ( .D... ) "C:\Programfiler\Fellesfiler\SpeechEngines"

2008-02-25 17:15:30 ( .D... ) "C:\Programfiler\Fellesfiler\Microsoft Shared"

2008-02-25 17:15:30 ( .D... ) "C:\Programfiler\Fellesfiler"

2008-02-25 17:15:24 ( .D... ) "C:\Programfiler\Nero"

2008-02-25 17:15:24 ( .D... ) "C:\Programfiler\Fellesfiler\Ahead"

2008-02-25 17:15:10 62 ( A.SH. ) "C:\Documents and Settings\67\Programdata\desktop.ini"

2008-02-25 17:11:42 ( .D... ) "C:\Programfiler\Mozilla Thunderbird"

2008-02-25 17:10:22 ( .D... ) "C:\Programfiler\PowerStrip"

2008-02-25 17:08:44 ( .D... ) "C:\Programfiler\Winamp"

2008-02-25 17:08:44 ( .D... ) "C:\Documents and Settings\67\Programdata\Winamp"

2008-02-25 17:07:58 ( .D... ) "C:\Programfiler\Fellesfiler\Logitech"

2008-02-25 17:07:52 ( .D... ) "C:\Programfiler\Logitech"

2008-02-25 17:05:02 ( .D... ) "C:\Documents and Settings\67\Programdata\Mozilla"

2008-02-25 16:46:24 ( .D... ) "C:\Documents and Settings\67\Programdata\Adobe"

2008-02-25 16:44:08 ( .D... ) "C:\Programfiler\Windows Media Connect 2"

2008-02-25 16:41:52 ( .D... ) "C:\Programfiler\Java"

2008-02-25 16:41:52 ( .D... ) "C:\Programfiler\Fellesfiler\Java"

2008-02-25 16:40:44 ( .D... ) "C:\Programfiler\uTorrent"

2008-02-25 16:40:44 ( .D... ) "C:\Documents and Settings\67\Programdata\uTorrent"

2008-02-25 16:40:32 ( .D... ) "C:\Programfiler\ImgBurn"

2008-02-25 16:40:22 ( .D... ) "C:\Documents and Settings\67\Programdata\vlc"

2008-02-25 16:40:12 ( .D... ) "C:\Programfiler\VideoLAN"

2008-02-25 16:39:46 ( .D... ) "C:\Programfiler\Mozilla Firefox"

2008-02-25 16:39:38 ( .D... ) "C:\Programfiler\DAMN NFO Viewer"

2008-02-25 16:39:16 ( .D... ) "C:\Programfiler\Yahoo!"

2008-02-25 16:39:10 ( .D... ) "C:\Programfiler\CCleaner"

2008-02-25 16:39:08 ( .D... ) "C:\Programfiler\Fellesfiler\Adobe"

2008-02-25 16:39:08 ( .D... ) "C:\Programfiler\Adobe"

2008-02-25 16:38:34 ( .D... ) "C:\Programfiler\WinRAR"

2008-02-25 16:37:08 ( .D... ) "C:\Programfiler\Creative"

2008-02-25 16:35:30 ( .D... ) "C:\Programfiler\Realtek"

2008-02-25 16:34:28 ( .D.H. ) "C:\Programfiler\InstallShield Installation Information"

2008-02-25 16:34:24 ( .D... ) "C:\Programfiler\NVIDIA Corporation"

2008-02-25 16:33:32 ( .D... ) "C:\Programfiler\Fellesfiler\InstallShield"

2008-02-25 16:31:06 ( .D.H. ) "C:\Programfiler\Uninstall Information"

2008-02-25 16:31:06 ( .D... ) "C:\Documents and Settings\67\Programdata\Identities"

2008-02-25 16:31:02 ( .DS.. ) "C:\Documents and Settings\67\Programdata\Microsoft"

2008-02-25 16:27:50 ( .D... ) "C:\Programfiler\xerox"

2008-02-25 16:27:50 ( .D... ) "C:\Programfiler\microsoft frontpage"

2008-02-25 16:27:40 0 ( A.... ) "C:\AUTOEXEC.BAT"

2008-02-25 16:26:58 ( .D.H. ) "C:\Programfiler\WindowsUpdate"

2008-02-25 16:26:56 ( .D... ) "C:\Programfiler\Elektroniske tjenester"

