HijackThis log fil
Jeg har fået en bærbar pc tilbage fra en elev med en låst start side og nogle foretrukende søgesider som ikke er til at slette.Jeg har kørt spybot og lavet en HijackThis log
er der en der kan hjælpe mig med denne.
Logfile of HijackThis v1.97.7
Scan saved at 16:29:12, on 18-05-2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\EasyPHP\Apache\apache.exe
C:\Programmer\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\EasyPHP\MySql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Programmer\TOSHIBA\TME2\Tmesrv2.exe
C:\PROGRA~1\EasyPHP\Apache\apache.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Network Associates\VirusScan\VsStat.exe
C:\Programmer\Network Associates\VirusScan\Vshwin32.exe
C:\Programmer\Fælles filer\Network Associates\McShield\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\TPWRTRAY.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Promon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\PHILIP~1\PROJEC~1\ProjectorMax.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmer\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
C:\Palm\HOTSYNC.EXE
C:\Programmer\Microsoft Office\Office\1030\msoffice.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\macromed\flash\GetFlash.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\nkdl.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 213.159.117.235 #uto.search.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CB929AEF-735D-4A0B-AC86-DED719CE5766} - C:\WINNT\System32\nkdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programmer\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\Run: [win32.exe] C:\WINNT\win32.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ProjectorMaxStart] C:\PROGRA~1\PHILIP~1\PROJEC~1\ProjectorMax.exe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Programmer\OpenOffice.org1.0.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Network Device Switch.lnk = C:\Programmer\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O8 - Extra context menu item: Åbn billede i &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: Adgang for alle fjernbetjening (HKLM)
O9 - Extra 'Tools' menuitem: Adgang for alle fjernbetjening (HKLM)
O9 - Extra button: Add link to virtual signpost (HKLM)
O9 - Extra 'Tools' menuitem: Add link to virtual signpost (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37594.995775463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hilsen OLH