Slayer skrev:
Lägg upp log filen från Hijackthis här!
Logfile of HijackThis v1.97.7
Scan saved at 17:40:38, on 2004-07-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\appsc32.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\atlwx32.exe
C:\Program\MSN Apps\Updater\01.02.0000.2693\sv\msnappau.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\LightSurf\Common\IconMgr.exe
C:\Program\LightSurf\Colorific\hgcctl95.exe
C:\Program\LightSurf\Color Indicator\TICIcon.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Arvid\Skrivbord\Arvid\Driv\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bweun.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://bweun.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://bweun.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bweun.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://bweun.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bweun.dll/sp.html#37049
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {7A97B913-C0A6-6EAC-43F1-2AC5E32BFB43} - C:\WINDOWS\system32\appxg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.0000.2693\sv\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [atlwx32.exe] C:\WINDOWS\atlwx32.exe
O4 - HKLM\..\Run: [Updater] "C:\Program\MSN Apps\Updater\01.02.0000.2693\sv\msnappau.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [od-stnd218] c:\program files\Webdialer\od-stnd218.exe -m
O4 - HKLM\..\RunOnce: [atlbe32.exe] C:\WINDOWS\atlbe32.exe
O4 - HKLM\..\RunOnce: [winkh32.exe] C:\WINDOWS\system32\winkh32.exe
O4 - HKLM\..\RunOnce: [javagv32.exe] C:\WINDOWS\javagv32.exe
O4 - HKLM\..\RunOnce: [mszu32.exe] C:\WINDOWS\system32\mszu32.exe
O4 - HKLM\..\RunOnce: [javarl32.exe] C:\WINDOWS\javarl32.exe
O4 - HKLM\..\RunOnce: [netmz32.exe] C:\WINDOWS\netmz32.exe
O4 - HKLM\..\RunOnce: [winvy32.exe] C:\WINDOWS\system32\winvy32.exe
O4 - HKLM\..\RunOnce: [javazx32.exe] C:\WINDOWS\system32\javazx32.exe
O4 - HKLM\..\RunOnce: [sysuo.exe] C:\WINDOWS\system32\sysuo.exe
O4 - HKLM\..\RunOnce: [apppr32.exe] C:\WINDOWS\system32\apppr32.exe
O4 - HKLM\..\RunOnce: [mfcsg32.exe] C:\WINDOWS\mfcsg32.exe
O4 - HKLM\..\RunOnce: [winay.exe] C:\WINDOWS\winay.exe
O4 - HKLM\..\RunOnce: [netkv.exe] C:\WINDOWS\netkv.exe
O4 - HKLM\..\RunOnce: [apiwi.exe] C:\WINDOWS\apiwi.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\system32\apidn32.exe
O4 - HKLM\..\RunOnce: [apiza.exe] C:\WINDOWS\system32\apiza.exe
O4 - HKLM\..\RunOnce: [javabk.exe] C:\WINDOWS\system32\javabk.exe
O4 - HKLM\..\RunOnce: [winoq.exe] C:\WINDOWS\system32\winoq.exe
O4 - HKLM\..\RunOnce: [ntli.exe] C:\WINDOWS\ntli.exe
O4 - HKLM\..\RunOnce: [ipvg.exe] C:\WINDOWS\ipvg.exe
O4 - HKLM\..\RunOnce: [appai.exe] C:\WINDOWS\appai.exe
O4 - HKLM\..\RunOnce: [crzm32.exe] C:\WINDOWS\system32\crzm32.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [mfcvr.exe] C:\WINDOWS\system32\mfcvr.exe
O4 - HKLM\..\RunOnce: [netcr32.exe] C:\WINDOWS\system32\netcr32.exe
O4 - HKLM\..\RunOnce: [ieoa.exe] C:\WINDOWS\ieoa.exe
O4 - HKLM\..\RunOnce: [apihg.exe] C:\WINDOWS\apihg.exe
O4 - HKLM\..\RunOnce: [ntwy.exe] C:\WINDOWS\system32\ntwy.exe
O4 - HKLM\..\RunOnce: [d3ug32.exe] C:\WINDOWS\system32\d3ug32.exe
O4 - HKLM\..\RunOnce: [javady32.exe] C:\WINDOWS\system32\javady32.exe
O4 - HKLM\..\RunOnce: [iexf32.exe] C:\WINDOWS\system32\iexf32.exe
O4 - HKLM\..\RunOnce: [apiot32.exe] C:\WINDOWS\apiot32.exe
O4 - HKLM\..\RunOnce: [netrn.exe] C:\WINDOWS\system32\netrn.exe
O4 - HKLM\..\RunOnce: [apicd.exe] C:\WINDOWS\system32\apicd.exe
O4 - HKLM\..\RunOnce: [netnn32.exe] C:\WINDOWS\system32\netnn32.exe
O4 - HKLM\..\RunOnce: [crji32.exe] C:\WINDOWS\crji32.exe
O4 - HKLM\..\RunOnce: [winpw32.exe] C:\WINDOWS\system32\winpw32.exe
O4 - HKLM\..\RunOnce: [atlwu.exe] C:\WINDOWS\system32\atlwu.exe
O4 - HKLM\..\RunOnce: [winiu.exe] C:\WINDOWS\system32\winiu.exe
O4 - HKLM\..\RunOnce: [mfcak.exe] C:\WINDOWS\mfcak.exe
O4 - HKLM\..\RunOnce: [addfd32.exe] C:\WINDOWS\system32\addfd32.exe
O4 - HKLM\..\RunOnce: [netwt32.exe] C:\WINDOWS\system32\netwt32.exe
O4 - HKLM\..\RunOnce: [ipkt.exe] C:\WINDOWS\ipkt.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [atlsx32.exe] C:\WINDOWS\atlsx32.exe
O4 - HKLM\..\RunOnce: [winqk.exe] C:\WINDOWS\winqk.exe
O4 - HKLM\..\RunOnce: [ntsp.exe] C:\WINDOWS\system32\ntsp.exe
O4 - HKLM\..\RunOnce: [d3tj.exe] C:\WINDOWS\system32\d3tj.exe
O4 - HKLM\..\RunOnce: [mfcoc.exe] C:\WINDOWS\system32\mfcoc.exe
O4 - HKLM\..\RunOnce: [ntdy.exe] C:\WINDOWS\ntdy.exe
O4 - HKLM\..\RunOnce: [winjq.exe] C:\WINDOWS\winjq.exe
O4 - HKLM\..\RunOnce: [atlia.exe] C:\WINDOWS\system32\atlia.exe
O4 - HKLM\..\RunOnce: [ntkv32.exe] C:\WINDOWS\ntkv32.exe
O4 - HKLM\..\RunOnce: [netnf32.exe] C:\WINDOWS\system32\netnf32.exe
O4 - HKLM\..\RunOnce: [mfcks32.exe] C:\WINDOWS\mfcks32.exe
O4 - HKLM\..\RunOnce: [ntrj.exe] C:\WINDOWS\ntrj.exe
O4 - HKLM\..\RunOnce: [appsc32.exe] C:\WINDOWS\appsc32.exe
O4 - HKLM\..\RunOnce: [netwe32.exe] C:\WINDOWS\netwe32.exe
O4 - HKLM\..\RunOnce: [appto.exe] C:\WINDOWS\system32\appto.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\syshu32.exe
O4 - HKLM\..\RunOnce: [appla32.exe] C:\WINDOWS\system32\appla32.exe
O4 - HKLM\..\RunOnce: [ipse32.exe] C:\WINDOWS\ipse32.exe
O4 - HKLM\..\RunOnce: [sdkhm.exe] C:\WINDOWS\sdkhm.exe
O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\system32\javaxs32.exe
O4 - HKLM\..\RunOnce: [syset32.exe] C:\WINDOWS\syset32.exe
O4 - HKLM\..\RunOnce: [crjl.exe] C:\WINDOWS\crjl.exe
O4 - HKLM\..\RunOnce: [crve32.exe] C:\WINDOWS\system32\crve32.exe
O4 - HKLM\..\RunOnce: [ieel.exe] C:\WINDOWS\ieel.exe
O4 - HKLM\..\RunOnce: [ntsq.exe] C:\WINDOWS\ntsq.exe
O4 - HKLM\..\RunOnce: [ntzk.exe] C:\WINDOWS\ntzk.exe
O4 - HKLM\..\RunOnce: [ntfh32.exe] C:\WINDOWS\ntfh32.exe
O4 - HKLM\..\RunOnce: [sdkld.exe] C:\WINDOWS\system32\sdkld.exe
O4 - HKLM\..\RunOnce: [crza32.exe] C:\WINDOWS\system32\crza32.exe
O4 - HKLM\..\RunOnce: [sysyv.exe] C:\WINDOWS\sysyv.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: LightSurf.lnk = C:\Program\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: ontop - file://E:\10000258\cab\ontop.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{592CF679-9C03-4342-AFFD-1DB787CE4E51}: NameServer = 195.67.199.15 195.67.199.16