Sidder på en vens PC og har et problem.
problemet er en inficeret svchost.exe fil (W32.Spybot.Worm) efter sletning af filen og en genstart så windows fil beskyttelse opretter en ny svchost.exe fil, er den nyoprettede fil også inficeret..
kan nogen eventuelt udlede noget af denne hijackfil?
Logfile of HijackThis v1.97.7
Scan saved at 23:41:58, on 03-11-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32
vsvc32.exe
C:PROGRA~1NeoWatchNWSERVICE.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTExplorer.EXE
C:WINNTsystem32devldr32.exe
C:ProgrammerD-Toolsdaemon.exe
C:ProgrammerCreativeSBLiveAudioHQAHQTB.EXE
C:ProgrammerQuickTimeqttask.exe
C:ProgrammerNeoWatchNeoWatchTray.exe
C:Documents and SettingsHenrik HansenLokale indstillingerTemporary Internet FilesContent.IE5CXMV0XQVHijackThis[1].exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.tv2.dk[...]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [DAEMON Tools-1033] "C:ProgrammerD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [AudioHQ] C:ProgrammerCreativeSBLiveAudioHQAHQTB.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Mirabilis ICQ] C:PROGRA~1ICQICQNet.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: NeoWatch Startup.lnk = C:ProgrammerNeoWatchNeoWatchTray.exe
O8 - Extra context menu item: &NeoTrace It! - C:PROGRA~1NeoWatchNTXcontext.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com[...]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com[...]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com[...]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com[...]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com[...]
--
"640K ought to be enough for anybody." Bill Gates, 1981