Er den log ren?
HejsaEr der en som vil tjekke denne log?
Mvh
K
Logfile of HijackThis v1.97.7
Scan saved at 20:28:08, on 22-12-2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Programmer\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\INV32CLI.EXE
C:\Programmer\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\NTME\METHWNT.EXE
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\NTME\brad32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\WUSER32.EXE
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\Smtray.exe
C:\Programmer\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\ORL\VNC\WinVNC.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINNT\System32\SCardSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\INST\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.29
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [cpqek] C:\Programmer\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run WinVNC (App Mode).lnk = C:\Programmer\ORL\VNC\WinVNC.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .au: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .avi: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .qt: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O17 - HKLM\System\CCS\Services\Tcpip\..\{15978C6B-2B23-42BA-B7E9-B8C1E2CCB1BF}: NameServer = 194.239.134.83,172.16.10.29
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = frederiksvaerk.dk
O17 - HKLM\System\CS1\Services\Tcpip\..\{15978C6B-2B23-42BA-B7E9-B8C1E2CCB1BF}: NameServer = 194.239.134.83,172.16.10.29
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = frederiksvaerk.dk
O17 - HKLM\System\CS2\Services\Tcpip\..\{15978C6B-2B23-42BA-B7E9-B8C1E2CCB1BF}: NameServer = 194.239.134.83,172.16.10.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = frederiksvaerk.dk
