Logfile of HijackThis v1.99.1
Scan saved at 01:19:46, on 08-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\explorer.exe
c:\windows\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\windows\rundll32.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
c:\windows\system32\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dusho\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.dk/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit32.exe,
O1 - Hosts: 222.89.98.219
www.wo365.comO1 - Hosts: 222.89.98.219 cmfu.com
O1 - Hosts: 222.89.98.219
www.cmfu.comO1 - Hosts: 222.89.98.219 9i0.com
O1 - Hosts: 222.89.98.219
www.9flash.comO1 - Hosts: 222.89.98.219 9flash.com
O1 - Hosts: 222.89.98.219
www.nowok.netO1 - Hosts: 222.89.98.219 nowok.net
O1 - Hosts: 222.89.98.219 wisa.com.cn
O1 - Hosts: 222.89.98.219
www.sia.com.cnO1 - Hosts: 222.89.98.219
www.wisa.cnO1 - Hosts: 222.89.98.219 wisa.cn
O1 - Hosts: 222.89.98.219
www.zhao99.comO1 - Hosts: 222.89.98.219 zhao99.com
O1 - Hosts: 222.89.98.219
www.wo123.comO1 - Hosts: 222.89.98.219 wo123.com
O1 - Hosts: 222.89.98.219 wo99.com
O1 - Hosts: 222.89.98.219
www.wo99.comO1 - Hosts: 222.89.98.219
www.page.com.cnO1 - Hosts: 222.89.98.219 page.com.cn
O1 - Hosts: 222.89.98.219
www.432.cnO1 - Hosts: 222.89.98.219 432.cn
O1 - Hosts: 222.89.98.219 wysw.com
O1 - Hosts: 222.89.98.219 14.com.cn
O1 - Hosts: 222.89.98.219
www.14.com.cnO1 - Hosts: 222.89.98.219 cnww.net
O1 - Hosts: 222.89.98.219
www.mv99.comO1 - Hosts: 222.89.98.219 mv99.com
O1 - Hosts: 222.89.98.219
www.youav.comO1 - Hosts: 222.89.98.219
www.mtvav.comO1 - Hosts: 222.89.98.219
www.98983.comO1 - Hosts: 222.89.98.219 98983.com
O1 - Hosts: 222.89.98.219
www.114.com.cnO1 - Hosts: 222.89.98.219 114.com.cn
O1 - Hosts: 222.89.98.219
www.net114.comO1 - Hosts: 222.89.98.219
www.skywz.comO1 - Hosts: 222.89.98.219 skywz.com
O1 - Hosts: 222.89.98.219
www.hao6.comO1 - Hosts: 222.89.98.219 hao6.com
O1 - Hosts: 222.89.98.219
www.678a.comO1 - Hosts: 222.89.98.219 678a.com
O1 - Hosts: 222.89.98.219
www.7510.comO1 - Hosts: 222.89.98.219 7510.com
O1 - Hosts: 222.89.98.219
www.zzkan.comO1 - Hosts: 222.89.98.219 zzkan.com
O1 - Hosts: 222.89.98.219
www.ca183.comO1 - Hosts: 222.89.98.219 ca183.com
O1 - Hosts: 222.89.98.219 3tom.com
O1 - Hosts: 222.89.98.219
www.yhjm.comO1 - Hosts: 222.89.98.219 yhjm.com
O1 - Hosts: 222.89.98.219
www.k369.comO1 - Hosts: 222.89.98.219
www.xxwww.comO1 - Hosts: 222.89.98.219 xxwww.com
O1 - Hosts: 222.89.98.219
www.fm1000.netO1 - Hosts: 222.89.98.219 fm1000.net
O1 - Hosts: 222.89.98.219
www.ok135.comO1 - Hosts: 222.89.98.219 ok135.com
O1 - Hosts: 222.89.98.219
www.link999.comO1 - Hosts: 222.89.98.219 link999.com
O1 - Hosts: 222.89.98.219
www.001wz.comO1 - Hosts: 222.89.98.219 001wz.com
O1 - Hosts: 222.89.98.219
www.7t7t.comO1 - Hosts: 222.89.98.219 7t7t.com
O1 - Hosts: 222.89.98.219
www.7k7k.comO1 - Hosts: 222.89.98.219 7k7k.com
O1 - Hosts: 222.89.98.219
www.webcool.netO1 - Hosts: 222.89.98.219 webcool.net
O1 - Hosts: 222.89.98.219
www.51sobu.comO1 - Hosts: 222.89.98.219 51sobu.com
O1 - Hosts: 222.89.98.219 cy.51sobu.com
O1 - Hosts: 222.89.98.219
www.fj3721.comO1 - Hosts: 222.89.98.219 fj3721.com
O1 - Hosts: 222.89.98.219
www.msncn.comO1 - Hosts: 222.89.98.219 msncn.com
O1 - Hosts: 222.89.98.219
www.6235.comO1 - Hosts: 222.89.98.219 6235.com
O1 - Hosts: 222.89.98.219
www.8goo.comO1 - Hosts: 222.89.98.219 8goo.com
O1 - Hosts: 222.89.98.219
www.baimin.comO1 - Hosts: 222.89.98.219 baimin.com
O1 - Hosts: 222.89.98.219
www.bwwz.comO1 - Hosts: 222.89.98.219 bwwz.com
O1 - Hosts: 222.89.98.219
www.howow.netO1 - Hosts: 222.89.98.219 howow.net
O1 - Hosts: 222.89.98.219
www.tongchi.comO1 - Hosts: 222.89.98.219 tongchi.com
O1 - Hosts: 222.89.98.219
www.65658.comO1 - Hosts: 222.89.98.219 65658.com
O1 - Hosts: 222.89.98.219
www.7o7o.comO1 - Hosts: 222.89.98.219 7o7o.com
O1 - Hosts: 222.89.98.219 5126.net
O1 - Hosts: 222.89.98.219
www.5126.netO1 - Hosts: 222.89.98.219
www.wangzhiku.comO1 - Hosts: 222.89.98.219 wangzhiku.com
O1 - Hosts: 222.89.98.219
www.soyeah.comO1 - Hosts: 222.89.98.219 soyeah.com
O1 - Hosts: 222.89.98.219
www.sowang.cnO1 - Hosts: 222.89.98.219 sowang.cn
O1 - Hosts: 222.89.98.219
www.77177.comO1 - Hosts: 222.89.98.219 77177.com
O1 - Hosts: 222.89.98.219
www.look8.netO2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: OpenSite.CBrowserHelper - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll (file missing)
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Programmer\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: bytepingbody - {C0052E77-6A3D-89E9-C27D-085DEE3F2FE9} - C:\PROGRA~1\TONSIN~1\once browse.dll (file missing)
O3 - Toolbar: load junk sign - {5001E78A-C700-7BE0-6236-11B1AECD1A67} - C:\PROGRA~1\TONSIN~1\once browse.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Programmer\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\Overnet.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [CIPWG] C:\WINDOWS\CIPWG.exe
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmer\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programmer\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [updater] C:\Programmer\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [axis about] C:\PROGRA~1\Defy seek aim\Bone Less Download.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programmer\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wllpisudgue] C:\WINDOWS\System32\mmhumk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FÆLLES~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Programmer\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Worms3DSetup.exe] C:\DOCUME~1\Dusho\SKRIVE~1\WORMS3~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Programmer\VBouncer\VirtualBouncer.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dots -
http://download.games.yahoo.com/games/clients/y/dtt1_x.cabO16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) -
http://secure2.comned.com/signuptemplates/AktiveSekurity.cabO16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:
file://c:\nosuch.mht!http://hard-virgins.com/dl/adv68/x.chm::/load.exeO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
http://www.miniclip.com/bestfriends/retro64_loader.dllO16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cabO16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) -
http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cabO16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) -
http://secure2.comned.com/signuptemplates/ActiveSecurity.cabO16 - DPF: {797F525D-B846-46C3-8878-2343BC8F5779} (Eyeball Instant Messaging Control) -
http://www.webcamstripper.com/member/esdk/EyeballSDK.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensavers.com/dm/installers/si/1/sinstaller.cabO16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) -
http://cs2b.instantservice.com/jars/customerxsigned34.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) -
http://www.webcamnow.com/broadcast/ActiveXWebCam.cabO16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) -
http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.shockwave.com/content/zuma/popcaploader_v5.cabO16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cabO16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cabO16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) -
http://www.zuvio.com/UCSearch.CABO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cabO16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) -
http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cabO16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) -
https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cabO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
med hijackthis fandt den dette her