CiD Popup.. Hjelp!

[Nutzg0]

Jeg har fått dette lille store problemet der jeg får sånne CiD -Popup !

 

Er det noen som kan hjelpe meg og forklare hvordan man blir kvitt dette?

 

Har kjørt CCleaner, søkt på Google etter hjelp.

Endelig fant jeg dette forumet.

 

Legger ved loggen fra HJT.

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 22:31:03, on 17.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\vidar\Skrivebord\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Glue Bend New Obj] C:\Documents and Settings\All Users\Programdata\title online glue bend\16 Poll.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Programfiler\Alwil Software\Avast4\AhAScr.dll"

O4 - HKLM\..\RunOnce: [NoLop] C:\Documents and Settings\vidar\Skrivebord\NoLop.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bows Scr] C:\DOCUME~1\vidar\PROGRA~1\SIXTHA~1\Send seek proc.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?7dbe63bf72e3483c98c14c305ba53b25

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?7dbe63bf72e3483c98c14c305ba53b25

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://radivvidar.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs:

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8010 bytes

 

 

- Vidar.

[norbat]

Hei, cellasin (Vidar), og velkommen til forumet.

 

Se om du kan avinstallere CiD help fra legg til/fjern programmer (kontrollpanelet)

 

Last ned NoLop til skrivebordet.

 

Kjør programmet og klikk på Search and Destroy - knappen

Etter en restart vil det ligge en logg: C:\NoLop txt. Den skal du poste senere.

 

Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper")

 

Kjør HJT, sett merke framfor følgende linje og klikk 'Fix checked':

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Glue Bend New Obj] C:\Documents and Settings\All Users\Programdata\title online glue bend\16 Poll.exe

O20 - AppInit_DLLs:

 

Restart i sikker modus (Tapp F8 under oppstart, velg Sikker modus.)

 

Bruk utforsker til å finne og slette (i fet):

C:\Documents and Settings\All Users\Programdata\title online glue bend

 

Restart i normal tilstand

 

Klikk: Start -> Kjør

Skriv: C:\WINDOWS\system32\drivers\etc . Klikk OK.

Dobbeltklikk på hosts-filen, og velg å åpne i notisblokk.

Fjern, hvis tilstede, alle linjer med ## added by CiD

Du skal i utg.pkt kun ha ei linje der det står: 127.0.0.1 localhost

Etter at du har fjernet aktuelle linjer, klikker du Fil->Lagre.

 

Last ned SAS (Free), installer og oppdater. Kjør en full scan.

 

Last ned http://www.uploads.ejvindh.net/rootchk.exe til skrivebordet. Kjør programmet.

Det lager en logg som du kopierer om den sier den har funnet noe.

 

Post følgende logger:

SAS (preferences -> statistics/logs)

NoLop (c:\nolop.txt)

Rootchk

Ny HJT-logg

Endret 17. april 2007 av norbat

[Nutzg0]

Hei!

Tusen takk.

 

Når jeg skulle slette CiD help fra "Legg til eller fjern programmer" fant jeg ikke den fila.

Men har gjort det andre du sa jeg skulle gjøre

 

Her er loggene:

SAS

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

Generated 04/18/2007 at 03:19 PM

 

Application Version : 3.6.1000

 

Core Rules Database Version : 3220

Trace Rules Database Version: 1230

 

Scan type : Complete Scan

Total Scan Time : 00:48:19

 

Memory items scanned : 479

Memory threats detected : 0

Registry items scanned : 6038

Registry threats detected : 1

File items scanned : 39214

File threats detected : 165

 

Adware.Lop-Gen

[bows Scr] C:\DOCUME~1\VIDAR\PROGRA~1\SIXTHA~1\SEND SEEK PROC.EXE

C:\DOCUME~1\VIDAR\PROGRA~1\SIXTHA~1\SEND SEEK PROC.EXE

C:\DOCUMENTS AND SETTINGS\VIDAR\PROGRAMDATA\SIXTHARMYCOOL\FOUR FAST ANTI.EXE

C:\DOCUMENTS AND SETTINGS\VIDAR\PROGRAMDATA\SIXTHARMYCOOL\ITNEOQYK.EXE

C:\DOCUMENTS AND SETTINGS\VIDAR\PROGRAMDATA\SIXTHARMYCOOL\PHONE SOFTWARE REF SIGN.EXE

C:\DOCUMENTS AND SETTINGS\VIDAR\PROGRAMDATA\SIXTHARMYCOOL\SEND SEEK PROC.EXE

C:\RECYCLER\S-1-5-21-1640145791-4164259686-1780898770-1007\DC1\16 POLL.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C06533B1-79BD-4C9E-B4B5-8BEDD8DAD112}\RP82\A0026339.EXE

 

Adware.Tracking Cookie

C:\Documents and Settings\vidar\Cookies\vidar@tradedoubler[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@55997340[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@hitbox[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@revsci[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@cgi-bin[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@doubleclick[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@mb[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@clicksor[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@adecn[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@targetnet[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@clickbank[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@2o7[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@11093847[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@1070430424[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@29161799[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@bluestreak[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@specificclick[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@mediaplex[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@realmedia[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@adbrite[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@indextools[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@atdmt[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@mb[5].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@a[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@fastclick[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@1066577276[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@casalemedia[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@cassava[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@888[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@1071125370[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@ad[3].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@statcounter[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@directtrack[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@focalex[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@adtech[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@advertising[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@azjmp[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@partypoker[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@1069453292[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@apmebf[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@mb[4].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@toplist[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@yadro[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@mb[3].txt

C:\Documents and Settings\vidar\Cookies\vidar@netmediagroup[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@tacoda[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@trafficmp[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@tribalfusion[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@indexstats[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@overture[1].txt

C:\Documents and Settings\vidar\Cookies\vidar@questionmarket[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@serving-sys[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@stats[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@revenue[2].txt

C:\Documents and Settings\vidar\Cookies\vidar@zedo[1].txt

C:\Documents and Settings\vidar\Cookies\[email protected][2].txt

C:\Documents and Settings\vidar\Cookies\vidar@xiti[1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristine\Cookies\kristine@advertising[1].txt

C:\Documents and Settings\Kristine\Cookies\kristine@cassava[1].txt

C:\Documents and Settings\Kristine\Cookies\kristine@doubleclick[1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristine\Cookies\kristine@partypoker[2].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristine\Cookies\kristine@specificclick[2].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristine\Cookies\kristine@tradedoubler[1].txt

C:\Documents and Settings\Kristine\Cookies\[email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@adbrite[2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@advertising[1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@doubleclick[1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@indexstats[2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][1].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@partypoker[2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@statcounter[2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å [email protected][2].txt

C:\Documents and Settings\Pappa å mamma\Cookies\pappa å mamma@tradedoubler[2].txt

C:\Documents and Settings\vidar\Cookies\[email protected][1].txt

C:\Documents and Settings\vidar\Cookies\vidar@burstnet[2].txt

 

Adware.WhenU

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C06533B1-79BD-4C9E-B4B5-8BEDD8DAD112}\RP48\A0012454.EXE

 

Nolop.txt

Klikk for å se/fjerne innholdet nedenfor

NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\vidar\Skrivebord\Vidar

[18.04.2007]

[14:15:29]

 

---Infection Files Found/Removed---

NO INFECTION FILES FOUND - Cleaning Aborted.

 

---Listing AppData sub directories---

 

 

Rootchk

Klikk for å se/fjerne innholdet nedenfor

********************************* ROOTCHK-(13-04-07)-LOG, by ejvindh

18.04.2007 15:26:37,23

 

The rootkits that are detected by this tool were not found.

 

********************************* ROOTCHK-LOG-end

 

HJK

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:27:01, on 18.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\PowerISO\PWRISOVM.EXE

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe

C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe

C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\LVComSX.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Documents and Settings\vidar\Skrivebord\Vidar\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?7dbe63bf72e3483c98c14c305ba53b25

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?7dbe63bf72e3483c98c14c305ba53b25

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://radivvidar.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9650 bytes

Endret 18. april 2007 av cellasin

[norbat]

Dette ser bra ut

 

Vi tar litt opprydding.

 

Avintaller fra legg til/fjern progarmmer:

Logitech desktop messenger

SweetIM (Macrogaming)

 

Fra utforsker fjerner du mappa:

C:\Programfiler\Macrogaming

 

Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked':

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

 

Hvordan 'virker' pc'n?

[Nutzg0]

Sånn!

 

Nå 'virker' den veldig bra! Ingenting mer opp fra CiD!

 

 

Tusen takk for hjelpen!

[norbat]

Værsågod

 

Surf trygt.