HijackThis log
Hej eksperter,skulle der være en der har tid og lyst til at se på denne? Min søns computer er plaget af forskellige "barer", overtagelse af MSIE startside, popups mm.
Jeg har hentet HijackThis på www.spywarefri.dk, men det kræver - som de også skriver - en ekspert at finde ud af, hvad der må slettes og hvad man skal holde nallerne fra.
På forhånd mange tak.
Logfile of HijackThis v1.98.2
Scan saved at 22:51:04, on 24-08-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\documents and settings\jlb\skrivebord\qttask.exe
D:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\MSN Messenger\MsgPlus.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Microsoft Office\Office\1030\msoffice.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
D:\Programmer\Logitech\Video\LowLight.exe
E:\Downloads\AntiSpyWare\HijackThis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dlfdcdthnbmpcekw.net/OM/9d0dtzdxgdbpmuWLJtXg9krmk_dD9VC_FuMosbjQtC_m5QeXKzKs3OeU1dGao.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {A5DB9761-073B-6DC1-6793-274EF9E361BA} - C:\PROGRA~1\BITSFI~1\drive option.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Agent] "C:\DOCUME~1\JLB\LOKALE~1\TEMP\WZSE0.TMP\DUPECORE.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\jlb\skrivebord\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [Bodyclose] C:\PROGRA~1\MOVETO~1\SEND CURB SETUP.exe
O4 - HKLM\..\Run: [Book32FiveDoes] C:\WINDOWS\Profiles\All Users\Programdata\secondthebook32\loud cash.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Mechene] Updatez.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1E5592CB-8F5B-46F8-9EA6-65C01213808A} (InstaladorBetyByte Control) - http://www.redzone.dk/uploads/cab/instaladorbetybyte.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {A5B4176A-5347-4CEC-AB75-26947BB34183} (InstaladorBetyByte Control) - http://www.redzone.dk/uploads/cab/instaladorbetybyteuk.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/bgnetbank/activex/DanskeSikker.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\DOWNLO~1\mimectl.dll