Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup


  • Please log in to reply
2 replies to this topic

#1 niclas d

niclas d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:sweden
  • Local time:02:30 AM

Posted 31 August 2007 - 10:29 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:34, on 2007-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Storegate\Autostore\AutoStoreSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\iid.exe
C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe
C:\Program\SPAMfighter\SFAgent.exe
C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\niclas\Lokala inställningar\Temporary Internet Files\Content.IE5\QXCFMHM5\stinger[1].exe
C:\Program\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.davin.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Personal 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SEM_Monitor] "C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\mix ooze.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - (no file)
O22 - SharedTaskScheduler: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autostore - Storegate AB - C:\Program\Storegate\Autostore\AutoStoreSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10198 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 31 August 2007 - 12:15 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum niclas d :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 niclas d

niclas d
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:sweden
  • Local time:02:30 AM

Posted 03 September 2007 - 04:04 AM

ComboFix 07-08-30.3 - "niclas" 2007-09-03 10:48:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1454 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


2007-09-03 10:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-03 10:00 <KAT> d-------- C:\Program\processexp
2007-08-31 15:15 <KAT> d-------- C:\WINDOWS\ERUNT
2007-08-31 14:57 <KAT> d-------- C:\Program\Trend Micro
2007-08-31 10:56 <KAT> d-------- C:\Program Files
2007-08-31 10:35 212 --a------ C:\delete.bat
2007-08-31 08:53 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-08-30 14:10 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
2007-08-30 14:09 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-08-30 14:09 236 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-08-30 14:09 <KAT> d-------- C:\WINDOWS\system32\PAV
2007-08-30 14:08 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-08-30 14:08 <KAT> d-------- C:\Program\Panda Security
2007-08-30 13:17 <KAT> d-------- C:\WINDOWS\system32\Panda Software
2007-08-30 11:23 <KAT> d-------- C:\Program\Sony Ericsson
2007-08-28 14:36 <KAT> d-------- C:\Program\Lavasoft
2007-08-28 14:36 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-28 10:49 <KAT> d-------- C:\Program\RegistrySmart
2007-08-28 10:49 <KAT> d-------- C:\DOCUME~1\niclas\APPLIC~1\RegistrySmart
2007-08-22 16:43 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-22 15:36 <KAT> d-------- C:\Saga
2007-08-18 15:08 <KAT> d-------- C:\NDSSAVE
2007-08-16 22:28 88,960 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-08-16 22:28 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-08-16 20:05 <KAT> d-------- C:\Program\Electronic Arts
2007-08-15 09:59 <KAT> d-------- C:\DOCUME~1\niclas\APPLIC~1\Binlessmapi
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-03 10:49 --------- d-------- C:\DOCUME~1\niclas\APPLIC~1\Skype
2007-08-30 19:38 --------- d-------- C:\Program\DYMO Label
2007-08-30 13:43 --------- d--h----- C:\Program\InstallShield Installation Information
2007-08-30 13:30 --------- d-------- C:\Program\Delade filer\Panda Software
2007-08-28 14:36 --------- d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-08-28 14:33 --------- d-------- C:\DOCUME~1\niclas\APPLIC~1\Lavasoft
2007-08-27 16:32 --------- d-------- C:\DOCUME~1\niclas\APPLIC~1\Azureus
2007-08-27 14:18 --------- d-------- C:\Program\Azureus
2007-08-06 21:44 --------- d-------- C:\DOCUME~1\niclas\APPLIC~1\Canon
2007-08-06 12:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barb Info Hold Audio
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 20:00 --------- d-------- C:\Program\Binlessmapi
2007-07-18 20:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-06 19:15 --------- d-------- C:\Program\TPTEST5
2007-07-06 17:59 --------- d-------- C:\Program\Huwei Modems
2007-07-06 15:23 --------- d-------- C:\Program\Huawei technologies
2007-06-26 16:15 659456 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 15:57 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11 96768 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 20:11 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 20:11 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 20:11 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 20:11 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 20:11 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 20:11 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 20:11 3079680 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 20:11 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 20:11 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 20:11 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 20:11 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 20:11 1055232 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 16:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:23 1033728 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-05 10:34 1184664 --a------ C:\WINDOWS\system32\FreeImage.dll
2006-10-19 14:11 81920 --a------ C:\DOCUME~1\niclas\APPLIC~1\ezpinst.exe
2006-10-19 14:11 47360 --a------ C:\DOCUME~1\niclas\APPLIC~1\pcouffin.sys
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42]
"ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-31 22:05]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"StatusClient 2.6"="C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-12 01:08]
"TomcatStartup 2.5"="C:\Program\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-02-12 23:40]
"Net iD"="C:\WINDOWS\system32\iid.exe" [2006-03-02 10:22]
"D-Link AirPlus XtremeG"="C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 21:13]
"HP Software Update"="C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-02-10 22:36]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-02-16 11:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"SEM_Monitor"="C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe" [2007-05-11 13:55]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SPAMfighter Agent"="C:\Program\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
"Part browse safe hold"="C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\mix ooze.exe" [2007-09-03 10:39]
"AAWTray"="C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"APVXDWIN"="C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2007-01-29 16:36]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dvd43"=C:\Program\dvd43\dvd43_tray.exe
"SSBkgdUpdate"="C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Opware15"="C:\Program\ScanSoft\OmniPage15.0\Opware15.exe"
"PaperPort PTD"=C:\Program\ScanSoft\PaperPort\pptd40nt.exe
"IndexSearch"=C:\Program\ScanSoft\PaperPort\IndexSearch.exe
"PDF3 Registry Controller"="C:\Program\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
"DVDLauncher"="C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" -atboottime
"ControlCenter2.0"=C:\Program\Brother\ControlCenter2\brctrcen.exe /autorun
"MSKDetectorExe"=C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe

