ungkar1 Skrevet 26. april 2008 Del Skrevet 26. april 2008 (endret) jeg har fått adware på pcen. jeg får ikke slettet det. kan noen hjelpe meg Endret 26. april 2008 av needhelp99 Lenke til kommentar
snippsat Skrevet 26. april 2008 Del Skrevet 26. april 2008 Hei! Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Lenke til kommentar
ungkar1 Skrevet 26. april 2008 Forfatter Del Skrevet 26. april 2008 [1skjul] logg her [1/skjul] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:01:00, on 26.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\luall.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Innholdsfortegnelse for OneNote.onetoc2 (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Innholdsfortegnelse for OneNote.onetoc2 (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: Innholdsfortegnelse for OneNote.onetoc2 O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/...E_5.3.0.228.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179074037406 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 10570 bytes Lenke til kommentar
snippsat Skrevet 26. april 2008 Del Skrevet 26. april 2008 Ser greit og ut i denne loggen. Kjøre en som går dypere. Du har rester fra norton som kjører,bruk denne. Norton-Removal-Tool Husk at du skal fjerne 1,for skjult tekst. Da blir det sånn. Klikk for å se/fjerne innholdet nedenfor logg her Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
ungkar1 Skrevet 26. april 2008 Forfatter Del Skrevet 26. april 2008 Ser greit og ut i denne loggen.Kjøre en som går dypere. Du har rester fra norton som kjører,bruk denne. Norton-Removal-Tool Husk at du skal fjerne 1,for skjult tekst. Da blir det sånn. Klikk for å se/fjerne innholdet nedenfor logg her Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-24.1 - anonym 2008-04-26 14:24:30.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1323 [GMT 2:00] Running from: C:\Documents and Settings\anonym\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 13:56 . 2008-04-26 13:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-26 13:41 . 2008-04-26 13:42 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\AVG 2008-04-26 12:37 . 2008-04-26 12:39 <DIR> d-------- C:\Documents and Settings\anonym\Application Data\AVGTOOLBAR 2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-04-26 12:37 . 2008-04-26 12:37 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-04-26 12:37 . 2008-04-26 12:37 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-04-26 12:37 . 2008-04-26 12:37 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-04-25 20:21 . 2008-04-25 20:21 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-25 10:30 . 2008-04-25 10:30 6,230 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate 2008-04-22 21:46 . 2008-04-22 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania 2008-04-21 18:26 . 2008-04-21 18:26 <DIR> d-------- C:\Program Files\InterMute 2008-04-20 10:36 . 2008-04-20 10:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-20 10:20 . 2008-04-21 07:45 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-19 14:44 . 2008-04-19 23:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-04-19 14:44 . 2008-04-19 23:32 <DIR> d-------- C:\Documents and Settings\anonym\Application Data\SUPERAntiSpyware.com 2008-04-19 14:44 . 2008-04-19 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-18 07:53 . 2008-04-18 07:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-04-15 20:02 . 2008-04-20 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-11 22:16 . 2008-04-15 17:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-09 18:09 . 2008-04-09 18:09 <DIR> d-------- C:\Program Files\iPod 2008-04-09 18:09 . 2008-04-26 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-09 18:09 . 2008-04-09 18:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-09 18:08 . 2008-04-09 18:09 <DIR> d-------- C:\Program Files\iTunes 2008-04-03 16:53 . 2008-04-03 16:53 <DIR> d-------- C:\Program Files\Bonjour 2008-04-03 16:52 . 2008-04-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-04-03 16:52 . 2008-04-03 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-04-03 16:52 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-04-02 16:47 . 2008-04-19 11:58 <DIR> d-------- C:\Program Files\LimeWire 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 10:52 --------- d-----w C:\Program Files\Steam 2008-04-26 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-25 19:35 --------- d-----w C:\Program Files\Opera 2008-04-25 17:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-25 14:49 --------- d-----w C:\Program Files\Google 2008-04-19 09:32 --------- d-----w C:\Documents and Settings\anonym\Application Data\LimeWire 2008-04-15 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony 2008-04-15 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-04-15 19:02 --------- d-----w C:\Program Files\Sports Interactive 2008-04-10 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-09 16:08 --------- d-----w C:\Program Files\QuickTime 2008-04-09 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-03 14:54 --------- d-----w C:\Documents and Settings\anonym\Application Data\Apple Computer 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-18 09:13 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Suite 2008-03-12 15:29 --------- d-----w C:\Program Files\PowerShot 2008-03-10 21:04 --------- d-----w C:\Program Files\Java 2008-03-10 20:51 --------- d-----w C:\Program Files\Windows Live 2008-03-09 20:33 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-04 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-24_20.02.40,37 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-24 13:22:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-26 10:46:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-25 18:21:17 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-26 10:37:32 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2007-10-11 13:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll - 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2008-03-20 12:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 2008-04-26 12:37 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-26 12:37 2050816] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-26 12:37 2050816] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 18:39 975360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360] "Steam"="c:\program files\steam\steam.exe" [2008-03-28 17:05 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 16:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 19:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 15:57 573440] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 15:36 774233] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 17:11 7577600] "nwiz"="nwiz.exe" [2006-06-12 17:11 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 17:11 86016] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 14:40 106496] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 08:15 102400] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 12:37 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 16:00 15360] C:\Documents and Settings\anonym\Start Menu\Programs\Startup\ Innholdsfortegnelse for OneNote.onetoc2 [2007-11-14 12:18:15 3656] OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mpegacm"= mpegacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27486:TCP"= 27486:TCP:BitComet 27486 TCP "27486:UDP"= 27486:UDP:BitComet 27486 UDP R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 12:37] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 12:37] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 12:37] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 12:37] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80450246-d95a-11dc-9471-0018decaf17e}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://adfarm.mediaplex.com/ad/ck/7022-425...6666-0?rfr=2799 *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-21 14:10:00 C:\WINDOWS\Tasks\Advanced Registry Optimizer.job" - C:\Program Files\Advanced Registry Optimizer\ARO.exe "2008-04-26 10:48:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 14:26:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 3 ************************************************************************** . Completion time: 2008-04-26 14:27:15 ComboFix-quarantined-files.txt 2008-04-26 12:27:08 ComboFix2.txt 2008-04-24 18:03:19 Pre-Run: 115,332,431,872 bytes free Post-Run: 115,358,515,200 bytes free 194 --- E O F --- 2008-04-10 14:18:21 jeg bruker norten som antivirus program. Lenke til kommentar
snippsat Skrevet 26. april 2008 Del Skrevet 26. april 2008 (endret) Du må velge mellom avg8 eller norton. Du kan ikke ha 2 antivirus på systemet det blir konfilkt. Comofix-loggen er ren. Du må si hvem program som sier at du har adware og hvor dette skal ligge. Gjøre dette dette,så kan du scanne igjen med program som finner adware. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Endret 26. april 2008 av SNIPPSAT Lenke til kommentar
ungkar1 Skrevet 26. april 2008 Forfatter Del Skrevet 26. april 2008 sånn. det er gjort. fant ikke adware på pcen nå. takk for hjelpen Lenke til kommentar
snippsat Skrevet 26. april 2008 Del Skrevet 26. april 2008 Den er grei. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf Trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå