Logfile of HijackThis v1.98.0
Scan saved at 16:54:52, on 07/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\WINDOWS\SYSTEM32\Mounter.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\BTV\btv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\a2\a2guard.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Bruger\Skrivebord\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {16AD6080-7A8F-4A1A-80EE-B78BC0F546E5} - C:\windows\SYSTEM32\wleii.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Mustek MDC 3000] C:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [SpyDoctor] C:\PROGRA~1\SPYDOC~1\SpyDoctor.exe
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-FOIMV.exe /REG
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Programmer\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [a²] "C:\Programmer\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) -
http://-Web.Washer-/ie_addO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programmer\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: *.mt-download.com
O16 - DPF: ChatSpace Java Client 3.0.0.207 -
http://surechat.com:9000/Java/cms3207.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cabO16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) -
http://www.alternatiff.com/install/00/alttiff.cabO16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} -
http://www.eingang69.de/EroticAccess/cabs/8002.cabO16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01020} (Egnsbank Nords Netbank) -
https://www.nordbank.dk/segnsbanknordibp1401ib100.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exeO16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cabO16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} -
http://foto.jubii.dk/components/photoupload.ocxO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://www.kinaweb.dk/plugin/mgaxctrl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.e-pressen.dk/scan/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://www.axis.com/products/camera_servers/AxisCamControl.ocxO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://www.eb.dk/codekstra/cabs/cssweb.cabO16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imloader.cabO21 - SSODL: System - {94BF2498-156F-4B29-803B-5DCDDB139EF8} - C:\WINDOWS\system32\system32.dll