1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked

Discussion in 'Virus & Other Malware Removal' started by Allypalla, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. Allypalla

    Allypalla Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    1
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:28, on 2010-04-19
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\Program\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe
    C:\Program\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Creative\Shared Files\CTAudSvc.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe
    C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
    C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE
    C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
    C:\Program\Analog Devices\Core\smax4pnp.exe
    C:\Program\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program\iTunes\iTunesHelper.exe
    E:\Volume Panel\VolPanlu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Windows Live\Messenger\msnmsgr.exe
    C:\Program\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    C:\Documents and Settings\Webmaster\Lokala inställningar\Apps\2.0\6JE57PEA.A7N\ZA834L4B.VY1\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Panda Software\Panda Internet Security 2007\WebProxy.exe
    C:\Program\Windows Live\Contacts\wlcomm.exe
    C:\Program\Panda Software\Panda Internet Security 2007\PavBckPT.exe
    C:\Program\Internet Explorer\IEXPLORE.EXE
    C:\Program\Internet Explorer\IEXPLORE.EXE
    C:\Program\Windows Live\Toolbar\wltuser.exe
    C:\Program\Internet Explorer\IEXPLORE.EXE
    C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program\Internet Explorer\IEXPLORE.EXE
    C:\Program\Panda Software\Panda Internet Security 2007\psimreal.exe
    C:\Documents and Settings\Webmaster\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Webmaster\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Webmaster\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?q={searchTerms}&mkt=sv-SE&FORM=MICVE5
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Internet Security 2007\Inicio.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VolPanel] "E:\Volume Panel\VolPanlu.exe" /r
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Webmaster\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] E:\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: CurseClientStartup.ccip
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: mlJDsSLC - mlJDsSLC.dll (file missing)
    O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program\Delade filer\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program\Delade filer\Creative Labs Shared\Service\MT6Licensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe
    O24 - Desktop Component 1: (no name) - http://www.google.se/
    O24 - Desktop Component 2: (no name) - http://www.klocka.nu/
    O24 - Desktop Component 3: (no name) - http://www.golf.se/
    --
    End of file - 12865 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijacked
  1. genubi
    Replies:
    0
    Views:
    328
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917843

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice