okay hentede jijackthis, og dette er loggen:
Logfile of HijackThis v1.97.7
Scan saved at 19:40:41, on 17-04-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\RunDll32.exe
D:\WINDOWS\MXOALDR.EXE
D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Documents and Settings\Tommy\Application Data\dmwm.exe
D:\Programmer\Skype\Phone\Skype.exe
D:\WINDOWS\system32\winproc32.exe
D:\PROGRA~1\ICQ\ICQ.exe
D:\WINDOWS\System32\gearsec.exe
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Programmer\iPod\bin\iPodService.exe
D:\Programmer\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Programmer\Norton AntiVirus\OPScan.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\Tommy\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://4-counter.com/?a=2&b=sexyfotoR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://4-counter.com/?b=sexyfotoR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://1-se.com/home.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://1-se.com/home.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://4-counter.com/?a=2&b=sexyfotoR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://1-se.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://1-se.com/srchasst.html (obfuscated)
O1 - Hosts: 3466709097 sitefinder.verisign.com
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097
www.your.comO1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MXO Auto Loader] D:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Programmer\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Seot] D:\Documents and Settings\Tommy\Application Data\dmwm.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [rundll32] c:\rundll32.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] D:\WINDOWS\system32\winproc32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Google Search -
res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages -
res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O8 - Extra context menu item: Web Search - D:\WINDOWS\ex.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Opslag (HKLM)
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {11111111-1111-1111-1111-111111111123} -
http://fuckhere.ud-dial.biz/1/dexDK505.exeO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cabO16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
Ny bruger
Nybegynder
Opret
Preview
