Logfile of HijackThis v1.97.2
Scan saved at 22:29:20, on 04-10-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmer\Winamp\Winampa.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\mail.com\mcalert.exe
C:\Programmer\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\ICQ\ICQ.exe
C:\Documents and Settings\Christian\Lokale indstillinger\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://out.true-counter.com/c/?101 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://out.true-counter.com/b/?101 (obfuscated)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet5_40.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\System32\bootconf.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmer\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~2\NEWDOT~1\NEWDOT~3.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mail.com] C:\Programmer\mail.com\mcalert.exe -auto
O4 - HKCU\..\RunOnce: [ICQ] C:\Programmer\ICQ\ICQ.exe -trayboot
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabO16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00620BD00009} (Skjern Banks Netbank) -
https://www.skjernbank.dk/sskjernibp2000ib100.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.3614467593O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) -
https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cabO19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp