Gå til innhold

trenger sjekk guide utført


Anbefalte innlegg

hjt før andre programmer

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:48, on 19.03.08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Get-Torrent\wakeservice.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Programfiler\Get-Torrent\TorrentManager.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust\curb drive.exe

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Get-Torrent Service] C:\Programfiler\Get-Torrent\wakeservice.exe

O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 11203 bytes

 

*ccleaner kjørt*

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/19/2008 at 06:29 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3412

Trace Rules Database Version: 1404

 

Scan type : Complete Scan

Total Scan Time : 00:23:24

 

Memory items scanned : 453

Memory threats detected : 0

Registry items scanned : 3978

Registry threats detected : 0

File items scanned : 18822

File threats detected : 8

 

Adware.Tracking Cookie

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate [email protected][1].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate gjengedal@cassava[1].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate [email protected][1].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate [email protected][2].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate gjengedal@888[2].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate gjengedal@adultfriendfinder[1].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate gjengedal@serving-sys[1].txt

C:\Documents and Settings\gunn beate gjengedal\Cookies\gunn beate gjengedal@doubleclick[1].txt

 

 

Klikk for å se/fjerne innholdet nedenfor

 

ComboFix 08-03-18.1 - gunn beate gjengedal 2008-03-19 18:56:42.2 - NTFSx86 MINIMAL

Running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\A8BB8DB8D2.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))

.

 

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\SUPERAntiSpyware.com

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-19 18:01 . 2008-03-19 18:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-19 17:42 . 2008-03-19 18:37 <DIR> dr-h----- C:\Documents and Settings\gunn beate gjengedal\Siste

2008-03-19 17:39 . 2008-03-19 17:39 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-19 17:28 . 2008-03-19 17:28 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-19 17:25 . 2008-03-19 17:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-12 17:38 . 2008-03-12 17:38 <DIR> d-------- C:\Programfiler\Macrogaming

2008-03-12 00:18 . 2008-03-12 00:18 <DIR> d-------- C:\Programfiler\CDROM LESS

2008-03-12 00:18 . 2008-03-12 00:18 680,960 --a------ C:\WINDOWS\isRS-000.tmp

2008-03-11 12:55 . 2008-03-11 12:55 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-03-11 12:53 . 2008-03-11 12:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-11 12:42 . 2008-03-14 00:18 <DIR> d-------- C:\My Downloads

2008-03-11 12:23 . 2008-03-14 01:08 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\DivX

2008-03-11 12:18 . 2008-03-11 12:22 <DIR> d-------- C:\Programfiler\DivX

2008-03-11 12:18 . 2008-03-11 12:18 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Yahoo!

2008-03-11 12:18 . 2008-03-11 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-03-11 12:18 . 2008-02-21 03:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-03-11 12:18 . 2008-02-21 03:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-03-11 12:18 . 2008-02-21 03:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-03-11 12:18 . 2008-02-21 03:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-03-11 12:18 . 2008-02-21 03:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-03-11 12:17 . 2008-03-11 12:17 <DIR> d-------- C:\Programfiler\Yahoo!

2008-03-11 12:15 . 2008-03-12 00:19 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS

2008-03-11 12:15 . 2008-03-12 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust

2008-03-11 12:14 . 2008-03-12 11:38 <DIR> d-------- C:\Programfiler\Get-Torrent

2008-03-11 12:12 . 2008-03-11 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Protexis

2008-03-08 09:44 . 2008-03-08 09:44 268 --ah----- C:\sqmdata00.sqm

2008-03-08 09:44 . 2008-03-08 09:44 244 --ah----- C:\sqmnoopt00.sqm

2008-03-04 12:28 . 2008-03-04 12:28 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-03-03 23:10 . 2008-03-12 00:08 <DIR> d-------- C:\Programfiler\The_Pirate_Bay

2008-03-03 23:10 . 2008-03-03 23:10 <DIR> d-------- C:\Programfiler\Conduit

2008-03-03 22:09 . 2008-03-03 22:09 <DIR> d-------- C:\Programfiler\uTorrent

2008-03-03 22:09 . 2008-03-13 01:00 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent

2008-03-03 16:59 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-02 18:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-02 18:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-02 18:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-02 18:14 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-03-02 18:14 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2008-03-02 18:14 . 2006-01-17 14:51 290,897 --a------ C:\WINDOWS\system32\Install6x.dll

2008-03-02 18:14 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2008-03-02 18:14 . 2008-03-02 18:14 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-02 18:14 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x

2008-02-25 20:48 . 2008-03-02 18:13 <DIR> d-------- C:\Programfiler\RALINK

2008-02-22 22:08 . 2008-03-11 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-22 20:45 . 2008-02-22 20:45 <DIR> d---s---- C:\Documents and Settings\gunn beate gjengedal\UserData

