GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 Hmm, er du logget på med administrator-rettigheter?I regedit, merk nøkkelen, klikk Rediger -> Tillatelser... Hvis du klikker på din bruker, er det avmerket for 'Alle tillatelser"? Prøv å slette nøkkelen fra sikker modus. (En ting som kan være lurt å gjøre når man driver å roter i registeret er å lage en backup. Det gjør du fra Fil -> Exporter. Velg 'Alle' under feltet 'Eksporter område') ============================================== Hvis det over ikke fungerer: 1. Avinstaller XoftSpy 2. Oppdater SAS og kjør en 'Complete scan' (ikke Quick scan) 3. Last ned Comboscan til skrivebordet og kjør programmet. 5. Last ned Rootchk til skrivebordet. Kjør programmet. 4. Post loggen fra SAS og loggen(e) fra Combofix + loggen fra Rootchk. 8178113[/snapback] Har avmerket for full kontroll nå, men får fortsatt ikke slettet den. Står det samme. Har gitt alle gruppene i "Permissions" full tillatelse. Lenke til kommentar
norbat Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) EDIT: har du restartet pc'n etter at du forandre permission? Hvis ikke, gjør det og se om ikke det hjelper. Fortsatt problemer: Følg del 2 av veiledningen. Min mening er at filene til SpyDawn er fjernet, men at det ligger en enslig registernøkkel igjen som ikke er farlig. Hvorfor SAS ikke finner den er jeg litt usikker på. Du kan sjekke to andre spywareprog - AVG Antispyware og Ad-aware (se link i en tidligere post). Et tredje prog. du kan prøve er Spybot. Om disse ikke finner nøkkelen eller på annen måte registerer noe spesielt, mener jeg at du kan ta det med ro. Men altså, kjør gjennom del 2 av veiledningen først (1. avinstaller XoftSpy, 2. Kjør Complete scan med SAS osv.) (Når du klikker på registernøkkelen, vil det i statuslinje nederst i vinduet stå den fulle sti til nøkkelen. Kunne du ha lagt ut denne?) Endret 18. mars 2007 av norbat Lenke til kommentar
GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) My Computer\HKEY_CLASSES_ROOT\Interface\{080C3EC1-AB54-40F3-88BE-E6FACE068CF0 SAS fant ikke noe. Har avinstallert XoftSPY også. Endret 18. mars 2007 av GrandMa Lenke til kommentar
norbat Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) My Computer\HKEY_CLASSES_ROOT\Interface\{080C3EC1-AB54-40F3-88BE-E6FACE068CF0 SAS fant ikke noe. Har avinstallert XoftSPY også. 8181158[/snapback] Mulig den ikke vil slettes fordi det ligger noen underkategorier der? Hvis det er på venstre side i regedit-vinduet du har denne nøkkelen, så er det kanskje et plusstegn framfor. Hvis du klikker på det vil du få noen underkategorier. På høyre side vil det ligge noen registreringer. Hva skjer om du sletter disse først slik at det til slutt kun er 'hovedmappa' igjen (den med 080......). Er det da mulighet for å slette? NB! Påminner om at det er lurt å ta backup av registeret før du sletter noe. I steden for å ta backup av hele registeret trenger du bare å ta backup av det du har tenkt å slette. Merk mappa du ønsker å ta backup av (i dette tilfellet {080....}, klikk Fil -> Ekporter. Skriv et navn på fila og lagre den på skrivebordet) Endret 18. mars 2007 av norbat Lenke til kommentar
GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) Nå slettet jeg alle undermappene (har backup). Det var 3 stykker. Endret 18. mars 2007 av GrandMa Lenke til kommentar
norbat Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 Nå slettet jeg alle undermappene (har backup). Det var 3 stykker. 8181909[/snapback] Ok, og så var det 'modermappen' ..... Lenke til kommentar
GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) Nå slettet jeg alle undermappene (har backup). Det var 3 stykker. 8181909[/snapback] Ok, og så var det 'modermappen' ..... 8181951[/snapback] Ok. Da var det gjort. Det som er merkelig nå er at når jeg søker på 080C3EC1-AB54-40F3-88BE-E6FACE068CF0 nå kommer jeg til en ny mappe (mappe fil er reg eller wtf). My Computer\HKEY_USERS\S-1-5-21-1275210071-1390067357-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit Den heter LastKey REG_SZ Det ligger nå også 3 and "filer" der. (Default), FindFlags og View. Endret 18. mars 2007 av GrandMa Lenke til kommentar
norbat Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 (endret) Uten at jeg skal garantere for dette svar, er dette bare en slags logg over hva brukeren (altså du) gjorde sist i regedit, så ikke slett noe her Kunne du til slutt poste en ny HJT-logg slik at vi evt. kan rydde om nødvendig. Endret 18. mars 2007 av norbat Lenke til kommentar
GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:34:28, on 18.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\PROGRA~1\Grisoft\AVG7\avgemc.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Intel\Intel® Active Monitor\imontray.exe D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe D:\Program Files\Analog Devices\SoundMAX\Smax4.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\Program Files\D-Tools\daemon.exe D:\Program Files\iTunes\iTunesHelper.exe D:\WINDOWS\system32\WgaTray.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Winamp\winampa.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\PROGRA~1\Grisoft\AVG7\avgcc.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Steam\Steam.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\svchost.exe D:\Documents and Settings\Administrator\Desktop\Diverse\Ting og tang\gameminimizer\GameMinimizer\GameMinimizer.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMONTRAY] D:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] D:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Shortcut to GameMinimizer.lnk = D:\Documents and Settings\Administrator\Desktop\Diverse\Ting og tang\gameminimizer\GameMinimizer\GameMinimizer.exe O4 - Startup: Winamp.lnk = D:\Program Files\Winamp\winamp.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Lenke til kommentar
norbat Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 Ser meget fint ut dette, GrandMa Du bør vurdere å oppdatere IE til siste versjon, IE 7.0 Du bør oppdatere Java til siste versjon. Anser dette som løst, og får du behov for assistanse, vet du hvilket forum du skal henvende deg til Lenke til kommentar