R2 pavdrv;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 dot4ufd;HP Dot4usb Filter;C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0303cd7c-2bc4-11dc-b8cf-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0303cd7e-2bc4-11dc-b8cf-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0303cd7f-2bc4-11dc-b8cf-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0303cd80-2bc4-11dc-b8cf-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0303cd81-2bc4-11dc-b8cf-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1621d320-4c37-11dc-b8ea-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2710b56e-2bcd-11dc-b8d1-001422440591}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d4d9ca-2bd7-11dc-b8d6-a7b58b913eb4}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d4d9cc-2bd7-11dc-b8d6-a7b58b913eb4}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d4d9ce-2bd7-11dc-b8d6-a7b58b913eb4}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d4d9cf-2bd7-11dc-b8d6-a7b58b913eb4}]
AutoRun\command- G:\AutoRun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-31 15:18:18 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-28 13:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 10:51:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-03 10:51:32
C:\ComboFix-quarantined-files.txt ... 2007-09-03 10:51
C:\ComboFix2.txt ... 2007-09-03 10:12

--- E O F ---


SmitFraudFix v2.219

Scan done at 10:54:38,60, 2007-09-03
Run from C:\Documents and Settings\niclas\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Storegate\Autostore\AutoStoreSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\iid.exe
C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe
C:\Program\SPAMfighter\SFAgent.exe
C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Personal\bin\Personal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program\Panda Security\Panda Antivirus 2008\avciman.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\niclas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\niclas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\niclas\FAVORI~1

C:\DOCUME~1\niclas\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"="eeler"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport för paketschemaläggning
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C04AAA9-28E2-4703-8476-41792584A981}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3956F87-5553-484B-BDAB-A4E9392D45FD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C04AAA9-28E2-4703-8476-41792584A981}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3956F87-5553-484B-BDAB-A4E9392D45FD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C04AAA9-28E2-4703-8476-41792584A981}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3956F87-5553-484B-BDAB-A4E9392D45FD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

1-Click Maintenance.job
AppleSoftwareUpdate.job
--------------------------------------------------------
App data folders

Volymen i enhet C har ingen etikett.
Volymens serienummer „r 28F2-EE07

Inneh†ll i katalogen C:\Documents and Settings\niclas\Application Data

2007-08-28 10:49 <KAT> .
2007-08-28 10:49 <KAT> ..
2006-06-05 15:59 <KAT> BITTOR~1 .bittorrent
2006-09-08 17:56 <KAT> 1CLICK~1 1ClickDVDCopy
2007-03-22 15:00 <KAT> Adobe
2007-02-22 11:27 <KAT> AdobeUM
2006-10-12 13:19 <KAT> Ahead
2006-11-14 16:30 <KAT> APPLEC~1 Apple Computer
2006-10-24 17:08 <KAT> Autodesk
2007-08-27 16:32 <KAT> Azureus
2007-08-15 09:59 <KAT> BINLES~1 Binlessmapi
2006-08-15 17:32 <KAT> Brother
2007-08-06 21:44 <KAT> Canon
2006-07-07 10:18 <KAT> CYBERL~1 CyberLink
2006-07-11 17:34 <KAT> DATALA~1 DataLayer
2007-06-14 11:25 <KAT> DOWNLO~1 Downloaded Installations
2007-06-21 15:45 <KAT> dvdcss
2006-11-07 11:53 <KAT> Google
2006-09-25 15:36 <KAT> Help
2004-09-15 13:38 <KAT> IDENTI~1 Identities
2006-06-12 20:15 <KAT> iid
2007-08-28 14:33 <KAT> Lavasoft
2007-03-23 18:02 <KAT> MACROM~1 Macromedia
2006-04-18 11:59 <KAT> MCAFEE~1.COM McAfee.com Personal Firewall
2007-05-09 10:57 <KAT> MICROS~1 Microsoft
2006-10-24 17:31 <KAT> NEMETS~1 Nemetschek
2007-04-11 12:49 <KAT> Nokia
2006-07-11 18:04 <KAT> NOKIAM~1 Nokia Multimedia Player
2006-05-15 14:58 <KAT> NORSTE~1 Norstedts Juridik
2006-06-01 09:06 <KAT> Opera
2007-04-11 12:33 <KAT> PCSUIT~1 PC Suite
2006-07-13 13:25 <KAT> Personal
2007-03-06 10:09 <KAT> Real
2007-08-28 10:53 <KAT> REGIST~1 RegistrySmart
2006-06-15 17:57 <KAT> ScanSoft
2007-05-08 10:33 <KAT> SECURE~1 Secured eMail
2007-09-03 10:49 <KAT> Skype
2007-06-20 11:49 <KAT> skySpace
2006-08-25 11:46 <KAT> SmartFTP
2007-06-13 13:04 <KAT> SPAMFI~1 SPAMfighter
2006-04-05 16:41 <KAT> Sun
2006-12-14 15:00 <KAT> SYSTRAN
2007-03-09 12:26 <KAT> TUNEUP~1 TuneUp Software
2006-11-23 17:19 <KAT> vlc
2006-10-19 14:11 <KAT> Vso
2006-06-15 23:07 <KAT> Zeon
0 fil(er) 0 byte
46 katalog(er) 161˙223˙155˙712 byte ledigt
Volymen i enhet C har ingen etikett.
Volymens serienummer „r 28F2-EE07

Inneh†ll i katalogen C:\Documents and Settings\All Users\Application Data

2007-08-30 14:10 <KAT> .
2007-08-30 14:10 <KAT> ..
2006-01-11 14:25 <KAT> Adobe
2006-04-18 13:50 <KAT> ADOBES~1 Adobe Systems
2006-10-12 13:17 <KAT> Ahead
2006-11-14 16:29 <KAT> APPLEC~1 Apple Computer
2007-07-18 20:00 <KAT> AUDIO4~1 Audio 4 part browse
2006-10-24 17:06 <KAT> Autodesk
2007-08-06 12:10 <KAT> BARBIN~1 Barb Info Hold Audio
2006-07-10 15:55 <KAT> Brother
2007-06-07 09:24 <KAT> DARTGR~1 Dart great bib second
2007-01-26 16:23 <KAT> Google
2007-04-12 09:31 <KAT> INSTAL~2 Installations
2006-04-05 16:43 <KAT> INSTAL~1 InstallShield
2007-08-28 14:36 <KAT> Lavasoft
2007-03-23 17:17 <KAT> MACROM~1 Macromedia
2006-04-05 16:45 <KAT> McAfee
2006-04-05 16:45 <KAT> McAfee.com
2006-04-18 12:00 <KAT> MCAFEE~1.COM McAfee.com Personal Firewall
2007-08-16 20:06 <KAT> MICROS~1 Microsoft
2006-05-15 14:59 <KAT> NORSTE~1 Norstedts Juridik
2006-08-29 08:50 <KAT> PCSUIT~1 PC Suite
2006-09-22 15:55 <KAT> pdf995
2007-02-26 15:49 <KAT> REDIRE~1 Redirected
2006-06-15 18:04 <KAT> ScanSoft
2007-02-22 23:29 <KAT> SECTAS~1 SecTaskMan
2007-08-30 14:10 <KAT> sentinel
2007-01-08 19:28 <KAT> Skype
2007-08-31 16:24 <KAT> SPYBOT~1 Spybot - Search & Destroy
2007-03-09 12:26 <KAT> TUNEUP~1 TuneUp Software
2006-05-11 10:02 <KAT> WINDOW~1 Windows Genuine Advantage
2006-06-15 18:03 <KAT> zeon
0 fil(er) 0 byte
32 katalog(er) 161˙223˙151˙616 byte ledigt
--------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:39, on 2007-09-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Storegate\Autostore\AutoStoreSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\iid.exe
C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe
C:\Program\SPAMfighter\SFAgent.exe
C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Personal\bin\Personal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program\Panda Security\Panda Antivirus 2008\avciman.exe
C:\Program\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.davin.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Personal 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SEM_Monitor] "C:\Program\Secured eMail\Modules\Secured_eMail_Application_Monitor.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\mix ooze.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - (no file)
O22 - SharedTaskScheduler: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autostore - Storegate AB - C:\Program\Storegate\Autostore\AutoStoreSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10102 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users