"[LØST] Får konstante pop-ups, HJT-logg"

xaroncss · 14. mai 2008

Jeg får 2 pop-ups ca hvert min. Først fra Firefox, og så en fra iexplorer. Veldig irriterende.

Har prøvd å fikse det ved hjelp av flere spyware og anti-virus programmer.

,

Hadde vært trivelig med litt hjelp =)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:31:08, on 14.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\SPYWAREfighter\spftray.exe

C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

C:\Programfiler\Last.fm\LastFMHelper.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\Programfiler\SPYWAREfighter\spfprc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Stian\Skrivebord\HJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Programfiler\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191589338359

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programfiler\SPYWAREfighter\spfprc.exe

--

End of file - 10343 bytes

Endret 16. mai 2008 av xaroncss

snippsat · 14. mai 2008

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Fjern alt denne spywaresofware som ikke har så mye for seg tar en del ressurser

Bruk denne når du fjerner.

http://www.revouninstaller.com/

Skal scanne med sas senere.

Endret 14. mai 2008 av SNIPPSAT

xaroncss · 15. mai 2008

Jeg skjønte ikke helt hva jeg skulle fjærne, og hvordan..?

hær er combofix loggen:

ComboFix 08-05-12.1 - Stian 2008-05-15 16:56:20.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.481 [GMT 1:00]

Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.

((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))

.

2008-05-13 19:22 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-05-13 19:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-05-13 19:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-05-13 19:22 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-25 20:13 . 2008-04-25 20:13 <DIR> d-------- C:\USB_DRV

2008-04-25 19:39 . 2008-04-25 19:39 <DIR> d-------- C:\Drivers

2008-04-25 19:39 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys

2008-04-25 19:39 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys

2008-04-25 19:39 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL

2008-04-25 19:39 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys

2008-04-25 19:39 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys

2008-04-25 19:39 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll

2008-04-25 19:38 . 2008-04-25 19:39 <DIR> d-------- C:\USB driv

2008-04-24 20:13 . 2008-04-24 20:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Control Panels

2008-04-24 20:10 . 2008-04-24 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ALM

2008-04-24 19:42 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll

2008-04-24 19:42 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe

2008-04-24 19:25 . 2008-04-24 19:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d-------- C:\Programfiler\MagicISO

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 16:02 167,545 ------w C:\WINDOWS\system32\drivers\core.cache.dsk

2008-05-11 22:21 --------- d-----w C:\Documents and Settings\Stian\Programdata\AVG7

2008-05-08 15:28 --------- d-----w C:\Programfiler\Steam

2008-04-30 20:11 --------- d-----w C:\Documents and Settings\Stian\Programdata\LimeWire

2008-04-25 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-24 19:14 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-04-23 17:42 --------- d-----w C:\Programfiler\DivX

2008-04-22 14:23 --------- d-----w C:\Programfiler\Winamp

2008-04-22 14:17 --------- d-----w C:\Documents and Settings\Stian\Programdata\Winamp

2008-04-16 20:08 --------- d-----w C:\Programfiler\LimeWire

2008-04-12 14:28 --------- d-----w C:\Documents and Settings\Stian\Programdata\dvdcss

2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 21:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-19 21:09 --------- d-----w C:\Programfiler\Lavasoft

2008-03-19 04:40 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-18 16:06 --------- d-----w C:\Programfiler\SPYWAREfighter

2008-03-18 16:06 --------- d-----w C:\Programfiler\Fellesfiler\Application

2008-03-15 15:51 --------- d-----w C:\Documents and Settings\Stian\Programdata\AdobeUM

2008-03-12 15:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-21 14:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-12 20:01 1 ----a-w C:\Documents and Settings\Stian\SI.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]

"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]

"itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08 813912]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 22:21 1838592]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:08 579584]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"spywarefighterguard"="C:\Programfiler\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 23:14 219136]

C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\

Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-04 14:44:13 106496]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-15 00:28:35 692224]

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-08-15 00:26:46 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\BitLord\\BitLord.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Steam\\steamapps\\xazumi\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\Steam\\steamapps\\xazumi\\counter-strike\\hl.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\StepMania CVS\\Program\\StepMania.exe"=

"C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 enum13944;enum13944;C:\WINDOWS\system32\drivers\enum13944.sys [2008-01-13 23:14]

R3 SpyFighter;SpyFighter Guard Device;C:\Programfiler\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programfiler\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]

S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b380f7d-2103-11dd-a553-001109dccddc}]

\Shell\AutoRun\command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7524cb3-415d-11dc-8590-806d6172696f}]

\Shell\AutoRun\command - F:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-03-12 14:04:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 17:03:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2008-05-15 17:17:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-15 16:16:11

ComboFix2.txt 2008-01-13 17:02:47

Pre-Run: 35,026,231,296 byte ledig

Post-Run: 35,134,578,688 byte ledig

184 --- E O F --- 2008-05-14 14:50:10

Endret 15. mai 2008 av xaroncss

r2d290 · 15. mai 2008

Tror han mener at du skal fjerne spywaresoftwaren (altså som du sier selv "ved hjelp av flere spyware og anti-virus programmer.")

