her er Logfile håber at du du kan se hvad der er galt
Hilsen
Per Olsen
Logfile of HijackThis v1.99.1
Scan saved at 10:21:33, on 18-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
E:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
E:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
E:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
E:\Programmer\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
E:\Programmer\F-Secure\Common\FSMA32.EXE
E:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
E:\Programmer\F-Secure\Common\FSMB32.EXE
E:\Programmer\F-Secure\Anti-Virus\fssm32.exe
E:\Normanss\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmer\Surfstats7300\SurfServ7300.exe
E:\Programmer\F-Secure\Common\FCH32.EXE
E:\Programmer\F-Secure\Common\FAMEH32.EXE
E:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
E:\Programmer\F-Secure\Common\FNRB32.EXE
E:\Programmer\F-Secure\Common\FIH32.EXE
E:\Programmer\F-Secure\Anti-Virus\fsav32.exe
E:\lotus\wordpro\wordpro.exe
E:\Programmer\Messenger\msmsgs.exe
E:\Programmer\MailWasher Pro\MailWasher.exe
E:\Programmer\Outlook Express\MSIMN.EXE
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\DOCUMENTS AND SETTINGS\PER\SKRIVEBORD\hjt.exe
E:\WINDOWS\System32\taskmgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toplisten.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.toplisten.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe
O3 - Toolbar: (no name) - {17939A30-18E2-471E-9D3A-56DD725F1215} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - E:\Programmer\Save Flash\SaveFlash.dll
O3 - Toolbar: Alawar - {4E7BD74F-2B8D-469E-A38E-F36DA787AD2D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Spy Watcher] "E:\Programmer\Spy Cleaner Gold Trial\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SPAMfighter Agent] "E:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [gcasServ] "E:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [XoftSpy] E:\Programmer\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Lexmark X1100 Series] "E:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe] E:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{93DB32ED-93AC-4138-999F-C71A974D4199}
O4 - HKCU\..\Run: [SpySweeper] "E:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [TASKMGRU] E:\WINDOWS\System32\TASKMGRU.EXE
O4 - HKCU\..\Run: [MSIMN32] E:\WINDOWS\System32\MSIMN32.EXE
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmer\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download a< med ReGet Deluxe - E:\Programmer\Fælles filer\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download All Files by HiDownload - E:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - E:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Download med Re&Get Deluxe - E:\Programmer\Fælles filer\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - E:\Programmer\Fælles filer\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - E:\Programmer\Fælles filer\ReGet Shared\Catcher.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: IEWatcher - {DFB29795-14D6-45EA-B4F7-EC7203F42906} - E:\Programmer\YourSoft\IEWatcher\IEWatcher.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\PROGRA~1\HIDOWN~1\hidownload.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CABO16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -
http://secure2.comned.com/signuptemplates/AktiveSekurity.cabO16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) -
http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cabO16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) -
http://www.turntool.com/ViewerInstall.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {B4F32846-56DD-4CF5-94FD-17DE1A12E9EB} -
http://t058.com/cabtest/counter.cabO23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - E:\Programmer\Aluria Security Center\ascserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - E:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - E:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - E:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "E:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: Network Inspector Agent - Fluke Networks, Inc. - E:\Programmer\Fluke Networks\Network Inspector\netengnt.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Normanss\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - E:\Normanss\Bin\Zanda.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programmer\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programmer\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SurfStats Scheduling Service 7300 (SurfServer7300) - Unknown owner - E:\Programmer\Surfstats7300\SurfServ7300.exe
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Programmer\Sophos SWEEP for NT\SWEEPSRV.SYS