Hijackthis fil
Hej,kan I hjælpe med at rense denne computer?:
Logfile of HijackThis v1.99.1
Scan saved at 21:10:30, on 14-01-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ccsrvc.exe
C:\PROGRA~1\CARBON~1\shellker.exe
C:\Progra~1\NavNT\defwatch.exe
C:\WINNT\rund1132.exe
C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Progra~1\NavNT\rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wupnp.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\Promon.exe
C:\Progra~1\NavNT\vptray.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\WINNT\system32\b.exe
C:\WINNT\system32\google.exe
C:\windows\winsysban.exe
C:\WINNT\system32\internat.exe
C:\Program Files\TEXTware\HotKey\Twalink.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\5D.tmp
C:\Hijackthis-ny\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mail.tdconline.dk/
R3 - Default URLSearchHook is missing
O1 - Hosts: Botzor2005 Made By .... Greetz to good friend Coder. Based On HellBot3
O1 - Hosts: MSG to avs: the first av who detect this worm will be the first killed in the next 24hours!!!
O1 - Hosts: n127.0.0.1 www.symantec.com
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [vptray] C:\Progra~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PostImg] C:\Drivers\postimg.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\5D.tmp
O4 - HKLM\..\Run: [INet Manager] b.exe
O4 - HKLM\..\Run: [csm Win Updates] csm.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\system32\Isass.exe
O4 - HKLM\..\Run: [Printer Spooler] C:\WINNT\system32\3C.tmp
O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\RunServices: [INet Manager] b.exe
O4 - HKLM\..\RunServices: [csm Win Updates] csm.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: HotKey.lnk = C:\Program Files\TEXTware\HotKey\Twalink.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137099188654
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} (SAXFileEE ActiveX Control) - http://www.billedbutikken.dk/upload/SAXFileEE.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.billedbutikken.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: RunServices - C:\WINNT\system32\matask.dll
O20 - Winlogon Notify: URL - C:\WINNT\system32\kt8ql7l51.dll
O23 - Service: Carbon Copy Access Edition (CarbonCopy32) - Compaq Computer Corporation. - C:\WINNT\System32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Compaq Computer Corporation. - C:\WINNT\System32\schdsrvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Progra~1\NavNT\defwatch.exe
O23 - Service: windows dll service (dll service) - Unknown owner - C:\WINNT\rund1132.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Progra~1\NavNT\rtvscan.exe
O23 - Service: Windows Remote Procedure Call Monitoring Service (rpcsvc) - Unknown owner - C:\WINNT\system32\rpcsvc.exe
O23 - Service: Windows UPnP Service (wupnp) - Unknown owner - C:\WINNT\system32\wupnp.exe
O23 - Service: Workstation NetLogon Service (½O.#ž‚„õØÂ´â) - Unknown owner - C:\WINNT\system32\mfcss32.exe (file missing)