Du skal altså bruke http://www.revouninstaller.com/ når du sletter disse programmene (siden visse program kan være vanskelig å fjerne)

Dette skal du gjøre fordi programmene du har brukt sikkert ikke er de beste, samt at de tar mye resurser. Vi skal fikse problemet ditt manuelt, og så kan vi gi deg råd om spyware/antivirusprogram etterpå

xaroncss · 15. mai 2008

Skjønner. Da fikser jeg det

xaroncss · 15. mai 2008

Sånn! Tror jeg er klar for neste steg =)

Btw, Revo Uninstaller var utrolig høvelig Fikk rydda opp i masse x)

snippsat · 15. mai 2008

Ad-Aware---SPYWAREfighter---SPYBOT du kan god ha disse,det jeg mener at SAS gjør jobben disse gjør alene.

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\system32\drivers\core.cache.dsk

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

Si litt om pcen kjører greit så fjerner vi combofix etter dette.

Endret 15. mai 2008 av SNIPPSAT

xaroncss · 15. mai 2008

SAS logg:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/15/2008 at 09:03 PM

Application Version : 4.0.1154

Core Rules Database Version : 3461

Trace Rules Database Version: 1452

Scan type : Complete Scan

Total Scan Time : 00:25:19

Memory items scanned : 383

Memory threats detected : 0

Registry items scanned : 4409

Registry threats detected : 0

File items scanned : 23521

File threats detected : 13

Adware.Tracking Cookie

C:\Documents and Settings\Stian\Cookies\[email protected][1].txt

C:\Documents and Settings\Stian\Cookies\stian@revsci[2].txt

C:\Documents and Settings\Stian\Cookies\stian@serving-sys[1].txt

C:\Documents and Settings\Stian\Cookies\stian@atdmt[2].txt

C:\Documents and Settings\Stian\Cookies\[email protected][2].txt

C:\Documents and Settings\Stian\Cookies\[email protected][1].txt

C:\Documents and Settings\Stian\Cookies\[email protected][2].txt

C:\Documents and Settings\Stian\Cookies\stian@adtech[1].txt

C:\Documents and Settings\Stian\Cookies\[email protected][1].txt

RootKit.TnCore/Trace

C:\WINDOWS\system32\drivers\core.cache.dsk

Rootkit.TNCore-Variant/A

C:\WINDOWS\SYSTEM32\DRIVERS\ENUM13944.SYS

Skal laste ned CCleaner nå =)

Endret 15. mai 2008 av xaroncss

xaroncss · 15. mai 2008

Ser ut som at PCen kjører som den skal Hærlig

r2d290 · 15. mai 2008

Fint.

Start->kjør->skriv: combofix /u

Dette vil avinstallere combofix, slette filer i karantene, og opprette et nytt gjennoprettingspunkt (et "friskt" punkt du kan sette pc-en tilbake til hvis du får problemer senere).

SAS beholder du. Hold det oppdatert og scan litt av og til, og avinstaller andre antispyware-programmer

Ccleaner kan du også gjerne beholde, eller avinstallere fra legg til/fjern programmer

Avenger vet jeg ikke helt hvordan du avinstallerer, men se om den ligger i legg til/fjern programmer

Kan også gjerne avinstallere hijackthis. Er så lite, at det går raskt å laste ned på nytt. Avinstalleres fra legg til/fjern programmer.

Bruk pc-en ut kvelden, og hvis alt er som det skal, endrer du emnetittelen din, ved å redigere førstepost med FULL redigering, og skrive:

[LØST]

foran emnetittelen din

Dette vil gjøre det mer ryddig på forumet...

xaroncss · 16. mai 2008

Alt virker som det skal Tusen takk for hjelpen!

Logg inn

"[LØST] Får konstante pop-ups, HJT-logg"

Anbefalte innlegg

xaroncss

Lenke til kommentar

Videoannonse

snippsat

Lenke til kommentar

xaroncss

Lenke til kommentar

r2d290

Lenke til kommentar

xaroncss

Lenke til kommentar

xaroncss

Lenke til kommentar

snippsat

Lenke til kommentar

xaroncss

Lenke til kommentar

xaroncss

Lenke til kommentar

r2d290

Lenke til kommentar

xaroncss

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3647

Tinder er skadelig for menn. 1 2 3 4 245

Hvem er aktive 0 medlemmer