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Programfiler\Windows Live Toolbar

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Contacts

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Windows Live Toolbar

2008-02-22 20:42 . 2008-02-22 20:42 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-02-22 20:08 . 2008-02-22 20:08 <DIR> d-------- C:\Programfiler\LimeWire

2008-02-22 19:34 . 2006-06-01 19:50 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll

2008-02-22 19:34 . 2006-06-01 19:50 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll

2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-19 13:08 . 2008-02-19 13:08 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\InstallShield

2008-02-19 12:54 . 2005-08-16 11:38 56,648 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-02-19 12:54 . 2005-08-16 11:34 44,163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2008-02-19 12:54 . 2005-08-16 11:38 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2008-02-19 11:02 . 2005-06-20 15:42 23 -ra------ C:\WINDOWS\system32\drivers\verfile.tic

2008-02-19 10:59 . 2008-02-19 10:59 <DIR> d-------- C:\WINDOWS\tiinst

2008-02-19 10:56 . 2008-02-19 10:58 <DIR> d-------- C:\Programfiler\Norton Internet Security

2008-02-19 10:55 . 2008-02-19 10:58 <DIR> d-------- C:\Programfiler\Symantec

2008-02-19 10:55 . 2008-02-25 21:43 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Symantec

2008-02-19 10:55 . 2004-08-26 21:03 104,144 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-02-19 10:55 . 2004-08-26 21:03 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-02-19 10:54 . 2008-03-19 18:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-19 10:54 . 2008-02-19 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec

2008-02-19 10:52 . 2002-09-20 11:53 235,100 -ra------ C:\WINDOWS\system32\drivers\MidiSyn.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-11 13:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire

2008-03-02 17:13 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-19 12:08 --------- d-----w C:\Programfiler\Hewlett-Packard

2008-02-19 10:12 1,614 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EN440EA#ABN)_YN_0Pavi_Q2CE609085Y_EU_46_I309E_SHP_V52.0C_BF.04_T051209_WXH2_L414_M1023_J8

_7Intel_8Pentium M_91.6_#080123_N10EC8139_(EN440EA#ABN)_XMOBILE_CN10_Z8086266D_2_G10025653.MRK

2008-02-19 10:10 --------- d-----w C:\Programfiler\InterVideo

2008-02-19 10:09 --------- d-----w C:\Programfiler\HPQ

2008-01-23 22:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\InterVideo

2008-01-23 17:50 --------- d-----w C:\Programfiler\Intel

2008-01-23 16:39 --------- d-----w C:\Programfiler\Microsoft IntelliPoint

2008-01-23 15:20 --------- d-----w C:\Programfiler\Java

2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-01-23 15:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield

2008-01-23 15:18 --------- d-----w C:\Programfiler\Sonic

2008-01-23 15:18 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared

2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared

2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared

2008-01-23 15:15 --------- d-----w C:\Programfiler\QuickTime

2008-01-23 15:15 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\Apple Computer

2008-01-23 15:14 --------- d-----w C:\Programfiler\iTunes

2008-01-23 15:14 --------- d-----w C:\Programfiler\iPod

2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\QuickTime

2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-23 15:09 --------- d-----w C:\Programfiler\Hp

2008-01-23 14:57 --------- d-----w C:\Programfiler\ATI Technologies

2008-01-23 14:56 --------- d-----w C:\Programfiler\Apoint2K

2008-01-23 14:52 --------- d-----w C:\Programfiler\WIDCOMM

2008-01-23 14:51 --------- d-----w C:\Programfiler\Analog Devices

2008-01-23 14:43 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-23 14:41 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-23 14:40 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

.

 

 

hjt etter combo og sas

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07, on 2008-03-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Get-Torrent\wakeservice.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\GUNNBE~1\LOKALE~1\Temp\SSUPDATE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Programfiler\Get-Torrent\TorrentManager.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust\curb drive.exe

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Get-Torrent Service] C:\Programfiler\Get-Torrent\wakeservice.exe

O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 11391 bytes

Lenke til kommentar
Videoannonse
Annonse

Start HijackThis finn disse linjene merk dem,så trykk fix checked.

O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust\curb drive.exe

 

O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt

cake spam.exe

 

sweetim tenke på om du trenger den,kan gi litt grums og samle info.

 

Restart og en ny HijackThis logg.

