Oh, sorry i found it. I have so many icons on my desktop that im a little confused
Deckard's System Scanner v20071014.68
Run by mateja on 2007-10-27 14:30:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 256 MiB (512 MiB recommended).
-- HijackThis (run as mateja.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:41, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TWINTO~1\MouseElf.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TwinTouch LuxeMate\EMouse.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Namizje\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mateja.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CFG1400U] Cfg1400U.exe -USB -REINIT
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Audio Device Manager] winfp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:
http://www.rtvslo.si
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/262623ceedb9c32ffb05/netzip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177001410476
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) -
http://advisor.futuremark.com/global/msc311.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A401403-500F-4C57-B6BE-FDA1D08079A2}: NameServer = 193.189.160.13 193.189.160.23
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
--
End of file - 7793 bytes
-- Files created between 2007-09-27 and 2007-10-27 -----------------------------
2007-10-23 20:16:32 51200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 19:45:47 0 -----n--- C:\WINDOWS\system32\ntkrpamp.exe
2007-10-23 19:45:47 0 -----n--- C:\WINDOWS\system32\ntkrnlmp.exe
2007-10-23 19:14:31 0 d-------- C:\WINDOWS\ERUNT
2007-10-22 20:53:33 0 d-------- C:\91abc3f5e86774baf905
2007-10-22 18:04:31 0 d-------- C:\Program Files\Trend Micro
2007-10-22 16:57:02 0 d-------- C:\Program Files\RegistryFix
2007-10-21 16:47:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-21 16:36:37 0 d-------- C:\47999ed27b6b3619973bc500e450a97a
2007-10-21 16:32:18 0 d-------- C:\7262a8ee43e7f36fa7edf0
2007-10-20 18:23:09 0 d-------- C:\WINDOWS\system32\SYSTEM32
2007-10-20 18:22:49 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\WINDOWS
2007-10-20 18:22:48 0 d-------- C:\WINDOWS\system32\Cache
2007-10-20 18:22:39 0 d-------- C:\WINDOWS\system32\Logfiles
2007-10-20 16:02:09 0 d-------- C:\Program Files\Support Tools
2007-10-20 14:29:53 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Lavasoft
2007-10-20 14:29:35 0 d-------- C:\Program Files\Lavasoft
2007-10-20 10:43:44 61952 --a------ C:\WINDOWS\system32\nabapi32.dll <Not Verified; Netscape Communications Corporation; Netscape Communications Address Book API>
2007-10-20 10:43:27 633555 --a------ C:\WINDOWS\cd32.exe
2007-10-20 10:42:48 0 d-------- C:\Program Files\Netscape
2007-10-20 10:41:59 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-10-20 09:58:38 0 d-------- C:\Inetpub
2007-10-19 13:29:35 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-09-30 00:13:22 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Empire XP
2007-09-29 12:06:04 0 d-------- C:\Program Files\TVUPlayer
2007-09-28 12:46:31 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\AdobeUM
-- Find3M Report ---------------------------------------------------------------
2007-10-20 22:08:07 33914 --a------ C:\WINDOWS\nsreg.dat
2007-10-20 18:26:34 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Adobe
2007-10-20 18:23:03 0 d-------- C:\Program Files\Maxis
2007-10-20 18:23:03 0 d-------- C:\Program Files\JoWooD
2007-10-20 18:23:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 18:23:03 0 d-------- C:\Program Files\Infogrames
2007-09-30 00:08:28 0 d-------- C:\Program Files\Common Files
2007-09-29 23:45:33 0 d-------- C:\Program Files\Red Storm Entertainment
2007-09-28 12:45:27 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Real
2007-09-22 16:22:26 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\SopCast
2007-09-19 20:55:49 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\TVU Networks
2007-09-19 17:17:15 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Skype
2007-09-16 09:49:15 33600 --a------ C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\GDIPFONTCACHEV1.DAT
2007-09-15 19:31:21 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Help
2007-09-15 17:37:14 274432 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-09-14 23:48:23 0 d-------- C:\Program Files\Office10
2007-09-14 21:54:26 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\DivX
2007-09-14 20:53:42 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Macromedia
2007-09-14 20:53:33 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Google
2007-09-14 20:50:23 0 dr-h----- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\yahoo!
2007-09-14 18:22:31 0 d-------- C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Application Data\Identities
2007-09-12 19:00:48 244448 --a------ C:\WINDOWS\system32\eb51704c.sys
2007-09-12 18:41:10 244448 --a------ C:\WINDOWS\system32\2ba079ec.sys
2007-09-12 17:08:53 244448 --a------ C:\WINDOWS\system32\c4a674d2.sys
2007-09-12 16:11:26 244448 --a------ C:\WINDOWS\system32\b4e8ede8.sys
2007-09-12 13:19:11 244448 --a------ C:\WINDOWS\system32\7714b2d6.sys
2007-09-12 11:18:03 244448 --a------ C:\WINDOWS\system32\8ea95e8a.sys
2007-09-12 10:39:10 244448 --a------ C:\WINDOWS\system32\1f17d506.sys
2007-09-12 00:07:26 244448 --a------ C:\WINDOWS\system32\42617506.sys
2007-09-10 01:03:08 0 d-------- C:\Program Files\MSN Messenger
2007-09-09 14:22:12 0 d-------- C:\Program Files\Messenger
2007-09-08 16:00:36 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-09-08 14:37:47 0 d-------- C:\Program Files\RogueRemover PRO
2007-09-08 13:31:10 0 d-------- C:\Program Files\Movie Maker
2007-09-08 13:22:06 0 d-------- C:\Program Files\Windows NT
2007-08-31 20:32:00 0 d-------- C:\Program Files\MSECache
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFG1400U"="Cfg1400U.exe" []
"mouseElf"="C:\PROGRA~1\TWINTO~1\MouseElf.EXE" [26.08.2004 02:45]
"nwiz"="nwiz.exe" [22.10.2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [22.10.2006 12:22]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22.10.2006 12:22]
"Audio Device Manager"="winfp.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12.09.2006 01:58]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [05.09.2006 18:28]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03.01.2007 13:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [15.09.2007 17:37]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30.11.2006 22:49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B778645D-B2A0-48E5-8E43-04B02CA3EA9D}"= C:\WINDOWS\Help\425D8586.DLL [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-10-27 14:31:43 ------------
xpsp2res.dll,-22019"