hijack log help me!

**summergame** · 07-12-2005

Logfile of HijackThis v1.99.1
Scan saved at 12:37:56, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.longhair.be/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.morisoft.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldeayuda.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Lucie\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucie\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.morisoft.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122643593347
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

**Neal** · 07-12-2005

Looky what i found: 81D95302916EC3B2.job

That is a LOP infection, hopefully this will make things better somewhat.

Download: Microsoft Task Scheduler Command Line Utility

http://mvps.org/winhelp2002/jt.zip

Unzip and copy jt.exe to your Windows folder.

Open Notepad, copy and paste the below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

@echo off
jt / sd 81D95302916EC3B2.job

Copy KillJobs.bat to your Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)

Reboot

Plus you appear to be running two anti-virus programs, uninstall one of them, problems will occur if you don't and may already have.

Thanks

**summergame** · 12-12-2005

hmm the program doesn't want to work if i start what i have saved my printer prints al white pages without a text...

**Neal** · 12-12-2005

What?

Be more specific please

**summergame** · 13-12-2005

well if i do what you've said and open notepad and open the running than comes an ms-dos mode window and a cursor is pinkin over the ms dos window and my printer goes tilt and printet al blanc pages

**Neal** · 13-12-2005

Hi,

uninstall spysweeper and go get it again, I think there is a new version out there now and post the log it makes.

www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
* Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

**summergame** · 14-12-2005

spy sweeper isn't change but with the scan found much!

------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 14, 2005 14:11:11
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 14/12/2005
Kaspersky Anti-Virus database records: 165076
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 103239
Number of viruses found: 7
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 4572 sec

Infected Object Name - Virus Name
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip/release.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip/release.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip/release.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip/release.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip/release.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\My Shared Folder\liedjes lucie\[PC GAME NO CD] Lord of the Rings Battle for Middle Earth.zip Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373062.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373062.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373062.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373062.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373062.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373063.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373063.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373063.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373063.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373063.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373064.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373064.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373064.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373064.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP178\A0373064.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP179\A0373654.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP179\A0373662.exe/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP179\A0373662.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP179\A0373662.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{0028B8E1-D0CE-4CD3-B606-47D55BD0386E}\RP180\A0373805.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616

Scan process completed.

**Neal** · 15-12-2005

OK thanks,

Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.

5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

also

Internet Explorer required
http://housecall-beta.trendmicro.com/en/start_corp.asp

take note of anything it finds that can not be deleted please.

**summergame** · 15-12-2005

Logfile of HijackThis v1.99.1
Scan saved at 15:00:01, on 15/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.longhair.be/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.morisoft.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldeayuda.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Lucie\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucie\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.morisoft.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122643593347
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

**summergame** · 15-12-2005

ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 14:52:27, 15/12/2005
+ Rapport samenvatting: 65DE2C0B

+ Scan resultaten:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Schoongemaakt met een backup
HKU\S-1-5-21-1960408961-842925246-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wflikiajslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wflowodpmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wfmywgdjwlq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wgkyckajwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wjk4gncpmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wjk4ukdzedp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@e-2dj6wjnysjcjmaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Cookies\lucie@statcounter[1].txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
C:\Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\UL0BW94H\mm[1].js -> Spyware.Chitika : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@burstnet[1].txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@e-2dj6wfk4opcjaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@e-2dj6wfkochd5cfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@e-2dj6wgk4woczgcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@e-2dj6wgkigkcpkao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Melina\Cookies\melina@e-2dj6wjk4umdzieq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\temp\Cookies\melina@stat.onestat[1].txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup

::Einde rapport

hijack log help me!

Re: hijack log help me!

Similar Threads

Browser Hijack - Localhost Hijack

about:blank hijack - Hijack this log