Endret av SNIPPSAT
Lenke til kommentar

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:02, on 2008-03-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Get-Torrent\wakeservice.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Programfiler\Get-Torrent\TorrentManager.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Programfiler\The_Pirate_Bay\tbThe_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Get-Torrent Service] C:\Programfiler\Get-Torrent\wakeservice.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 11104 bytes

Lenke til kommentar

nei, alt er ikke bra. har nettop installert firefox, og har ikke kommet noen popup. Når jeg gikk inn på IE, kom det CID-popup med en gang. Dessuten vil jeg fortsatt fjerne sweetim, og en del annet crap i toolbar i IE (se vedlegg)

 

edit: combofix er ikke installert, da jeg så i en annen post at jeg trengte det for å fjerne sweetIM

post-114827-1205956751_thumb.jpg

Endret av irritert
Lenke til kommentar

Toolbar se først på "legg til og fjern programmer"

 

Klart jeg kan fjerne alt av toolbar,men dette er litt opp til en selv hva man vil ha.

 

Fjerner kun virus-spyware.

 

Klart vi kan rydde opp litt.

 

Fjern det du kan selv.

 

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

 

Restart og en ny HijackThis logg.

 

Les litt her.

http://www.cert.org/tech_tips/securing_browser/

Lenke til kommentar

gikk gjennom legg til fjern programmer.

fjernet det jeg kunne, men var noen ting jeg var usikker på:

agere systems AC97 modem

livereg (symantec corporation) - (har tenkt til å slette norton vis dette har noe med saken å gjøre)

texas instruments pcixx21/x515...

windows live sign-in assistant

windows live toolbar

 

 

toolbar i IE trenger jeg minst mulig av (skal uantsett bruke firefox)

 

ccleaner kjørte jeg i starten, men kjørte den igjen nå (kjørte også reg rens)

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:25, on 2008-03-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 8865 bytes

 

skal gå igjennom det som sto i url-en

 

edit: fortsatt masse cid-popups

Endret av irritert
Lenke til kommentar

Start HijackThis finn disse linjene merk dem,så trykk fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

 

O4 - Global Startup: BTTray.lnk = ?

 

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

 

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

 

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

------------------------------------------------------------------------------------

Oppdatere kjør full scan med SAS.

 

CCleaner og register renser.

 

Skal du fjerne norton bruker du denne.

Norton-Removal-Tool

 

Restart og en ny HijackThis logg.

Endret av SNIPPSAT
Lenke til kommentar

trenger jeg å kjøre sas og ccleaner enda en gang?

 

norton remover prøvde jeg istad, men gikk i en "loop" med at jeg måtte laste ned ny verson. skal prøve igjen med den linken du ga.

 

hjt-logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30, on 2008-03-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 7698 bytes

 

edit: nortonremover funker fint :)

Endret av irritert
Lenke til kommentar

da er det kanskje dumt at jeg har installert avira?

 

her er hjt etter at jeg slettet norton.

Forøvrig er alle fremmedlegmer i IE borte, og har ikke hatt noen prob med cid på 5 min nå.

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44, on 2008-03-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5169 bytes

Lenke til kommentar
da er det kanskje dumt at jeg har installert avira?

Neida det går greit.

 

Ja norton er borte :thumbup:

 

Kjøre en runde med ccleaner+register renser.

Da er alle cookies borte.

 

Slå på verktøy->popup blokkeringer i ie.

 

Du for se åssen det går nå.

Endret av SNIPPSAT
Lenke til kommentar

CiD-help fjern.

 

Klikk: Start -> Kjør

Skriv: C:\WINDOWS\system32\drivers\etc . Klikk OK.

Dobbeltklikk på hosts-filen, og velg å åpne i notisblokk.

Fjern, hvis tilstede, alle linjer med ## added by CiD

Du skal i utg.pkt kun ha ei linje der det står: 127.0.0.1 localhost

Lenke til kommentar

ok. der lå det en del linjer... de er fjernet nå, og har ikke vert noenproblemer etter det. har nå installert comodo og avira, og skal prøve å la dette gå konstant...

 

 

tusen takk for hjelpen :)

 

faen!!!! mens jeg skriver dette, kommer nok en cid-popup :(

 

hva nå?

Endret av irritert
Lenke til kommentar

ser at comodo maser om mange ting som vil kople seg på nett. dette går via etc/host, som er det du ba meg om å sjekke istad.

 

sjekket den host-fila, men den er tom for cid-er.

 

hva er det som kopler seg til?

 

 

edit: det er forskjellige filetternavnhver gang...

post-114827-1205973437_thumb.jpg

Endret av irritert
Lenke til kommentar

æsj, den defensenvar nå altså bare ei pine. den maser konstant om noe. nå er det en update den ikke gir seg med. samma om jeg velger allow eller block, så fortsetter den. Den host-saken har også fortsatt, etter at jeg har trykket blokk mange ganger...

 

edit: feil bilde

edit2: link til cid-popup

post-114827-1205978891_thumb.jpg

post-114827-1205979164_thumb.jpg

Endret av irritert
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...