Logfile of HijackThis v1.99.1
Scan saved at 16:19:48, on 2007-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe
C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Xarina\Skrivbord\Rats\PI2.2.0.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\PROGRAM\Mozilla Firefox\firefox.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Documents and Settings\Xarina\Skrivbord\Setup Filer\osten.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Funkvc] C:\DOCUME~1\Xarina\APPLIC~1\KNOBBI~1\Warngramteam.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun
O4 - Startup: SMS Messenger.lnk = C:\Program\SMS Messenger\SmsMessenger.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)