Her log fra hijackthis, Trend:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:22, on 18-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\eTrustITM\realmon.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Flashpaste\flashpaste.exe
C:\Programmer\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programmer\CA\SharedComponents\iTechnology\igateway.exe
C:\Programmer\CA\eTrustITM\InoRpc.exe
C:\Programmer\CA\eTrustITM\InoRT.exe
C:\Programmer\CA\eTrustITM\InoTask.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Novell\ZENworks\nalntsrv.exe
C:\Programmer\Novell SSLVPN Service\bin\novell-sslvpn-serv.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Programmer\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Programmer\Novell\ZENworks\wm.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Novell\ZENworks\Asset Management\bin\TSUsage32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\ladal\Dokumenter\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programmer\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Flashpaste lite] C:\Programmer\Flashpaste\flashpaste.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programmer\Novell\ZENworks\AxNalServer.dll
O15 - Trusted Zone: ids1.faaborgmidtfyn.dk
O15 - Trusted Zone: portal.faaborgmidtfyn.dk
O15 - Trusted Zone:
http://*.intranetO15 - Trusted Zone:
http://webmail.kerteminde.dkO15 - Trusted Zone:
http://indkoeb-fif.kmd.dkO15 - Trusted Zone:
http://webindkoeb.kmd.dkO15 - Trusted Zone: asp.netblanket.dk
O15 - Trusted Zone:
http://www.nis.dkO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219744072703O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) -
https://danid.dk/csp/authenticode/csp.exeO16 - DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} (ActX Control) -
https://portal.faaborgmidtfyn.dk/sslvpn/Applet/ActX.ocxO16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exeO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} -
http://www.cooliris.com/shared/plinstll.cabO16 - DPF: {F0E81265-6D75-4CA0-A6EC-2FFCE5279746} (Launcher Class) -
http://62.81.142.158/geovirtual_web/download/GsLauncher.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Programmer\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programmer\Novell\ZENworks\nalntsrv.exe
O23 - Service: novell-sslvpn-serv - Unknown owner - C:\Programmer\Novell SSLVPN Service\bin\novell-sslvpn-serv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Programmer\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programmer\Novell\ZENworks\wm.exe
--
End of file - 7278 bytes