Hijack this log - mangler hjælp.
Med denne log, samtidig har jeg fået en del virus på en eller anden måde... det drejer sig om følgende:W32.Gaobot.RB
W32.Gaobot.SY
W32.HLLW.Gaobot
W32.HLLW.Rirc
Alle er i Quarantine nu, men den bliver ved med at komme op med nye warnings :S
Håber der er en der kan hjælpe.
Logfile of HijackThis v1.97.7
Scan saved at 18:53:42, on 07-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\PROGRA~1\McAfee\MCAFEE~1\CPD.EXE
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\Program Files\Microsoft Virtual PC\Virtual PC.exe
F:\PROGRA~1\McAfee\MCAFEE~1\CPD.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SAHUninstall.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.98.35.3:3128
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://pralerts.zonelabs.com/pralerts/pranalyze.jsp?PN=Messenger&VER=4.7.0041&FN=msmsgs.exe&Created=2d146913&Size=1511453&MD5=1e455b08870d4ac3bb6ab5968603e8af&CRC=49c93a19&RIPA=192.168.0.1&RP=1900&Connect=1&Pgmstatus=3&Zone=1&Keycode=9j331ep5t98px7s7vm7th90rwg0&Product=ZoneAlarm+Pro&ProductVersion=3.1.395&HU100=ZLN30205572460475-1001&DTST=6218&QSRC=1&OS=Windows+XP-5.1.2600-Service+Pack+1-SP&LANG=1030&CL=en (obfuscated)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MCAgentExe] F:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "F:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SAHAgent] F:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\RunOnce: [_UnwiseDMO] cmd.exe /c del F:\WINDOWS\System32\ATPartners.dll
O4 - HKLM\..\RunOnce: [_UnwiseDMO_] cmd.exe /c del F:\WINDOWS\System32\im64.dll
O4 - Global Startup: SymmTime.lnk = ?
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/fmn0aa.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38160.6327430556
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab