Hjælp til HijackThis
HeyMine comp er godt inficeret med spyware. Nogen der vil hjælpe med denne HijackThis logfil:
Logfile of HijackThis v1.99.1
Scan saved at 23:22:55, on 19-05-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\xvkjvkv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\ESB.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\lxes.exe
C:\WINDOWS\System32\wincfgkop9.exe
C:\WINUPDATE2425.exe
C:\WINDOWS\switpa.exe
C:\WINDOWS\seeve.exe
C:\WINDOWS\System32\MSxUP32.exe
C:\Program Files\Ixuqoi\Qqzglt.exe
C:\WINDOWS\System32\sdktemp.exe
C:\WINDOWS\System32\8fqajpld.exe
C:\WINDOWS\System32\WINSHELL.EXE
C:\WINDOWS\System32\MSLSA32.exe
C:\WINDOWS\System32\msnsmgs.exe
C:\WINDOWS\System32\taskmngr.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??ool32.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\Programmer\dusm\sota.exe
C:\WINDOWS\System32\hwclock.exe
C:\WINDOWS\plugin.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
G:\Spyware\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://203.125.153.221/FMS/Reports/blank.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmer\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] lxes.exe
O4 - HKLM\..\Run: [WinConfig9324] wincfgkop9.exe
O4 - HKLM\..\Run: [REGRUN32] C:\WINUPDATE2425.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmer\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sais] c:\programmer\180searchassistant\sais.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Microsoft Core Support] MSxUP32.exe
O4 - HKLM\..\Run: [Qinwrq] C:\Program Files\Ixuqoi\Qqzglt.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [8fqajpld] C:\WINDOWS\System32\8fqajpld.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [Windows Command Prompt] WINSHELL.EXE
O4 - HKLM\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\Run: [default] C:\isp2.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitecoz32.exe
O4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\Run: [foalgz] C:\WINDOWS\System32\xvkjvkv.exe r
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\Run: [Windows Task Manager] taskmngr.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] lxes.exe
O4 - HKLM\..\RunServices: [WinConfig9324] wincfgkop9.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSxUP32.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Windows Command Prompt] WINSHELL.EXE
O4 - HKLM\..\RunServices: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\RunServices: [Windows Task Manager] taskmngr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Wohodgns] C:\WINDOWS\System32\??ool32.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmer\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\Run: [Amrr] C:\Programmer\dusm\sota.exe
O4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\Run: [Windows Task Manager] taskmngr.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [Windows Task Manager] taskmngr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://216.127.33.119/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://www.advnt01.com/dialer/internazionale_ver15.CAB
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: plugin - Unknown owner - C:\WINDOWS\plugin.exe