2008-02-25 16:26:20 ( .D... ) "C:\Programfiler\Fellesfiler\Tjenester"

2008-02-25 16:26:16 ( .D... ) "C:\Programfiler\Fellesfiler\MSSoap"

2008-02-25 16:26:06 ( .D... ) "C:\Programfiler\Movie Maker"

2008-02-25 16:25:56 ( .D... ) "C:\Programfiler\NetMeeting"

2008-02-25 16:25:54 ( .D... ) "C:\Programfiler\Outlook Express"

2008-02-25 16:25:50 ( .D... ) "C:\Programfiler\Fellesfiler\System"

2008-02-25 16:25:44 ( .D... ) "C:\Programfiler\Internet Explorer"

2008-02-25 16:25:26 ( .D... ) "C:\Programfiler\ComPlus Applications"

2008-02-25 16:25:16 ( .D... ) "C:\Programfiler\Windows Media Player"

2008-02-25 16:25:12 ( .D... ) "C:\Programfiler\Messenger"

2008-02-25 16:25:10 ( .D... ) "C:\Programfiler\MSN Gaming Zone"

2008-02-25 16:24:46 ( .D... ) "C:\Programfiler\Windows NT"

 

 

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

@=""

"NVIDIA nTune"="\"C:\\Programfiler\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"

"RTHDCPL"="RTHDCPL.EXE"

"SkyTel"="SkyTel.EXE"

"Alcmtr"="ALCMTR.EXE"

"Launch LGDCore"="\"C:\\Programfiler\\Fellesfiler\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"

"Launch LCDMon"="\"C:\\Programfiler\\Fellesfiler\\Logitech\\LCD Manager\\lcdmon.exe\""

"PowerStrip"="c:\\programfiler\\powerstrip\\pstrip.exe"

"nod32kui"="\"C:\\Programfiler\\Eset\\nod32kui.exe\" /WAITSERVICE"

"LogMeIn GUI"="\"C:\\Programfiler\\LogMeIn\\x86\\LogMeInSystray.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"uTorrent"="\"C:\\Programfiler\\uTorrent\\uTorrent.exe\""

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NMBgMonitor.exe\""

"viewbird"="C:\\DOCUME~1\\67\\PROGRA~1\\PROCBI~1\\Browsevga.exe"

"Steam"="\"c:\\programfiler\\valve\\steam\\steam.exe\" -silent"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]

@=""

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Programmer\\Oppstart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Programmer\\Oppstart\\Adobe Reader Synchronizer.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "

"item"="Adobe Reader Synchronizer"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CamTray"

"hkey"="HKCU"

"command"="\"C:\\Programfiler\\Creative\\Shared Files\\CamTray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Application Launcher"

"hkey"="HKLM"

"command"="\"C:\\Programfiler\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="\"C:\\Programfiler\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="System Files Updater"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="C:\\Programfiler\\Winamp\\winampa.exe"

"inimapping"="0"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AC4F88CC91B8075C.job

 

Completion time: 06.03.2008 16:43:57,64

ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

 

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 16:45:54, on 06.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\programfiler\powerstrip\pstrip.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\uTorrent\uTorrent.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\LogMeIn\x86\RaMaint.exe

C:\Programfiler\LogMeIn\x86\LogMeIn.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Eset\nod32krn.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE

C:\Programfiler\Mozilla Firefox\firefox.exe

E:\Progs\VirusProg\hijackthis_sfx\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [viewbird] C:\DOCUME~1\67\PROGRA~1\PROCBI~1\Browsevga.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{67D92898-8D10-4875-9C6F-26896306D260}: NameServer = 10.0.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

noen som kan hjelpe ?

[norbat]

Du har en Lop.com infeksjon. Skyldes mest sannsynlig Messenger Plus Live.

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Trenger ikke å se ny logg.

File::

C:\WINDOWS\tasks\AC4F88CC91B8075C.job

 

Folder::

C:\Programfiler\proc bias barb

C:\Documents and Settings\67\Programdata\proc bias barb

 

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"viewbird"=-

 

Fortell hvordan det går med popups.

[1915]

takk for hjelpen norbat. men pcn hengte seg opp på alt av programmer så jeg formaterte. nå er den fin som ny =)