Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Something's wrong .. plz check my HJ Log

1K views 7 replies 2 participants last post by  MFDnNC 
#1 ·
Logfile of HijackThis v1.99.0
Scan saved at 01:35:55, on 2006-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\D-Link\DGE-530T\dlnetst.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\lg_fwupdate\fwupdate.exe
C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\totalcmd\TOTALCMD.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
G:\Utdelat\Program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nst.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLink Control Panel Silent] rundll32 dlnetcp.cpl,SilentCall
O4 - HKLM\..\Run: [DLink System Tray] C:\Program\D-Link\DGE-530T\dlnetst.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LGODDFU] C:\Program\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program\bet365MPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141061267437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
 
See less See more
#2 ·
What's wrong is You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

===============
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
 
#3 ·
as topic says AVG found a virus and i put it avg vault, what should i do next?

Here's new HJ log and Ewido:

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:01:28, 2006-04-02
+ Report-Checksum: ABF63E4C

+ Scan result:

C:\Documents and Settings\Kuno\Cookies\kuno@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kuno\Cookies\kuno@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.0
Scan saved at 18:39:15, on 2006-04-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\D-Link\DGE-530T\dlnetst.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\lg_fwupdate\fwupdate.exe
C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\totalcmd\TOTALCMD.EXE
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Internet Explorer\iexplore.exe
G:\Temp\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nst.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLink Control Panel Silent] rundll32 dlnetcp.cpl,SilentCall
O4 - HKLM\..\Run: [DLink System Tray] C:\Program\D-Link\DGE-530T\dlnetst.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LGODDFU] C:\Program\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program\bet365MPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141061267437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
 
#6 ·
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 
#7 ·
********
01:20: | Start of Session, den 6 april 2006 |
01:20: Spy Sweeper started
01:20: Sweep initiated using definitions version 650
01:20: Starting Memory Sweep
01:23: Memory Sweep Complete, Elapsed Time: 00:02:53
01:23: Starting Registry Sweep
01:23: Registry Sweep Complete, Elapsed Time:00:00:15
01:23: Starting Cookie Sweep
01:23: Found Spy Cookie: yieldmanager cookie
01:23: kuno@ad.yieldmanager[2].txt (ID = 3751)
01:23: Found Spy Cookie: falkag cookie
01:23: kuno@as-us.falkag[1].txt (ID = 2650)
01:23: Found Spy Cookie: burstnet cookie
01:23: kuno@burstnet[2].txt (ID = 2336)
01:23: Found Spy Cookie: clickbank cookie
01:23: kuno@clickbank[1].txt (ID = 2398)
01:23: Found Spy Cookie: fastclick cookie
01:23: kuno@fastclick[1].txt (ID = 2651)
01:23: Found Spy Cookie: imrworldwide.com cookie
01:23: kuno@imrworldwide[2].txt (ID = 2845)
01:23: Found Spy Cookie: webtrends cookie
01:23: kuno@m.webtrends[2].txt (ID = 3669)
01:23: Found Spy Cookie: 2o7.net cookie
01:23: kuno@microsofteup.112.2o7[1].txt (ID = 1958)
01:23: Found Spy Cookie: statcounter cookie
01:23: kuno@statcounter[2].txt (ID = 3447)
01:23: Found Spy Cookie: tacoda cookie
01:23: kuno@tacoda[1].txt (ID = 6444)
01:23: Found Spy Cookie: tradedoubler cookie
01:23: kuno@tradedoubler[1].txt (ID = 3575)
01:23: Found Spy Cookie: tribalfusion cookie
01:23: kuno@tribalfusion[1].txt (ID = 3589)
01:23: Cookie Sweep Complete, Elapsed Time: 00:00:00
01:23: Starting File Sweep
01:28: Warning: Failed to open file "c:\system volume information\_restore{5cec9618-8ccd-43a2-b21c-6a7135eef21d}\rp95\a0007962.dll". Åtkomst nekad
01:51: Found System Monitor: potentially rootkit-masked files
01:51: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0)
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Unhandled Archive Type
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:51: Warning: Invalid file - not a PKZip file
01:54: Warning: Unable to sweep compressed file: System Error. Code: 8.
Det finns inte tillräckligt med ledigt minne för att utföra kommandot
01:54: Warning: Unable to sweep compressed file: System Error. Code: 5.
Åtkomst nekad
01:54: File Sweep Complete, Elapsed Time: 00:30:31
01:54: Full Sweep has completed. Elapsed time 00:33:42
01:54: Traces Found: 13
01:56: Removal process initiated
01:56: Quarantining All Traces: potentially rootkit-masked files
01:56: potentially rootkit-masked files is in use. It will be removed on reboot.
01:56: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot.
01:56: Quarantining All Traces: 2o7.net cookie
01:56: Quarantining All Traces: burstnet cookie
01:56: Quarantining All Traces: clickbank cookie
01:56: Quarantining All Traces: falkag cookie
01:56: Quarantining All Traces: fastclick cookie
01:56: Quarantining All Traces: imrworldwide.com cookie
01:56: Quarantining All Traces: statcounter cookie
01:56: Quarantining All Traces: tacoda cookie
01:56: Quarantining All Traces: tradedoubler cookie
01:56: Quarantining All Traces: tribalfusion cookie
01:56: Quarantining All Traces: webtrends cookie
01:56: Quarantining All Traces: yieldmanager cookie
01:56: Removal process completed. Elapsed time 00:00:37
********
01:17: | Start of Session, den 6 april 2006 |
01:17: Spy Sweeper started
01:18: Your spyware definitions have been updated.
01:20: | End of Session, den 6 april 2006 |

Logfile of HijackThis v1.99.0
Scan saved at 01:58:29, on 2006-04-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\D-Link\DGE-530T\dlnetst.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\lg_fwupdate\fwupdate.exe
C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\totalcmd\TOTALCMD.EXE
G:\Temp\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nst.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLink Control Panel Silent] rundll32 dlnetcp.cpl,SilentCall
O4 - HKLM\..\Run: [DLink System Tray] C:\Program\D-Link\DGE-530T\dlnetst.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LGODDFU] C:\Program\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program\bet365MPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141061267437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top