Logfile of HijackThis v1.99.1
Scan saved at 20:53:06, on 09-06-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\wuampkd.exe
C:\WINDOWS\System32\wupaderees.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\secsvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchmiracle.com/sp.phpR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://signon.stofanet.dk/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmer\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmer\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmer\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebgs32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [System Event Manager] secsvc.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\RunServices: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) -
https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cabO16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) -
http://asp07.photoprintit.de/microsite/defaults/activex/ImageUploader3.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe