Jeg har kopieret min logfile of hijack over. Sender min ewido log om et øjeblik
Logfile of HijackThis v1.99.1
Scan saved at 21:44:51, on 26-08-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
D:\Program Files\Navnt\POPROXY.EXE
D:\WINDOWS\iehe.exe
D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Logitech\iTouch\kbdtray.exe
D:\WINDOWS\System32\servic.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\system32\winqq32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Navnt\navapw32.exe
D:\PROGRA~1\Navnt\navapsvc.exe
D:\PROGRA~1\Navnt\npssvc.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Navnt\alertsvc.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Markus\Desktop\hijackthis mappe\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://D:\WINDOWS\system32\imofw.dll/sp.html#55135R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=D:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {EF1B2E36-FD28-904F-E592-65FF81994DE8} - D:\WINDOWS\system32\ntsj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Registry Loader] regloadr.exe
O4 - HKLM\..\Run: [Configuration Loader] MSRUN.exe
O4 - HKLM\..\Run: [Config Loader] scvhost.exe
O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [Norton eMail Protect] D:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [Mscnt] d:\windows\system32\mscnt.exe /nocomm
O4 - HKLM\..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [atlaa32.exe] D:\WINDOWS\system32\atlaa32.exe
O4 - HKLM\..\Run: [ipwf.exe] D:\WINDOWS\ipwf.exe
O4 - HKLM\..\Run: [Microsoft Update 32] servic.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [winqq32.exe] D:\WINDOWS\system32\winqq32.exe
O4 - HKLM\..\RunServices: [Registry Loader] regloadr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] MSRUN.exe
O4 - HKLM\..\RunServices: [Config Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] servic.exe
O4 - HKLM\..\RunServices: [Microsoft Update] asn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - D:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://post.scvua.dk/iNotes.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} -
http://advnt01.com/dialer/internazionale_ver4.CABO23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\iehe.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NAV Alert - Symantec Corporation - D:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - D:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - D:\PROGRA~1\Navnt\npssvc.exe