GrandMa Skrevet 18. mars 2007 Del Skrevet 18. mars 2007 Ser meget fint ut dette, GrandMa Du bør vurdere å oppdatere IE til siste versjon, IE 7.0 Du bør oppdatere Java til siste versjon. Anser dette som løst, og får du behov for assistanse, vet du hvilket forum du skal henvende deg til 8182310[/snapback] Tusen takk! IE bruker jeg ikke. Java blir oppdatert i kveld Takk for alt! <3 Lenke til kommentar
G-A Skrevet 6. april 2007 Del Skrevet 6. april 2007 (endret) Hei! Jeg har også fått spydown på min pc! Jeg har kjørt SAS, Smitfraudfix og CCleaner.. og popup'en i hjørnet er heldigvis borte Hvordan er jeg sikker på at alt er bortE? Hva er det du ser etter i disse loggene? har det vært en mulighet til at du har tatt deg tid til å se litt på min HJT-logg? Edit: HJT-logg Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 11:48:15, on 06.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Programfiler\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\dvd43\dvd43_tray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programfiler\QuickTime\qttask.exe D:\iTunes\iTunesHelper.exe C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\ZLH.EXE C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\ctfmon.exe D:\Antivirus\SAS\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Knut-Arne Kvernstad\Skrivebord\HJT\alternativ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,,,, O1 - Hosts: 69.50.166.11 google.co.uk O1 - Hosts: 69.50.166.11 www.google.es O1 - Hosts: 69.50.166.11 google.es O1 - Hosts: 69.50.166.11 google.com.au O1 - Hosts: 66.218.75.184 mail.yahoo.com O1 - Hosts: 69.50.166.12 www.go.com O1 - Hosts: 69.50.166.12 go.com O1 - Hosts: 69.50.166.13 astalavista.com O1 - Hosts: 69.50.166.13 www.astalavista.com O1 - Hosts: 69.50.166.13 astalavista.box.sk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTDVDDet] C:\Programfiler\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [ijcusobt] C:\Program Files\Tgho\Ytyqp.exe O4 - HKLM\..\Run: [dvd43] C:\Programfiler\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [License Manager] "C:\Programfiler\License_Manager\license_manager.exe " /silent O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Antivirus\SAS\SUPERAntiSpyware.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1014_EN_XP.cab O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1063_XP.cab O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGD...8_ASPIV4_XP.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.com/media/6364d3/games/f...gameloader6.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Antivirus\SAS\SASWINLO.dll O20 - Winlogon Notify: SABWinLogon - C:\Programfiler\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Lurer også på om du kan se etter andre ting som ikke har godt av å være med på listen.. På forhånd, takk. Mvh G-A Endret 6. april 2007 av G-A Lenke til kommentar
norbat Skrevet 6. april 2007 Del Skrevet 6. april 2007 (endret) Hei, G-A. Fint om du oppretter en ny post, så slipper vi at denne blir så lang og uoversiktlig SweetIM/Macrogaming kan du avinstallere fra legg til/fjern programmer Host-filene din (01-linjene i HJT-loggen), har du satt dette opp selv? Hvis ikke kan du fjerne dem. Det du gjør er å kjøre HJT, sett merke framfor linjene og klikk 'Fix checked' (sett merke framfor 01-hosts linjene + linjene med Macrogaming/sweetIM i ) Etterpå lager du en ny HJT-logg (Do a system scan and save a logfile). Loggfilen som lages i notisblokka, kopierer du inn i neste post. Kopier den slik den ser ut i notisblokka, da er den enklere å lese Endret 6. april 2007 av norbat Lenke til kommentar
G-A Skrevet 6. april 2007 Del Skrevet 6. april 2007 (endret) Takk for raskt svar! Fra hijackthis's notisblokk: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 13:07:34, on 06.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Programfiler\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\dvd43\dvd43_tray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programfiler\QuickTime\qttask.exe D:\iTunes\iTunesHelper.exe C:\Documents and Settings\K-A\Skrivebord\J-R og Buster\NVC\BIN\ZLH.EXE C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\ctfmon.exe D:\Antivirus\SAS\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\msiexec.exe C:\Documents and Settings\K-A\Skrivebord\HJT\alternativ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,,,, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTDVDDet] C:\Programfiler\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [ijcusobt] C:\Program Files\Tgho\Ytyqp.exe O4 - HKLM\..\Run: [dvd43] C:\Programfiler\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\KA\Skrivebord\J-R og Buster\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [License Manager] "C:\Programfiler\License_Manager\license_manager.exe " /silent O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Antivirus\SAS\SUPERAntiSpyware.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1014_EN_XP.cab O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1063_XP.cab O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGD...8_ASPIV4_XP.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2E..._1049_EN_XP.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.com/media/6364d3/games/f...gameloader6.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O17 - HKLM\System\CS2\Services\Tcpip\..\{0D15CDB8-4609-4261-B350-B7B132F708E3}: NameServer = 130.67.60.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Antivirus\SAS\SASWINLO.dll O20 - Winlogon Notify: SABWinLogon - C:\Programfiler\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\Knut-Arne Kvernstad\Skrivebord\Jan Robert og Buster\NVC\BIN\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Jeg avinnstalerte SweetIM/Macrogaming slik som du sa, men fant ikke dette i HJT. De 01-host-linjene kom opp fra hjt, lista er kopiert rett fra notisblokka.. Mvh Geir-A Endret 6. april 2007 av G-A Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå