Logfile of HijackThis v1.97.3
Scan saved at 10:54:58, on 15-10-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\drivers\trcboot.exe
D:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
D:\WINNT\System32\svchost.exe
d:\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
d:\Trend Micro\OfficeScan Client\tmlisten.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
d:\Trend Micro\OfficeScan Client\ofcdog.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\atiptaxx.exe
D:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
D:\Programmer\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\Trend Micro\OfficeScan Client\pccntmon.exe
D:\WINNT\system32\internat.exe
D:\Programmer\Fælles filer\GMT\GMT.exe
D:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Programmer\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator.VKNT\Skrivebord\FixQhost.exe
D:\Documents and Settings\Administrator.VKNT\Skrivebord\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intra2000/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts file is located at: D:\WINNT\help\hosts
O1 - Hosts: 216.239.59.99
www.google.comO1 - Hosts: 216.239.59.99 google.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - D:\Programmer\Httper\httper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] D:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmer\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScan\hpsjbmgr.exe
O4 - HKLM\..\Run: [hpppt]
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "d:\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [SpyBotSnD] "D:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Cisco Systems VPN Client.lnk = D:\Programmer\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vordbkom.dk
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40E736E-8F14-408D-80FA-959A5E76003B}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vordbkom.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vordbkom.dk
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38