running process. (.EXE)
Added as a result of the BLACKMAL VIRUS!
I have ran all of my anti spyware program as well as my F-secure AV but find nothing.
So, what do i do about this, all tips and hints are very appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 15:47:53, on 2005-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1
.EXE
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Mouse Driver\mouse_2k.exe
C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.
exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\NovaStor\NovaBACKUP\NSENGINE.exe
C:\Program\TGTSoft\StyleXP\StyleXP.exe
D:\framxpro\FreeRAM XP Pro 1.40.exe
C:\Program\F-Secure\BackWeb\7681197\program\F-Secure
Automatic Update.exe
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Winamp\Winamp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
D:\Div. Program\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer -
{C333CF63-767F-4831-94AC-E683D962C63C} -
C:\Program\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program\Mouse
Driver\mouse_2k.exe
O4 - HKLM\..\Run: [F-Secure Manager]
"C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB]
"C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL
/WAITFORSW
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy
Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP]
C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [FreeRAM XP] "D:\framxpro\FreeRAM XP
Pro 1.40.exe" -win
O4 - Global Startup: F-Secure Automatic Update.lnk =
C:\Program\F-Secure\BackWeb\7681197\program\F-Secure
Automatic Update.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.ht
ml
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:
c:\program\bulletproofsoft.com\bps spyware & adware
remover\apptoport.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32}
(DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
(HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
(StagingUI Object) -
http://zone.msn.com/...agingUI.cab3412
0.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9}
(asusTek_sysctrl Class) -
http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zon...essengerStatsPA
Client.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
(ZoneBuddy Class) -
http://zone.msn.com/...ZBuddy.cab32846
.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
(MSN Photo Upload Tool) -
http://by13fd.bay13....ources/MsnPUpld.
cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3}
(ZonePAChat Object) -
http://zone.msn.com/...PAChat.cab32846.
cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.micros...v6/V5Controls/e
n/x86/client/wuweb_site.cab?1119979520562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai...001/housecall.t
rendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
http://www.bitdefend...bitdefender.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7}
(FileSharingCtrl Class) -
http://appdirectory....pDirectory/P4Ap
ps/FileSharing/sv/filesharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://www.pandasoft...s5free/asinst.c
ab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
(CRAVOnline Object) -
http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...nmessengersetup
downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://zone.msn.com/...tro.cab34246.ca
b
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
(ASquaredScanForm Element) -
http://www.windowsec...scan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8}
(CBreakshotControl Class) -
http://messenger.zon...nkshot.cab31267
.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0}
(CBankshotZoneCtrl Class) -
http://zone.msn.com/...zpa_pool.cab361
07.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
(StadiumProxy Class) -
http://zone.msn.com/...roxy.cab35645.c
ab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3}
(ZPA_Backgammon Object) -
http://zone.msn.com/...s/ZPA_Backgammo
n.cab36385.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service
(ATKKeyboardService) - ASUSTeK COMPUTER INC. -
C:\WINDOWS\ATKKBService.exe
O23 - Service: F-Secure Automatic Update (BackWeb
Plug-in - 7681197) - BackWeb Technologies Inc.
-
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1
.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter -
F-Secure Corp. -
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure
Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. -
C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.
exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon
(FSDFWD) - F-Secure Corporation -
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) -
F-Secure Corporation -
C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program\Delade
filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NsEngine - Unknown owner -
C:\Program\NovaStor\NovaBACKUP\NSENGINE.exe
O23 - Service: Sandra Data Service (SandraDataSrv) -
SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra
Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware
- C:\Program\SiSoftware\SiSoftware Sandra Professional
2005\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent
Service (default)) - Analog Devices, Inc. - C:\Program\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner -
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine
(svcWRSSSDK) - Webroot Software, Inc. -
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe