Hej arlet.
Her er loggen...jeg skal tilføje at jeg har slettet og excluderet nogle filer med Norton Antivirus inden jeg så din kommentar hvilket ikke var for smart :-( Men nu ser jeg hvad I har af råd og afventer svar.
Logfile of HijackThis v1.97.7
Scan saved at 19:11:27, on 23-12-2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINNT\System32\internat.exe
C:\winnt\winlogon.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\loadqm.exe
C:\Programmer\Fælles filer\Symantec Shared\NMain.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\administrator\Skrivebord\Ny mappe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.windowws.cc/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.windowws.cc/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.windowws.cc/sp.htm?id=9R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.search-space.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINNT\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.windowws.cc/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.search-space.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://t.rack.cc/sp.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://t.rack.cc/sp.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://t.rack.cc/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.search-space.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
http://www.search-space.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant =
http://www.008i.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch =
http://www.008i.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ie-search.com/srchasst.html (obfuscated)
O1 - Hosts: 206.161.127.71 xuto.search.msn.com
O1 - Hosts: 206.161.127.71 sitefinder.verisign.com
O1 - Hosts: 206.161.127.71 sitefinder-idn.verisign.com
O1 - Hosts: 206.161.127.71
www.your.comO1 - Hosts: 206.161.127.71 your.com
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} - C:\WINNT\msfklh.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINNT\madise.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe
O4 - HKCU\..\Run: [Windows Control] C:\WINNT\control.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\winnt\qttasks.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Web Search - c:\winnt\ex.htm
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
Ny bruger
Nybegynder
Opret
Preview
