Hijack problemmer
Hej Jeg har problemmer med min pc. Jeg får hele tiden pop-ups.Jeg har taget en hijack håber i kan hjælpe
Logfile of HijackThis v1.99.1
Scan saved at 17:38:39, on 17-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\TOSHIBA\TOSHIBA-programmer\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Xp ting\CursorXP.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\Programmer\Object Desktop\ObjectBar\ObjectBar.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\programmer\internet explorer\iexplore.exe
C:\Programmer\Microsoft Office\Office10\EXCEL.EXE
C:\DOCUME~1\Andreas\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\C527C96N\hijackthis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - blank (file missing)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - blank (file missing)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - C:\WINDOWS\system32\cxfldeji.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmer\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.familieportalen.barneguide.dk
O15 - Trusted Zone: http://www.base1.dk
O15 - Trusted Zone: *.bluebell.dk
O15 - Trusted Zone: http://www.boligsiden.dk
O15 - Trusted Zone: http://www.brock.dk
O15 - Trusted Zone: *.dfdsseaways.com
O15 - Trusted Zone: http://sapdk.pro.dir.dk
O15 - Trusted Zone: http://www.dsb.dk
O15 - Trusted Zone: http://www.dtf-travel.com
O15 - Trusted Zone: *.forsikringsluppen.dk
O15 - Trusted Zone: http://www.freesitetemplates.com
O15 - Trusted Zone: http://www.gmail.com
O15 - Trusted Zone: http://www.google.dk
O15 - Trusted Zone: http://www.hattrick.org
O15 - Trusted Zone: http://*.hattrick.org
O15 - Trusted Zone: http://www.herstal.dk
O15 - Trusted Zone: http://www.home.dk
O15 - Trusted Zone: http://www.ide.dk
O15 - Trusted Zone: http://www.igroups.dk
O15 - Trusted Zone: http://*.isnoop.net
O15 - Trusted Zone: http://love.jubii.dk
O15 - Trusted Zone: http://webmail.kabeltv.dk
O15 - Trusted Zone: http://*.kabeltv.dk
O15 - Trusted Zone: http://www.krak.dk
O15 - Trusted Zone: *.kvindeguiden.dk
O15 - Trusted Zone: http://www.love.dk
O15 - Trusted Zone: http://www.mail.dk
O15 - Trusted Zone: *.list.mixit.dk
O15 - Trusted Zone: http://www.onside.dk
O15 - Trusted Zone: http://www.punkt1.dk
O15 - Trusted Zone: http://www.rejseplanen.dk
O15 - Trusted Zone: *.rejseplanen.dk
O15 - Trusted Zone: http://campaign.scandinavian.net
O15 - Trusted Zone: *.selvhenter.dk
O15 - Trusted Zone: http://www.sexhistorier.dk
O15 - Trusted Zone: *.sonofon.dk
O15 - Trusted Zone: http://www.spamfighter.com
O15 - Trusted Zone: http://webmail.stofanet.dk
O15 - Trusted Zone: *. security.symantec.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: *.tdc.dk
O15 - Trusted Zone: http://mail.tdconline.dk
O15 - Trusted Zone: http://*.tdconline.dk
O15 - Trusted Zone: http://www.tjeck.dk
O15 - Trusted Zone: http://www.trafikken.dk
O15 - Trusted Zone: *.tuborg.dk
O15 - Trusted Zone: http://damehaandboldmanager.tv2.dk
O15 - Trusted Zone: http://*.tv2.dk
O15 - Trusted Zone: http://nb.blackboard.uni-c.dk
O15 - Trusted Zone: http://www.virtualpromote.com
O15 - Trusted Zone: http://www.walla.com
O15 - Trusted Zone: http://www.wanna-save.com
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O15 - Trusted IP range: http://195.41.188.131
O15 - Trusted IP range: http://192.168.2.32
O15 - Trusted IP range: http://192.168.2.33
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O20 - Winlogon Notify: MCPClient - C:\WINDOWS\
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\s0pu0a79ed.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe