Så kan den hijackes
For at være på den sikre side lader jeg lige en ekspert klare den alligevel.Jeg gider ikke høre fra folk der ikke gider hjælpe mig alligevel... Så hvis du ønsker at hjælpe, skriv gerne, hvis du ikke gider, hold dig væk. Jeg ved godt der er meget ja, og jeg ved godt jeg ikke har service pack-tingen. Skriv gerne link til det.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14, on 2007-10-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Internet Explorer\IEXPLORE.EXE
D:\Programmer\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Antiy Labs\Alive\ALiveCenter.exe
D:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programmer\iTunes\iTunesHelper.exe
D:\Programmer\QuickTime\qttask.exe
D:\WINDOWS\System32\spoolsvv.exe
D:\Programmer\MSN Messenger\msnmsgr.exe
D:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Programmer\Canon\CAL\CALMAIN.exe
D:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
D:\Programmer\iPod\bin\iPodService.exe
D:\Programmer\MSN Messenger\usnsvc.exe
D:\Programmer\iTunes\iTunes.exe
D:\Programmer\Mozilla Firefox\firefox.exe
D:\Documents and Settings\André\Skrivebord\HiJackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/sporten
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://85.255.113.67/privacyWarning.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\System32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Programmer\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - D:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmer\google\googletoolbar1.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - D:\Programmer\E404 Helper\e404.v1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [net32] D:\WINDOWS\svhost.exe
O4 - HKLM\..\Run: [net64] D:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [netsv32] D:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] D:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [BearFlix] "D:\Programmer\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [netc] D:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [runsql] D:\WINDOWS\runsql.exe
O4 - HKLM\..\Run: [spoolsvv] D:\WINDOWS\System32\spoolsvv.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "D:\Programmer\Save\Save.exe"
O4 - HKCU\..\Run: [swg] D:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [noskrnl] D:\WINDOWS\noskrnl.exe
O4 - HKCU\..\Run: [Firewall auto setup] D:\DOCUME~1\ANDR~1\LOKALE~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [Ordbogen.com] D:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickOff.lnk = D:\Programmer\ClickOff\Clickoff.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Programmer\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programmer\MP3 Player Utilities 3.79\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmer\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmer\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133301966077
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: botreg - D:\Documents and Settings\All Users\Dokumenter\Settings\bot.dll
O20 - Winlogon Notify: comloy - comloy.dll (file missing)
O20 - Winlogon Notify: partnershipreg - D:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Gatewaytjeneste til programlaget ALGuploadmgr (ALGuploadmgr) - Unknown owner - D:\WINDOWS\System32\a3dj.exe (file missing)
O23 - Service: Antiy live update (Alive Auto-Update Service) - Unknown owner - D:\Programmer\Antiy Labs\Alive\ALiveCenter.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Hændelseslog EventlogNla (EventlogNla) - Unknown owner - D:\WINDOWS\System32\advpackf.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: COM-tjenesten IMAPI cd-skrivning ImapiServiceALG (ImapiServiceALG) - Unknown owner - D:\WINDOWS\System32\1031l.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Messenger MessengerSSDPSRV (MessengerSSDPSRV) - Unknown owner - D:\WINDOWS\System32\advapi32b.exe (file missing)
O23 - Service: NetMeeting - Deling af fjernskrivebord mnmsrvcUMWdf (mnmsrvcUMWdf) - Unknown owner - D:\WINDOWS\System32\1037d.exe
O23 - Service: Network DDE DSDM NetDDEdsdmMessengerSSDPSRV (NetDDEdsdmMessengerSSDPSRV) - Unknown owner - D:\WINDOWS\System32\activedsph.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: NVIDIA Display Driver Service NVSvcMSIServer (NVSvcMSIServer) - Unknown owner - D:\WINDOWS\System32\1031p.exe (file missing)
O23 - Service: Office Source Engine oseose (oseose) - Unknown owner - D:\WINDOWS\System32\147657854r.exe (file missing)
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - D:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Chipkort SCardSvrose (SCardSvrose) - Unknown owner - D:\WINDOWS\System32\activedsp.exe (file missing)
O23 - Service: Firewall til Internetforbindelse / Deling af Internetforbindelse SharedAccesswinmgmt (SharedAccesswinmgmt) - Unknown owner - D:\WINDOWS\System32\1033d.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - D:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
--
End of file - 11293 bytes
