Jeg sidder ved en vens pc der er tvungen startside med mere har kørt hijack og fået en log men jeg ved ikke hvad jeg tør slette er der en der kan hjælpe
, jeg er ikke helt stiv i det her så det tager nLogfile of HijackThis v1.98.2
Scan saved at 10:10:44, on 22-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\NORMAN\nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\svcinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetdata\services.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\VCom\Dialers\LiveSexCam_dk\LiveSexCam_dk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\windllsys32.exe
C:\Programmer\Lexmark X74-X75\lxbbbmon.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\conny\Lokale indstillinger\Temporary Internet Files\Content.IE5\C9A3OHIR\hijackthis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://e-plus.cc/teen+fuck/89/?lang={SUB_RFC1766}&id=170201055066900177
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://69.50.179.61/search/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://69.50.179.61/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://69.50.179.61/search/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://69.50.179.61/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\conny\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://69.50.179.61/search/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.ewebsearch.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {229E52E3-A21D-4B93-AE7D-668DF126D8A8} - C:\WINDOWS\System32\bnm.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [LiveSexCam_dk] C:\Program Files\VCom\Dialers\LiveSexCam_dk\LiveSexCam_dk.exe /dontdial
O4 - HKLM\..\Run: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe
O4 - HKLM\..\RunServices: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKCU\..\Run: [windllsys32.exe] C:\WINDOWS\System32\windllsys32.exe
O4 - HKCU\..\Run: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=
http://www.tdconline.dk/start
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) -
http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) -
http://www.thepaymentcentre.com/build/vviewer.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!
http://69.50.179.61///search/1/user.chm::/user.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!
http://195.225.177.13/10043/online.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!
http://super-gals.com//index//in//index.chm::/ad.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) -
http://www.ipxs.nl/php/ipxs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7367E021-5216-4545-9C06-F26B689CCF55}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7367E021-5216-4545-9C06-F26B689CCF55}: NameServer = 193.162.153.164 194.239.134.83
O18 - Filter: text/html - {97677C83-38EA-45FF-A5E8-80A5428892D5} - C:\WINDOWS\System32\bnm.dll
O18 - Filter: text/plain - {97677C83-38EA-45FF-A5E8-80A5428892D5} - C:\WINDOWS\System32\bnm.dll
O21 - SSODL: System - {E9D66B2D-F5FF-4770-A73A-A84230C08AB2} - C:\WINDOWS\system32\system32.dll (file missing)
ok ´lidt tid .