[LØST] Får CID popups heletiden, blir flere og flere

13 innlegg i emnet

Skrevet

Heisann. Jeg har et veldig irriterende problem. Når jeg bruker Internet Explorer, så popuer det opp CID reklame hele tiden. Det blir flere og flere. Jeg har formatert over 5 ganger nå uten nytte. Har prøvdt Hijakcthis , søkt med Ad-aware, ccleaner, Ncleaner, søkt etter Virus med ESET, uten nytte. Det er ikke noe tegn til spyware eller noe sånt.

Jeg finner ikke ut hva problemet er engang. Noen som kan gi meg løsning på dette irriterende problemet :) ?

Takker på forhånd :)

mvh: Hassonn

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvilken versjon av internet explorer bruker du 6/7?

Har du testet Firefox eller opera med samme problem?

Går du på noen spessiel side som gjør at det kommer opp popuer vinduer?

Har du tilatt popups/ sidene kan åpne et nytt vindu?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Takk for raskt svar

Jeg bruker egentelig Firefox, men har IE 7

Har Windows Vista home premium . <---- Hvios det er til nytte

nei , jeg har går ikke på none spessiele sider. Det skjer hvergang jeg starter IE 7

Jeg har sånn popup deaktiverings greie .

Når jeg trykker CTRL + SHIFT + ECS = Oppgavebehandling, så ser jeg ieexplorer 2 ganger, men jeg bruker jo ikke programet

EDIT:

har søkt på Google, og har prøvdt Norbat sitt tips , ang system 32 filer/ ect eller noe sånt, der fjernet jeg alt som har noe med CID og gjøre, men det hjalp ikke noe stort.

Fant tipset til Norbat her

EDIT 2: On It Norbat :D Thanks

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Post gjerne en combofix-logg, Hassonn, så ser vi hva som bør gjøres:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Norbat, her er loggen :

ComboFix 08-03-30.2 - Hassan 2008-03-30 15:25:35.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.253 [GMT 2:00]

Running from: C:\Users\Hassan\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\w32apiw.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 13:27 --------- d-----w C:\Users\Hassan\AppData\Roaming\uTorrent

2008-03-30 13:23 --------- d-----w C:\Users\Hassan\AppData\Roaming\TeraCopy

2008-03-30 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-30 13:12 --------- d-----w C:\Program Files\Electronic Arts

2008-03-30 12:36 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-30 11:42 --------- d-----w C:\ProgramData\Messenger Plus!

2008-03-30 10:38 --------- d-----w C:\ProgramData\This Keep

2008-03-30 10:38 --------- d-----w C:\ProgramData\Browse Dent Win Base

2008-03-30 10:38 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-30 10:38 --------- d-----w C:\Program Files\Circle Developement

2008-03-30 09:24 --------- d-----w C:\ProgramData\NVIDIA

2008-03-30 09:24 --------- d-----w C:\Program Files\PowerISO

2008-03-30 09:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-03-30 00:19 114 ----a-w C:\sccfg.sys

2008-03-30 00:16 35,363 ----a-w C:\Windows\System32\windrvNT.sys

2008-03-30 00:16 --------- d-----w C:\Program Files\Folder Lock

2008-03-29 11:00 --------- d-----w C:\Program Files\Java

2008-03-29 10:58 --------- d-----w C:\Program Files\Common Files\Java

2008-03-28 18:17 --------- d-----w C:\Program Files\FlashGet

2008-03-28 18:16 --------- d-----w C:\Users\Hassan\AppData\Roaming\FlashGet

2008-03-28 17:59 --------- d-----w C:\Users\Hassan\AppData\Roaming\vlc

2008-03-28 13:20 174 --sha-w C:\Program Files\desktop.ini

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Sidebar

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Mail

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Defender

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Calendar

2008-03-28 13:04 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-03-28 13:04 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-03-28 13:04 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-03-28 13:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-03-28 13:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-03-28 13:03 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-03-28 13:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-03-28 13:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-03-28 13:03 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-03-28 13:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-03-28 13:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-03-28 13:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-03-28 13:03 2,923,520 ----a-w C:\Windows\explorer.exe

2008-03-28 13:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-03-28 13:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-03-28 13:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-03-28 13:00 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-03-28 13:00 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-03-28 12:53 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-03-28 12:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-03-28 12:51 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-03-28 12:50 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-03-28 12:50 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-03-28 12:50 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-03-28 12:50 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-03-28 12:50 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-03-28 12:49 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-03-28 12:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2008-03-28 12:49 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-03-28 12:49 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-03-28 12:49 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-03-28 12:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2008-03-28 12:49 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-03-28 12:49 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-03-28 12:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2008-03-28 12:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-03-28 12:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-03-28 12:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-03-28 12:48 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-03-28 12:48 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-03-28 12:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-03-28 12:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-03-28 12:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-03-28 12:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-03-28 12:48 104,448 ----a-w C:\Windows\System32\DWWIN.EXE

2008-03-28 12:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-03-28 12:47 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-03-28 12:47 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-03-28 12:47 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-03-28 12:47 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-03-28 12:47 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-03-28 12:46 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-03-28 12:46 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-03-28 12:46 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-03-28 12:45 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-03-28 12:45 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-03-28 12:45 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-03-28 12:45 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-03-28 12:45 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-03-28 12:45 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-03-28 12:45 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-03-28 12:45 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-03-28 12:45 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-03-28 12:45 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-03-28 12:43 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-03-28 12:43 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2008-03-28 12:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-28 12:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-28 12:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-03-28 12:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-03-28 12:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-03-28 12:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-03-28 12:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-03-28 12:42 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-28 14:43 1232896]

"Bore Corn"="C:\ProgramData\mapi bags bags.62hpus" [2008-03-30 12:38 282640]

"Win Base 4 Download"="C:\ProgramData\poke meow exit.io4zs" [2008-03-30 12:38 245776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-28 14:54 1006264]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 12:06 1443072]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-02 15:12 4317184 C:\Windows\RtHDVCpl.exe]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-24 20:52 13531680]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-24 20:52 92704]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{8B635FFB-7BF3-407E-BAD9-27C495CDCA5C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{A4BC95D7-EB9A-410F-80BE-B6DBC560EF71}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{5E458E29-B3E5-442A-B7CB-89285CEF169F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-07-27 19:12]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-30 15:28:12

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-30 15:28:41

ComboFix-quarantined-files.txt 2008-03-30 13:28:38

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-03-28 13:05:46 --- E O F ---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Før vi gjør noe annet, Hassonn, avinstallerer du Messenger Plus! / Messenger Plus! Live da problemet ditt mest sannsynlig er knyttet til dette. Etterpå lager du en ny combofix-logg, så tar vi det som ligger igjen.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Før vi gjør noe annet, Hassonn, avinstallerer du Messenger Plus! da problemet ditt mest sannsynlig er knyttet til dette. Etterpå lager du en ny combofix-logg, så tar vi det som ligger igjen.

Okey, :) men får jeg ikke bruke MSN plus lenger, ?

EDIT 1:

Åjah, jeg tror jeg fant det ut nå, jeg trykket på, sponsor greie da jeg skulle innsalere msn plus og når jeg inne på avinstaler programmer , så står det på MSN plus (CID)

så det kan være hele problemet man tro ?

EDIT2: Har fjernet Msn plus nå, skal kjøre combofix igjen :)

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja, under rensingen er det veldig greit at du fjerner MSN Plus. Etterpå kan du installere det uten sponsorprog. om du MÅ ha MSN Plus. Program som støtter Adware har jeg liten sans for.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja, under rensingen er det veldig greit at du fjerner MSN Plus. Etterpå kan du installere det uten sponsorprog. om du MÅ ha MSN Plus. Program som støtter Adware har jeg liten sans for.

Okey... ;:)

Her er Loggen

ComboFix 08-03-30.2 - Hassan 2008-03-30 15:44:32.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.379 [GMT 2:00]

Running from: C:\Users\Hassan\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 13:44 --------- d-----w C:\Users\Hassan\AppData\Roaming\uTorrent

2008-03-30 13:23 --------- d-----w C:\Users\Hassan\AppData\Roaming\TeraCopy

2008-03-30 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-30 13:12 --------- d-----w C:\Program Files\Electronic Arts

2008-03-30 12:36 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-30 09:24 --------- d-----w C:\ProgramData\NVIDIA

2008-03-30 09:24 --------- d-----w C:\Program Files\PowerISO

2008-03-30 09:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-03-30 00:19 114 ----a-w C:\sccfg.sys

2008-03-30 00:16 35,363 ----a-w C:\Windows\System32\windrvNT.sys

2008-03-30 00:16 --------- d-----w C:\Program Files\Folder Lock

2008-03-29 11:00 --------- d-----w C:\Program Files\Java

2008-03-29 10:58 --------- d-----w C:\Program Files\Common Files\Java

2008-03-28 18:17 --------- d-----w C:\Program Files\FlashGet

2008-03-28 18:16 --------- d-----w C:\Users\Hassan\AppData\Roaming\FlashGet

2008-03-28 17:59 --------- d-----w C:\Users\Hassan\AppData\Roaming\vlc

2008-03-28 13:20 174 --sha-w C:\Program Files\desktop.ini

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Sidebar

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Mail

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Defender

2008-03-28 13:17 --------- d-----w C:\Program Files\Windows Calendar

2008-03-28 13:04 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-03-28 13:04 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-03-28 13:04 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-03-28 13:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-03-28 13:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-03-28 13:03 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-03-28 13:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-03-28 13:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-03-28 13:03 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-03-28 13:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-03-28 13:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-03-28 13:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-03-28 13:03 2,923,520 ----a-w C:\Windows\explorer.exe

2008-03-28 13:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-03-28 13:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-03-28 13:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-03-28 13:00 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-03-28 13:00 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-03-28 12:53 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-03-28 12:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-03-28 12:51 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-03-28 12:50 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-03-28 12:50 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-03-28 12:50 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-03-28 12:50 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-03-28 12:50 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-03-28 12:49 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-03-28 12:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2008-03-28 12:49 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-03-28 12:49 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-03-28 12:49 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-03-28 12:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2008-03-28 12:49 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-03-28 12:49 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-03-28 12:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2008-03-28 12:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-03-28 12:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-03-28 12:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-03-28 12:48 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-03-28 12:48 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-03-28 12:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-03-28 12:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-03-28 12:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-03-28 12:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-03-28 12:48 104,448 ----a-w C:\Windows\System32\DWWIN.EXE

2008-03-28 12:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-03-28 12:47 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-03-28 12:47 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-03-28 12:47 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-03-28 12:47 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-03-28 12:47 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-03-28 12:46 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-03-28 12:46 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-03-28 12:46 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-03-28 12:45 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-03-28 12:45 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-03-28 12:45 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-03-28 12:45 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-03-28 12:45 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-03-28 12:45 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-03-28 12:45 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-03-28 12:45 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-03-28 12:45 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-03-28 12:45 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-03-28 12:43 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-03-28 12:43 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2008-03-28 12:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-28 12:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-28 12:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-03-28 12:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-03-28 12:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-03-28 12:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-03-28 12:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-03-28 12:42 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-03-28 12:42 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2008-03-28 12:42 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-03-28 12:42 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys

2008-03-28 12:42 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-03-28 12:42 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

.

((((((((((((((((((((((((((((( snapshot@2008-03-30_15.28.28,38 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-30 13:25:00 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-03-30 13:44:51 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-28 14:43 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-28 14:54 1006264]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 12:06 1443072]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-02 15:12 4317184 C:\Windows\RtHDVCpl.exe]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-24 20:52 13531680]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-24 20:52 92704]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{8B635FFB-7BF3-407E-BAD9-27C495CDCA5C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{A4BC95D7-EB9A-410F-80BE-B6DBC560EF71}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{5E458E29-B3E5-442A-B7CB-89285CEF169F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-07-27 19:12]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-30 15:46:31

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-30 15:47:00

ComboFix-quarantined-files.txt 2008-03-30 13:46:57

ComboFix2.txt 2008-03-30 13:28:42

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-03-28 13:05:46 --- E O F ---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Dette så mye bedre ut :)

Hvordan går det med CiD'en?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Dette så mye bedre ut smile.gif

Hvordan går det med CiD'en?

Hehe, Nice

Har startet IE 7 nå, men det kom ikke CID, så jeg tror problemet er løst, eller hva :P

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja, Messenger Plus! har i allefall vett til å rydde opp etter seg :)

Du kan avinstallere combofix ved å skrive combofix /u i kjør/søk feltet (noen ganger må man skrive hele stien, men prøv først med bare combofix /u).

Dette fjerner programmet, karantenefiler samt nullstiller systemgjenopprettingen.

Surf trygt.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tusen takk Norbat for gode svar :)

Problemet er løst :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive