ny Hijackthislog
Logfile of HijackThis v1.99.1
Scan saved at 5:52:55 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRAM FILES\WINAMP\winampa.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Klaus\My Documents\KP\Hijackthis\HJT.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ni.dk/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAM FILES\WINAMP\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Get It With Kontiki -
res://C:\PROGRAM FILES\KONTIKI\BIN\BH304041.DLL/201
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00001} (Sydbanks NetBank) -
https://netbank.sydbank.dk/ssydbankibp1500ib100.cabO16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00001} (Sydbanks NetBank) -
https://netbank.sydbank.dk/ssydbankibp1700ib100.cabO16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) -
https://netbank.sydbank.dk/ssydbankibp1800ib100.cabO16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) -
https://netbank.sydbank.dk/ssydbankibp1900ib100.cabO16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exeO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
og Smitfiles
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 01/22/2006
The current time is: 13:34:21.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
SpyAxe
~~~ Shortcuts ~~~
Online Security Guide.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 764 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Guide.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
og filen fra Panda
Incident Status Location
Dialer:dialer.bew Not disinfected C:\WINDOWS\SYSTEM32\search.html
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\q17i9a4j.exe
Adware:adware/wupd Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinAdCtlX.dll
Adware:adware/mediatickets Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaTicketsInstaller.ocx
Adware:adware/cws.oslogo Not disinfected C:\Documents and Settings\Klaus\Favorites\LINKS\Search with pleasure.url
Adware:adware/twain-tech Not disinfected C:\WINDOWS\TWAINTEC.INI
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\ALCHEM.INI
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall4_50.exe
Adware:adware/searchaid Not disinfected C:\WINDOWS\dict.dat
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\bbchk.exe
Adware:adware/aureate-radiate Not disinfected C:\PROGRAM FILES\MediaRing Talk
Adware:adware/ncase Not disinfected C:\PROGRAM FILES\180Solutions
Adware:adware/dyfuca Not disinfected Windows Registry
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\SPYAXE
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Klaus\Cookies\klaus@adtech[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Klaus\Cookies\klaus@mediaplex[1].txt
Dialer:Dialer.MR Not disinfected C:\WINDOWS\SYSTEM\test.exe
Virus:Bck/Jeemp.B Disinfected C:\WINDOWS\SYSTEM32\msrexe.0xe.mwt
Virus:Trj/Downloader.LV Disinfected C:\WINDOWS\SYSTEM32\child.dll.mwt
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM32\q17i9a4j.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM32\qh4mkbv9.dll
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\SYSTEM32\instsrv.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\70tovmto.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_50.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\XUFQBMD.EXE.tcf
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\rjdlecde\tlrhpnpc\natttntb.exe
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\rjdlecde\rpnhbeplnl\fctrtnnnp.exe
Adware:Adware/Superbar Not disinfected C:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab[SuperBarInstall.exe]
Adware:Adware/IPInsight Not disinfected C:\undo\backup.cab[ALCHEM.INF]
Adware:Adware/Twain-Tech Not disinfected C:\undo\backup.cab[TWAINTEC.INF]
Virus:Bck/Agent.BU Disinfected C:\Documents and Settings\Klaus\My Documents\KP\Hijackthis\backups\backup-20041119-183123-879.dll.mwt
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Klaus\My Documents\KP\Hijackthis\backups\backup-20041119-183123-776.dll
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Klaus\My Documents\KP\Hijackthis\backups\backup-20041119-183124-978.inf
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Klaus\My Documents\KP\Hijackthis\backups\backup-20041119-183124-938.inf
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Klaus\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Klaus\Desktop\smitRem\Process.exe
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Klaus\Cookies\klaus@adtech[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Klaus\Cookies\klaus@mediaplex[1].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Klaus\Application Data\petc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Klaus\smitRem\Process.exe
Virus:W32/Sobig.B Disinfected Lokale mapper\Slettet post\Re: My application\screen_temp.pif
det var ikke muligt at gemme loggen fra Ewido
:-(
