XP and ...yyy34.html hijack

Question

bogaertb 0 Newbie Poster

18 Years Ago

Hi,

I've been reading posts in this forum since I'm faced with this hijack too. I've been trying some adware/spyware programs but no luck. So before starting some 'rescue' operations I would like to post the requested logs:

Logfile of HijackThis v1.99.1
Scan saved at 23:03:28, on 22/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackithis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/index.html?new_lang=nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RunDLL] -
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} -
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E7E8EAE-71FF-11D3-B4D2-0060086460F0} (ElementMisterCash1 Class) -
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: bw+0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {25E6FBD9-1B0C-4BE4-B0C6-26BE0C3CC5E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\g6jolg1316.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Sorry for the Dutch but 'Schoongemaakt met een backup' means 'cleaned with backup'.


---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------


+ Gemaakt op:           1:02:41, 23/10/2005
+ Rapport samenvatting:     450790F2


+ Scan resultaten:


HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Schoongemaakt met een backup
HKU\S-1-5-21-1417001333-484763869-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Schoongemaakt met een backup
[2276] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Fout gedurende het schoonmake
:mozilla.8:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Adtech : Schoongemaakt met een backup
:mozilla.9:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Adtech : Schoongemaakt met een backup
:mozilla.17:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.18:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.20:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup
:mozilla.23:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Hotlog : Schoongemaakt met een backup
:mozilla.34:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Qksrv : Schoongemaakt met een backup
:mozilla.47:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.48:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.49:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.50:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.51:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Trafic : Schoongemaakt met een backup
:mozilla.52:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.62:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.71:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Lop : Schoongemaakt met een backup
:mozilla.77:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.88:C:\Documents and Settings\Bart\Application Data\Mozilla\Profiles\default\mmtv3k83.slt\cookies.txt -> Spyware.Cookie.Qksrv : Schoongemaakt met een backup
:mozilla.12:C:\Documents and Settings\Bart\Application Data\Thunderbird\Profiles\default.5aw\cookies.txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Cookies\bart@ad.i12[2].txt -> Spyware.Cookie.I12 : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Cookies\bart@austria.oewabox[1].txt -> Spyware.Cookie.Oewabox : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Cookies\bart@tiscover.oewabox[1].txt -> Spyware.Cookie.Oewabox : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Local Settings\Temp\Cookies\bart@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Local Settings\Temp\Cookies\bart@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Local Settings\Temp\Cookies\bart@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\Documents and Settings\Bart\Local Settings\Temporary Internet Files\Content.IE5\VEW3ZT0P\msresearch[1].exe -> Spyware.Hijacker.Generic : Schoongemaakt met een backup
C:\Documents and Settings\Evert\.jpi_cache\jar\1.0\archive.jar-487b52a0-18c3a39f.zip/BlackBox.class -> TrojanDropper.Beyond.g : Schoongemaakt met een backup
C:\Documents and Settings\Evert\.jpi_cache\jar\1.0\archive.jar-487b52a0-18c3a39f.zip/Beyond.class -> TrojanDropper.Beyond.g : Schoongemaakt met een backup
:mozilla.7:C:\Documents and Settings\Evert\Application Data\Mozilla\Profiles\default\epek3c3u.slt\cookies.txt -> Spyware.Cookie.Porngraph : Schoongemaakt met een backup
:mozilla.8:C:\Documents and Settings\Evert\Application Data\Mozilla\Profiles\default\epek3c3u.slt\cookies.txt -> Spyware.Cookie.Porngraph : Schoongemaakt met een backup
:mozilla.12:C:\Documents and Settings\Evert\Application Data\Mozilla\Profiles\default\epek3c3u.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Schoongemaakt met een backup
:mozilla.6:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
:mozilla.7:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
:mozilla.11:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.15:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.16:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.17:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.18:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.26:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.35:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Tradedoubler : Schoongemaakt met een backup
:mozilla.41:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
:mozilla.45:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.46:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.47:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.48:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.49:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.50:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.51:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.57:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.58:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.59:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
:mozilla.70:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup
:mozilla.84:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.88:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.89:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.97:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
:mozilla.98:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
:mozilla.99:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
:mozilla.104:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup
:mozilla.105:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup
:mozilla.106:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup
:mozilla.107:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup
:mozilla.111:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Bluestreak : Schoongemaakt met een backup
:mozilla.119:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.131:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.139:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.140:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.150:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.153:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.184:C:\Documents and Settings\Mieke\Application Data\Mozilla\Firefox\Profiles\default.0w9\cookies.txt -> Spyware.Cookie.Smartadserver : Schoongemaakt met een backup
:mozilla.7:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Adtech : Schoongemaakt met een backup
:mozilla.8:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Adtech : Schoongemaakt met een backup
:mozilla.18:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.19:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
:mozilla.22:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup
:mozilla.41:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Qksrv : Schoongemaakt met een backup
:mozilla.52:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.53:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.54:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.55:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.56:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.60:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.63:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.64:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.79:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.80:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.81:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.84:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
:mozilla.85:C:\Documents and Settings\Mieke\Application Data\Mozilla\Profiles\default\fchdprav.slt\cookies.txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
C:\Documents and Settings\Mieke\Cookies\mieke@112.2o7[2].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
C:\Documents and Settings\Mieke\Cookies\mieke@ads06.bpath[1].txt -> Spyware.Cookie.Bpath : Schoongemaakt met een backup
C:\Documents and Settings\Mieke\Cookies\mieke@com[2].txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
C:\Documents and Settings\Mieke\Cookies\mieke@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Schoongemaakt met een backup
C:\Documents and Settings\Mieke\Cookies\mieke@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\WINDOWS\msresearch.exe -> Spyware.Hijacker.Generic : Schoongemaakt met een backup
C:\WINDOWS\system32\HotVideo_be-uninstall.exe -> Dialer.Generic : Schoongemaakt met een backup
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Spyware.Look2Me : Schoongemaakt met een backup
:mozilla.12:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
:mozilla.18:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
:mozilla.19:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.29:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.30:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.31:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.35:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.68:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
:mozilla.69:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.70:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.72:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.73:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.74:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.75:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.76:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.78:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.79:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.80:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
:mozilla.83:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Schoongemaakt met een backup
:mozilla.87:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Spylog : Schoongemaakt met een backup
:mozilla.92:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
:mozilla.98:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.99:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
:mozilla.100:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
:mozilla.101:G:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\ut8r5xap.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup



::End rapport

windows-virus

Edited 11 Years Ago by happygeek because: fixed formatting

3 Contributors
3 Replies
1K Views
1 Week Discussion Span
Latest Post 18 Years Ago Latest Post by blashyrk

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jermaldan 0 Newbie Poster · Answer 1 · 2005-10-23T20:17:14+00:00

Had the same issue... untill today!!

This may help...

Please download WebRoot SpySweeper from http://www.webroot.com/downloads/ (It's a 2 week trial):
Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, close SpySweeper for now.
Reboot to safe mode.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Open SpySweeper again, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.

See if this helps and notice how long it will be before you get popups(if any)

bogaertb 0 Newbie Poster · Answer 2 · 2005-10-24T01:07:21+00:00

Hi,

Thanks for this information. I actually managed to get rid of this annoying pop-up in almost exactly the same way you have described. I did continue a search on the web and came across

http://www.pcreview.co.uk/forums/thread-2198996.php

This site mentioned using Ccleaner.

All the best

blashyrk 0 Newbie Poster · Answer 3 · 2005-11-04T13:54:59+00:00

I used Panda Internet Security 2006 to remove the AT.144 virus, which appeared to be downloading spyware and adware continually

Browser windows kept opening in IE (even in safe mode with nothing open) and Opera. With links that usually had a variety of domain names with the html files yyy34.html and yyy54.html. I tried everything I could think of. I restarted many times, killing absolutely all non-essential processes, but some application/virus behind the scenes was not budging.

I ended up finding at least an estimated 50 spyware/adware infections over the total. New infections kept appearing. There was a virus on there, but I didn't know how to remove it I tried many products. I found one virus which only "Panda Internet Security 2006 /w updates" could detect (it also cleaned it). Non of the other antivirus/antispyware products could find this. It was called AT.144. Norton Antivirus found a few viruses, but couldn't stop the main application virus from downloading more and more adware/spyware.

I used "Panda Internet Security 2006" and did a complete scan after updating to the latest definitions. Panda works fantastic. Prior to installing Panda Internet Security, I tried "Panda Anti-Virus Titanium", but that didn't fix it (despite updating). Since "Panda Internet Security" combines anti-virus with anti-spyware, I don't have to worry about having any other resource
hungry anti-virus applications on the machine.

I found a couple of viruses on the computer with some anti-spyware applications. The applications I used to remove a lot of the viruses that were downloaded by the spyware are:

Itty Bitty Process Manager IE-SPYAD Kill2Me.exe (remover) l2mfix.exe miniremoval_coolwebsearch_smartkiller.exe Spyware Blaster Bugoff X-RayPC (block.com) HiJackThis CWShredder CleanCache Spybot Norton Antivirus

I used norton antivirus initially (I did at least four full-system scanns (on high heuristics mode), and that found a heap of viruses and spyware, but no matter how many times I scanned, the IE windows kept popping up. In the end, Panda Antivirus found and deleted the AT.144 virus.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I also received a number of cookies that may be related to this unknown virus, but then again, this could just be remnants of some of the spyware that was installed.

z1.adserver.com .yadro.ru .xiti.com .www.myaffiliateprogram.com .tribalfusion.com .toplist.cz .centrport.net spylog.com dist.belnk.com .casalemedia.com .urstnet.com .belnk.com .statcounter.com stat.onestat.com .ads.pointroll.com .adopt.hbmediapro.com .2o7.net z1.adserver.com and "com.com"

I found that I was infected by the AT.144 virus, which infected cmdinst.exe in my temporary folder of the current user. There were a number of infected DLLs which were disinfected, in addition to several registry entries used for "Add/Remove Programs caching" (ARPCACHE), http://www.superwin.com/arpcache.htm

Potentially unwanted program detecte... On-demand antivirus scan 10/25/05 12:48:18 Deleted Path: C:\WINDOWS\system32\Process.exe
Adware detected: Adware/Look2Me On-demand antivirus scan 10/25/05 12:46:11 Disinfected Path: C:\WINDOWS\system32\fp2q03f5e.dll
Potentially unwanted program detecte... On-demand antivirus scan 10/25/05 12:30:51 Notified Path: C:\temp\l2mfix\l2mfix\Process.exe
Suspicious file On-demand antivirus scan 10/25/05 11:38:57 Moved File: C:\Program Files\general\opera\Cache4\opr007XO.exe
Suspicious file On-demand antivirus scan 10/25/05 11:38:55 Moved File: C:\Program Files\general\opera\Cache4\opr007NI.exe
Adware detected: Adware/Sqwire On-demand antivirus scan 10/25/05 11:19:59 Disinfected Path: C:\Program Files\Common Files\mfom\mfomd\mfomc.dll
Adware detected: Adware/ISearch On-demand antivirus scan 10/25/05 11:02:30 Disinfected Path: C:\mte3ndi6odoxng.exe
Adware detected: Adware/ISearch On-demand antivirus scan 10/25/05 10:59:44 Disinfected Path: C:\Documents and Settings\oceanborn\Local Settings\Temp\cmdinst.exe
Virus detected: AT.144 On-demand antivirus scan 10/25/05 10:57:55 Moved Path: C:\Documents and Settings\oceanborn\Desktop\zip\MyNewsGroups-0.6b.zip[layersmenu.inc.php]
[Process.exe]
Adware detected: Adware/Look2Me Antivirus protection 10/25/05 10:44:30 Disinfected Path: c:\windows\system32\ho23msp.dll