Er ikke sikker men er det denne her log i mener?
StartupList report, 11-06-2003, 22:06:23
StartupList version: 1.52
Started from : C:\Documents and Settings\Mads Østergaard\Skrivebord\HijackThis.EXE
Detected: Windows 2000 SP3 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\MADSST~1\APPLIC~1\tlyhllqp.exe
C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
C:\DOCUME~1\MADSST~1\LOKALE~1\Temp\Gvc1.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mads Østergaard\Skrivebord\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menuen Start\Programmer\Start]
Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Logitech Utility = Logi_MwX.Exe
zBrowser Launcher = C:\Programmer\Logitech\iTouch\iTouch.exe
DAEMON Tools-1033 = "C:\Programmer\D-Tools\daemon.exe" -lang 1033
NeroCheck = C:\WINNT\system32\NeroCheck.exe
ccApp = "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
MessengerPlus2 = "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
nwiz = nwiz.exe /install
Synchronization Manager = mobsync.exe /logon
poostea = C:\DOCUME~1\MADSST~1\APPLIC~1\tlyhllqp.exe -QuieT
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MessengerPlus2 = "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
msnmsgr = "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\PROGRA~1\EPROMP~1\epsaver.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\DOCUME~1\MADSST~1\APPLIC~1\breaouckoostb.dll - {b10ec254-1605-4d44-b9df-f5dcf1cb5e78}
NAV Helper - C:\Programmer\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[Creative Software AutoUpdate]
InProcServer32 = C:\WINNT\DOWNLO~1\CTSUEng.ocx
CODEBASE =
http://www.creative.com/SU-newOCX/ocx/12110/CTSUEng.cab[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[OPUCatalog Class]
InProcServer32 = C:\WINNT\System32\opuc.dll
CODEBASE =
http://www.officeupdate.com/productupdates/content/opuc.cab[SecureLogin.SecureControl]
InProcServer32 = C:\WINNT\Downloaded Program Files\ActiveSecurity.ocx
CODEBASE =
http://secure2.comned.com/signuptemplates/ActiveSecurity.cab[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE =
http://www.pandasoftware.com/activescan/as/asinst.cab[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37728.2612962963[{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[MS Investor Ticker]
InProcServer32 = C:\WINNT\DOWNLO~1\ticker9.ocx
CODEBASE =
http://fdl.msn.com/public/investor/v9/ticker.cab[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\WINNT\DOWNLO~1\CTPID.ocx
CODEBASE =
http://www.creative.com/SU-newOCX/ocx/12110/CTPID.cab[{FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75}]
CODEBASE =
http://download.redswoosh.com/Installer/rsinstaller.cab--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
End of report, 6.726 bytes
Report generated in 0,080 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only